virus/spyware/trojan or malware - unknown name

I have picked up a virus that will not let me open any microsoft programs or IE, although it appears IE is running in the background, anytime i try and update/load any security via a CD as cant access IE it stops it before its completed.

IE properties says Explorer isnt your default browser and everytime i change it back to default IE it changes back again.

I have run Hijack and Malwarebytes and this is the log before i cleaned up x4 adware infections.

Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:01, on 15/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Dell\E-Center\EULALauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Belkin\F5D8053\v6\BelkinWCUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Empty
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5070908
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Sky Broadband
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ErrorWiz] C:\Program Files\ErrorWiz\ErrorWiz.exe /scan
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://beta4.expertagent.co.uk/EA/Print/smsx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260899046750
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260899188968
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://frostowa.no-ip.org/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = frostbanstead.local
O17 - HKLM\Software\..\Telephony: DomainName = frostbanstead.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = frostbanstead.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = frostbanstead.local
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Belkin Wifi Service - Unknown owner - C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12143 bytes

Malwarebytes Log after clean up

Malwarebytes' Anti-Malware 1.42
Database version: 3371
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

16/12/2009 02:09:01
mbam-log-2009-12-16 (02-09-01).txt

Scan type: Quick Scan
Objects scanned: 154160
Time elapsed: 18 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

Here are the two reports as requested - thank you

DDS (Ver_09-12-01.01) - NTFSx86
Run by johns at 16:46:25.70 on 16/12/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1085 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Dell\E-Center\EULALauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Belkin\F5D8053\v6\BelkinWCUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\johns\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.sky.com
uWindow Title = Windows Internet Explorer provided by Sky Broadband
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ErrorWiz] c:\program files\errorwiz\ErrorWiz.exe /scan
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\johns\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\docume~1\johns\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d9050\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~2.lnk - c:\program files\belkin\f5d8053\v6\BelkinWCUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_17.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://beta4.expertagent.co.uk/EA/Print/smsx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260899046750
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260899188968
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://frostowa.no-ip.org/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-10-4 58048]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 Belkin Wifi Service;Belkin Wifi Service;c:\program files\belkin\f5d8053\v6\WifiSvc.exe [2009-12-4 274432]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2007-10-4 102463]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-10-4 108256]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-10-4 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-10-4 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-18 133104]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2009-12-4 584832]

=============== Created Last 30 ================

2009-12-15 23:16:11 0 d-----w- c:\docume~1\johns\applic~1\Malwarebytes
2009-12-15 23:16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 23:16:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 23:16:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-15 23:16:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 21:26:39 0 d-----w- c:\program files\Trend Micro
2009-12-15 17:44:17 0 d-----w- c:\windows\system32\CatRoot2
2009-12-15 16:14:41 0 d-----w- C:\69d663c9bf78105b665e
2009-12-15 15:32:21 0 d-----w- C:\quarantine
2009-12-15 11:53:02 9728 ------w- c:\windows\system32\comsdupd.exe
2009-12-15 11:53:02 40832 ------w- c:\windows\system32\drivers\irbus.sys
2009-12-15 11:46:09 19528 ----a-w- c:\windows\000001_.tmp
2009-12-15 11:07:16 0 d-----w- c:\docume~1\johns\applic~1\ErrorWiz
2009-12-15 11:07:06 0 d-----w- c:\program files\ErrorWiz
2009-12-14 21:06:13 0 d-----w- c:\windows\system32\Cache
2009-12-14 21:03:01 0 d-----w- c:\windows\ServicePackFiles
2009-12-14 19:28:37 82501 ----a-w- c:\windows\system32\dllcache\bckg.dll
2009-12-14 16:44:23 0 d-----w- c:\windows\system32\XPSViewer
2009-12-14 16:43:22 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-14 16:40:06 0 d-----w- C:\55858da415ffc21079a7d666315b
2009-12-14 15:20:51 0 d-----w- C:\f1a6804f55acc0bc0fe1
2009-12-14 15:20:49 0 d-----w- c:\program files\Spyware Doctor
2009-12-14 12:53:48 0 d-----w- C:\921f5eade1603d1ea627b8
2009-12-14 11:39:39 0 d-----w- c:\program files\MSXML 6.0
2009-12-14 09:31:38 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-04 16:19:21 584832 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2009-12-04 16:13:31 0 d-----w- c:\program files\Belkin
2009-12-04 15:49:26 0 d-----w- c:\program files\Belkin(2)
2009-11-27 16:42:34 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-11-22 10:16:26 764868 ------w- c:\windows\system32\dllcache\apph_sp.sdb
2009-11-22 10:16:26 217118 ------w- c:\windows\system32\dllcache\apphelp.sdb
2009-11-22 10:16:26 1197294 ------w- c:\windows\system32\dllcache\sysmain.sdb
2009-11-22 10:16:07 0 d-----w- c:\program files\Windows Media Connect 2
2009-11-22 10:13:42 0 d-----w- C:\1539cfe0c49fbf677a3039623a49
2009-11-22 10:10:57 0 d-----w- C:\9a6c5090321a0fbb37fc6d

