Desktop your system is infected

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Desktop your system is infected11th January 2010, 7:44 pm

Hi there,

Had some spyware infect my computer think I finally got it to stop with the fake message and there anti virus slogan. But my deshtop has a nice big box saying "my compter is infected!" Can't remove... wondering if I can get some help how to fix this problem

I'm running Windows xp

regards k

Re: Desktop your system is infected11th January 2010, 9:01 pm

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Desktop your system is infected DXwU4

Re: Desktop your system is infected11th January 2010, 9:20 pm

here it is. I just downloaded anti malware looks like message is gone but still some errors

Thanks for the help

ogfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:15:29 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LxrSII1s.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093924185203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133732068281
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - https://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: rlfile - {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - C:\Program Files\BlacksMemorables\RocketEngine.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10982 bytes

Re: Desktop your system is infected12th January 2010, 1:34 am

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Desktop your system is infected12th January 2010, 3:22 am

o infected
ty
Regards K

Malwarebytes' Anti-Malware 1.44
Database version: 3542
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/11/2010 10:17:52 PM
mbam-log-2010-01-11 (22-17-52).txt

Scan type: Quick Scan
Objects scanned: 119007
Time elapsed: 11 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Desktop your system is infected12th January 2010, 7:05 pm

Hello.

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste BOTH LOGS back here, use more than one post if needed.

Re: Desktop your system is infected12th January 2010, 7:51 pm

Hello, as requested

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 14:48:23.68 on Tue 01/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.42 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
svchost.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\LxrSII1s.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.ca/
uDefault_Page_URL = hxxp://us10.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer provided by Sympatico
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2008\IEToolbar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No File
TB: {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2008\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2008\bdagent.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tl-wn3~1.lnk - c:\program files\tp-link\tl-wn321g wireless utility\installer\winxp\TWCU.exe
IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.00.0001.1203\en-us\msntb.dll/search.htm
IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {205FF73B-CA67-11D5-99DD-444553540000} - hxxp://www.wildtangent.com/webdrivers/webinstall/Install.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://fulfillment.puretracks.com/onager.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093924185203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133732068281
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - hxxp://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38062.4207060185
DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: rlfile - {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - c:\program files\blacksmemorables\RocketEngine.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2009-12-14 163600]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-12 55656]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2006-12-14 70016]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2004-4-12 6097]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 mrtRate;mrtRate; [x]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys --> c:\windows\system32\drivers\sonyhcs.sys [?]
S4 FreezeScreenSaver;FreezeScreenSaver;c:\windows\system32\FreezeScreenSaver.exe [2006-1-22 69632]

=============== Created Last 30 ================

2010-01-12 17:36:37 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-12 17:19:00 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-12 17:18:48 0 d-----w- c:\program files\Avira
2010-01-12 17:18:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-12 15:37:14 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-01-12 15:37:14 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-01-12 15:37:09 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-12 15:37:09 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-01-12 15:36:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-01-12 15:36:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-01-12 15:36:57 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-12 15:36:57 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-12 15:36:51 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-12 15:36:51 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-01-12 15:36:50 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2010-01-12 15:36:50 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2010-01-12 15:33:53 20992 ----a-w- C:\piom.exe
2010-01-11 21:14:06 0 d-----w- c:\program files\TrendMicro
2010-01-11 20:31:20 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-01-11 20:31:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 20:30:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-11 20:30:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 20:30:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 18:20:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-01-10 18:18:34 0 d-----w- c:\program files\STOPzilla!
2010-01-10 18:18:23 0 d-----w- c:\program files\common files\iS3
2010-01-10 18:18:13 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-01-10 16:57:44 0 d-----w- c:\docume~1\owner\applic~1\McAfee
2010-01-10 15:41:18 0 d-----w- c:\program files\common files\McAfee
2010-01-10 15:40:58 0 d-----w- c:\program files\McAfee
2010-01-08 01:55:19 0 d-----w- c:\program files\Western Digital
2010-01-07 17:26:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Seagate
2010-01-07 17:23:30 0 d-----w- c:\program files\Carbonite
2010-01-07 17:21:11 0 d-----w- c:\program files\Seagate
2010-01-06 18:43:11 0 d-----w- C:\extensions
2010-01-06 18:42:55 0 d-----w- c:\program files\YouTube Clip Extractor
2010-01-06 16:28:21 79660 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-01 02:38:00 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-01 02:38:00 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-01 02:35:59 0 d-----w- c:\program files\iPod
2010-01-01 02:35:36 0 d-----w- c:\program files\iTunes
2010-01-01 02:35:36 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 02:23:39 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
2010-01-01 02:23:39 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-23 19:13:34 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-12-23 19:13:32 438928 ----a-r- c:\windows\system32\SZBase5.dll
2009-12-23 19:04:54 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-12-14 15:24:24 163600 ----a-r- c:\windows\system32\drivers\SZKGFS.sys