==================== Find3M ====================

2009-12-15 10:38:34 95872 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-15 10:38:34 95872 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-14 09:52:32 622080 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-29 03:51:51 70576 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-18 07:21:54 87608 ----a-w- c:\docume~1\johns\applic~1\inst.exe
2009-10-18 07:21:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-18 07:21:54 47360 ----a-w- c:\docume~1\johns\applic~1\pcouffin.sys
2009-10-11 04:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-24 12:01:06 21192 ----a-w- c:\windows\system32\dopdfmn6.dll
2009-09-24 12:01:06 18632 ----a-w- c:\windows\system32\dopdfmi6.dll

============= FINISH: 16:47:43.20 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 04/10/2007 15:59:25
System Uptime: 16/12/2009 16:26:55 (0 hours ago)

Motherboard: Dell Inc. | | 0GW726
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Microprocessor | 2126/1066mhz
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Microprocessor | 2126/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 194.907 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C6300 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: C6300,192.168.0.4
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP460: 16/09/2009 08:05:37 - System Checkpoint
RP461: 19/09/2009 12:15:34 - System Checkpoint
RP462: 21/09/2009 14:25:58 - System Checkpoint
RP463: 29/09/2009 07:15:05 - System Checkpoint
RP464: 01/10/2009 08:48:41 - System Checkpoint
RP465: 04/10/2009 11:52:39 - System Checkpoint
RP466: 06/10/2009 21:25:00 - System Checkpoint
RP467: 10/10/2009 07:24:39 - System Checkpoint
RP468: 11/10/2009 11:29:07 - System Checkpoint
RP469: 13/10/2009 18:39:25 - System Checkpoint
RP470: 16/10/2009 10:59:28 - System Checkpoint
RP471: 17/10/2009 02:09:10 - Installed Java(TM) 6 Update 16
RP472: 18/10/2009 11:31:15 - Software Distribution Service 3.0
RP473: 22/10/2009 07:19:34 - System Checkpoint
RP474: 23/10/2009 06:13:44 - Printer Driver doPDF 6 Printer Driver Installed
RP475: 24/10/2009 11:24:23 - System Checkpoint
RP476: 25/10/2009 07:33:30 - Installed Windows Media Player 11
RP477: 25/10/2009 07:35:15 - Installed Windows Media Player 11
RP478: 27/10/2009 05:21:11 - System Checkpoint
RP479: 27/10/2009 10:09:41 - Installed Windows Media Player 11
RP480: 30/10/2009 10:28:32 - System Checkpoint
RP481: 01/11/2009 07:04:04 - System Checkpoint
RP482: 05/11/2009 06:30:01 - System Checkpoint
RP483: 06/11/2009 16:56:33 - System Checkpoint
RP484: 13/11/2009 10:35:55 - System Checkpoint
RP485: 14/11/2009 18:35:06 - System Checkpoint
RP486: 15/11/2009 12:13:45 - Printer Driver PrimoPDF Installed
RP487: 16/11/2009 12:39:02 - System Checkpoint
RP488: 19/11/2009 13:15:56 - System Checkpoint
RP489: 21/11/2009 05:24:08 - System Checkpoint
RP490: 22/11/2009 10:01:27 - Installed Windows Media Player 11
RP491: 22/11/2009 10:08:06 - Installed Windows Media Player 11
RP492: 22/11/2009 10:10:42 - Installed Windows XP Wudf01000.
RP493: 22/11/2009 10:16:23 - Installed Windows XP MSCompPackV1.
RP494: 22/11/2009 10:16:54 - Installed Windows XP KB926239.
RP495: 25/11/2009 17:32:48 - System Checkpoint
RP496: 27/11/2009 16:44:56 - Software Distribution Service 3.0
RP497: 29/11/2009 03:27:46 - Installed Java(TM) 6 Update 17
RP498: 30/11/2009 21:04:05 - System Checkpoint
RP499: 04/12/2009 15:15:24 - Configured Belkin Wireless G Plus MIMO USB Network Adapter
RP500: 04/12/2009 15:26:11 - Installed Belkin N Wireless USB Adapter Setup
RP501: 04/12/2009 15:46:21 - Removed Belkin N Wireless USB Adapter Setup
RP502: 04/12/2009 15:49:26 - Installed Belkin N Wireless USB Adapter Setup
RP503: 04/12/2009 16:12:48 - Restore Operation
RP504: 04/12/2009 16:24:55 - Installed Belkin N Wireless USB Adapter Setup
RP505: 05/12/2009 16:31:05 - System Checkpoint
RP506: 09/12/2009 15:06:39 - System Checkpoint
RP507: 10/12/2009 18:35:50 - System Checkpoint
RP508: 12/12/2009 04:16:55 - Restore Operation
RP509: 13/12/2009 21:32:36 - System Checkpoint
RP510: 14/12/2009 09:29:35 - Restore Operation
RP511: 14/12/2009 09:57:40 - Restore Operation
RP512: 14/12/2009 11:39:52 - Installed Windows XP WIC.
RP513: 14/12/2009 16:27:31 - Spyware Doctor: Cleaning Threats
RP514: 14/12/2009 16:42:44 - Installed Windows XP WIC.
RP515: 14/12/2009 16:43:22 - Installed %1 %2.
RP516: 14/12/2009 16:43:30 - Printer Driver Microsoft XPS Document Writer Installed
RP517: 14/12/2009 19:00:37 - Spyware Doctor: Cleaning Threats
RP518: 14/12/2009 21:19:58 - Restore Operation
RP519: 15/12/2009 11:13:05 - ErrorWiz Restore point
RP520: 15/12/2009 11:44:40 - ErrorWiz Restore point
RP521: 15/12/2009 11:46:14 - Installed Windows XP Service Pack 2.
RP522: 15/12/2009 11:53:46 - ErrorWiz Restore point
RP523: 15/12/2009 11:55:01 - Spyware Doctor: Cleaning Threats
RP524: 15/12/2009 13:14:51 - ErrorWiz Restore point
RP525: 15/12/2009 13:15:52 - ErrorWiz Restore point
RP526: 15/12/2009 14:15:03 - ErrorWiz Restore point
RP527: 15/12/2009 16:13:48 - Removed J2SE Runtime Environment 5.0 Update 6
RP528: 16/12/2009 01:41:26 - ErrorWiz Restore point
RP529: 16/12/2009 01:47:35 - Installed Windows XP WIC.
RP530: 16/12/2009 01:56:55 - Configured 2007 Microsoft Office system
RP531: 16/12/2009 01:58:51 - Configured 2007 Microsoft Office system