==================== Find3M ====================

2010-01-12 17:34:23 81984 ----a-w- c:\windows\system32\bdod.bin
2009-12-10 21:11:40 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-12-10 21:11:32 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-12-10 21:09:24 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-12-10 21:09:08 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-12-10 21:08:48 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-12-10 21:06:52 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-12-10 21:06:30 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-12-10 21:05:54 94208 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-12-10 21:02:42 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-12-07 21:59:32 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-12-07 21:59:32 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys.bak
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 00:10:30 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2005-08-28 00:58:47 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-08-19 18:54:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 14:48:42.10 ===============

Re: Desktop your system is infected12th January 2010, 7:52 pm

attach
Many thanks K

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2004 2:00:41 PM
System Uptime: 1/12/2010 12:35:13 PM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | Kamet2
Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2158/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 119.962 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.931 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
L: is Removable
N: is CDROM ()
O: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ActiveSpeed
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 8.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz 2
Avery Wizard 3.0
Avira AntiVir Personal - Free Antivirus
Black's Digital Solution Studio
BlacksMemorables
BufferChm
Chainz
Copy
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
cp_PrintOnCDConfig
cp_UpdateProjectsConfig
Creative Memories StoryBook Creator Plus
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
D6100_D7100_D7300_Help
D7100
DeviceManagementQFolder
DocProc
Easy Internet Sign-up
eSupportQFolder
FullDPAppQFolder
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 7.0
HP Deskjet Preloaded Printer Drivers
HP Imaging Device Functions 7.0
HP Instant Support
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Premier Software 6.5
HP Solution Center 7.0
hph_ProductContext
hph_readme
hph_software
hph_software_req
hpmdtab
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 7
KBD
Lotus SmartSuite 97
Lyra Applications
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 4.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Nero Suite
Nikon Message Center
Nikon Transfer
NVIDIA GART Driver
NWF Peoples Choice 2003-800
OptionalContentQFolder
PanoStandAlone
Photodex Presenter
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Picture Control Utility
Pipeline
PIXELA ImageMixer
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
QuickTax 2004
QuickTax 2005
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTime
RandMap
RealArcade
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan
Scientific Notebook 5.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shape Shifter
Simply Accounting 2004 Basic
SkinsHP1
SkinsHP2
SlideShow
SlideShowMusic
SolutionCenter
Sonic Update Manager
Sonic_PrimoSDK
Status
STOPzilla
TL-WN321G Wireless Utility
TONKA Search & Rescue 2
Toolbox
toolkit
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
ViewNX
Viewpoint Media Player (Remove Only)
Virtools 3D Life Player
WebFldrs XP
WebReg
Wildlife Treasures 800
WildTangent Web Driver
Winamp
Winamp Toolbar for Internet Explorer
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 12.0