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
AAC Decoder
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BBC iPlayer Desktop
BBC iPlayer Download Manager
Belkin N Wireless USB Adapter Setup
Belkin Wireless G Plus MIMO USB Network Adapter
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
BufferChm
C6300
CDDRV_Installer
Color Network ScanGear Ver.2.2
ConvertXtoDVD 3.8.0.193j
Dell ETS Factory Installation
DellSupport
Destination Component
DeviceDiscovery
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
doPDF 6.3 printer
DVR PC-Link
ErrorWiz 1.3
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
H.264 Decoder
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB924455)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
hp LaserJet 1000
hp LaserJet 1010 Series
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Image Resizer Powertoy for Windows XP
Intel(R) Graphics Media Accelerator Driver
Internet Evidence Finder 2.0.6
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 3
KhalSetup
LimeWire 5.1.2
Malwarebytes' Anti-Malware
MarketResearch
McAfee VirusScan Enterprise
Metacafe
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Midas
MKV Splitter
Mouse Suite for Desktop Computers
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Network
PaperVision Document Viewer Controls
Picasa 3
PowerDVD
PrimoPDF -- by Nitro PDF Software
PS_AIO_04_C6300_Software_Min
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Scan
SearchAssist
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SetPoint
Sky Broadband
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Status
Toolbox
TrayApp
Tru-Flite 3D
UnloadSupport
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VC80CRTRedist - 8.0.50727.4053
Vodafone Mobile Connect Lite Runtime Components
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Wisdom-soft ScreenHunter 5.0 Free
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

15/12/2009 17:30:25, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
15/12/2009 15:58:18, error: DCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "%2" Happened while starting this command: "C:\PROGRA~1\INTERN~1\IEXPLO~1.EXE" -Embedding
15/12/2009 14:44:28, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.11.
15/12/2009 14:44:28, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.11.
15/12/2009 14:25:57, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 7.0.5730.13, the version of the system file is 7.0.5730.11.
15/12/2009 14:25:18, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.11.
14/12/2009 19:30:33, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IIS Admin service to connect.
14/12/2009 19:30:33, error: Service Control Manager [7000] - The IIS Admin service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/12/2009 19:30:32, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
14/12/2009 19:12:56, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the sdCoreService service.
14/12/2009 13:04:57, error: Print [6161] -
14/12/2009 11:56:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Akamai NetSession Interface service to connect.
14/12/2009 10:20:22, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
14/12/2009 10:19:58, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
14/12/2009 10:19:58, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/12/2009 10:18:58, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
14/12/2009 10:18:58, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
14/12/2009 10:18:47, error: Service Control Manager [7023] - The KService service terminated with the following error: Unspecified error
14/12/2009 10:18:42, error: NETLOGON [5719] - No Domain Controller is available for domain FROSTBANSTEAD due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
14/12/2009 04:11:34, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001CDF2641AF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/12/2009 04:07:38, error: Srv [2000] - The server's call to a system service failed unexpectedly.

==== End Of File ===========================

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java(TM) 6 Update 3
LimeWire 5.1.2

Are you getting any Google search hijacks/re-direct by any chance?

I have successfully removed Limewire - however when attempting to remove Java it displays this message.

The windows Installer Service could not be accessed. This can occur if you are running in safe mode, or if the windows installer is not correctly installed. Contact your support personnel for assistance.

I am using another PC for communication as I cant access IE of any Office programs, I burn the reports onto disk and copy onto other PC to reply etc.

For info I also have disconnected my wireless card from the subject PC.

I do not get any Google Hijacks/Redirections - however when I managed to open a browser via RUN typing http://annoyance.org and tried going onto security update sites it was redirecting then.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
atapi.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Hi,

System Lock report as requested.

Thank you for your help on this problem.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 09:28 on 17/12/2009 by johns (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\i386\atapi.sys --a--- 95872 bytes [09:27 08/09/2007] [01:02 28/08/2006] 40CAACE7F2E7668148A1D45CF91E1131
C:\WINDOWS\Driver Cache\i386\atapi.sys --a--- 95872 bytes [09:30 08/09/2007] [20:02 27/08/2006] 40CAACE7F2E7668148A1D45CF91E1131
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 95360 bytes [11:51 15/12/2009] [22:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\dllcache\atapi.sys --a--- 95872 bytes [21:59 03/08/2004] [10:38 15/12/2009] 40CAACE7F2E7668148A1D45CF91E1131
C:\WINDOWS\system32\drivers\atapi.sys --a--- 95872 bytes [21:59 03/08/2004] [10:38 15/12/2009] 40CAACE7F2E7668148A1D45CF91E1131
C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys --a--- 95872 bytes [09:30 08/09/2007] [20:02 27/08/2006] 40CAACE7F2E7668148A1D45CF91E1131
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys --a--- 95872 bytes [09:30 08/09/2007] [20:02 27/08/2006] 40CAACE7F2E7668148A1D45CF91E1131

-=End Of File=-

Hello.
Do you have your XP disc?

No i dont

Hello.
Try this first.

• Download combofix from here
  Link 1
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

It's been scanning now for over 30 Mins - shall i leave it still?

Leave it a bit longer, if still no luck, boot to safe mode and try it from there.

When trying to boot in Safe mode i get a blue screen saying unable to boot in safe mode etc.

It gives this technical information:

Stop: 0x0000007E ()XC0000005, 0X8050FBDB, 0XF789E4CC, 0XF789E1C8)

When i try again it says boot in XP or recovery which one should i choose?

XP normal.

No keeps coming up witgh the same blue screen

Tried it several times in Normal mode and keeps coming up with the blue screen again.

Hmm, are you able to boot to safe mode?
Try running Combofix in safe mode.

No i cant seem to boot into Safe Mode without encounting the blue screen.

Then i have to power off by the PC button and when restarting it displays the screen informing me of a system problem and to select which mode to restart in again. I then select XP professional rather than system recovery.

You mean the recovery console? I wonder if we can use that to restore atapi.sys

Are you on another machine right now? cause were gonna need to have the infected machine running so we can restore it.

Yes sorry I mean the recovery console.

I am using another machine, so we can restore it.

Okay, boot into the recovery console.

When you get to the command prompt, type in:

cd C:\Windows\system32\drivers

Hit enter. It will go into the drivers folder. Next type in dir and hit enter.

That will list every file in the drivers folder. Look somewhere near the top for atapi.sys. If the file is there, it will show file size next to it.

What's it's filesize right now? 95,360 or 95,872? or does the file not exist/show at all?

I have come up with the following black screen and a prompt as follows;

Which Windows Installation would you like to log onto, to cancel press ENTER>?

It seems to only allow one character option space entry before hitting enter?

Also do i type the CD part of cd C:\Windows\system32\drivers?

Last edited by darrylrixon on 18th December 2009, 12:52 pm; edited 1 time in total (Reason for editing : added question)

And it leads to the BSOD if you press enter? hmm, weird.
Does this machine have an OEM partition? if so, we can restore the machine back to factory settings.

How can i tell if it has a OEM partition? as i'm not sure.

Can't remember which option menu it is, but when booting up, tap F10 OR F12, one of the 2 menus might have a "restore to factory settings"

Okay, F12 gives the follow options;

Onboard Sata hard drive
Onboard or USB CD-ROM drive

*System Setup
*Hard Drive Diagnostics
*boot Utility Partition

Shall i go for boot utility partition?

No. Our last option is a boot disc.

Please download this file: Avira Rescue Disc

1. Insert a black CD into your CD draw.
   
2. Double click the rescuecd.exe file on your Desktop.
   
3. Hit the "Burn CD" button and allow it to burn, it shouldn't take too long.
   
4. Next, reboot your computer, keep the CD inside the draw.
   
5. Your computer should boot from the CD and boot to the Avira rescue disc.
   
6. Next, see this guide here and follow the instructions on that page: How to use the boot disc
   

Let me know how it goes.

It done lots of searches and renamed one file and found 10 possible alerts, have rebooted in XP and its still the same.

What is the final way around this put the hard drive in for repair, wipe it and start again?

If its wiped/formated will that definately remove any/all of the viruses?

thanks

Yes it would.

Okay, thanks for you assistance - i'll have to go down this route after all.