==== Event Viewer Messages From Past Week ========

1/9/2010 10:29:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.
1/9/2010 10:29:34 PM, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/8/2010 7:25:12 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86986 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.197.32:123) is working properly.
1/8/2010 2:51:00 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86988 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.197.32:123) is working properly.
1/12/2010 12:32:02 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
1/12/2010 11:07:34 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
1/12/2010 11:07:34 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 11:07:34 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 11:07:30 AM, error: SRService [104] - The System Restore initialization process failed.
1/12/2010 10:37:15 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wstcodec.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
1/12/2010 10:37:15 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file usbohci.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:15 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file usbaudio.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file tdtcp.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mstee.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mspqm.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file lbrtfdc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.10.1.0.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ip6fw.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file i2omgmt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file changer.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ccdecode.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file agp440.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:36:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\usbscan.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:36:46 AM, error: Service Control Manager [7000] - The Intel(R) Graphics Chipset (KCH) Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:45 AM, error: Service Control Manager [7000] - The World Standard Teletext Codec service failed to start due to the following error: Access is denied.
1/12/2010 10:36:45 AM, error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework Reflector service failed to start due to the following error: Access is denied.
1/12/2010 10:36:45 AM, error: Service Control Manager [7000] - The Intel(R) Graphics Platform (SoftBIOS) Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:44 AM, error: Service Control Manager [7000] - The WpdUsb service failed to start due to the following error: Access is denied.
1/12/2010 10:36:43 AM, error: Service Control Manager [7000] - The USB Scanner Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:43 AM, error: Service Control Manager [7000] - The Microsoft USB Open Host Controller Miniport Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:42 AM, error: Service Control Manager [7000] - The Sony Digital Imaging Audio service failed to start due to the following error: Access is denied.
1/12/2010 10:36:42 AM, error: Service Control Manager [7000] - The Apple Mobile USB Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:39 AM, error: Service Control Manager [7000] - The Microsoft Kernel GS Wavetable Synthesizer service failed to start due to the following error: Access is denied.
1/12/2010 10:36:39 AM, error: Service Control Manager [7000] - The HP && Alcor Micro Corp for Phison service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:36:38 AM, error: Service Control Manager [7000] - The BDA IPSink service failed to start due to the following error: Access is denied.
1/12/2010 10:36:36 AM, error: Service Control Manager [7000] - The Microsoft Kernel Audio Splitter service failed to start due to the following error: Access is denied.
1/12/2010 10:36:35 AM, error: Service Control Manager [7000] - The Sony Digital Imaging Video service failed to start due to the following error: Access is denied.
1/12/2010 10:36:33 AM, error: Service Control Manager [7000] - The Sony Digital Imaging Base service failed to start due to the following error: Access is denied.
1/12/2010 10:36:32 AM, error: Service Control Manager [7000] - The SiS AGP Filter service failed to start due to the following error: Access is denied.
1/12/2010 10:36:32 AM, error: Service Control Manager [7000] - The BDA Slip De-Framer service failed to start due to the following error: Access is denied.
1/12/2010 10:36:29 AM, error: Service Control Manager [7000] - The fasttx2k service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/12/2010 10:36:27 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\ipfltdrv.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
1/12/2010 10:36:27 AM, error: Service Control Manager [7000] - The Secdrv service failed to start due to the following error: Access is denied.
1/12/2010 10:36:25 AM, error: Service Control Manager [7000] - The Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:23 AM, error: Service Control Manager [7000] - The RT73 USB Wireless LAN Card Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:21 AM, error: Service Control Manager [7000] - The Processor Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:08 AM, error: Service Control Manager [7001] - The IPX Traffic Filter Driver service depends on the IPX Traffic Forwarder Driver service which failed to start because of the following error: The system cannot find the file specified.
1/12/2010 10:36:06 AM, error: Service Control Manager [7000] - The IPX Traffic Forwarder Driver service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:36:04 AM, error: Service Control Manager [7000] - The NVIDIA nForce AGP Bus Filter service failed to start due to the following error: Access is denied.
1/12/2010 10:36:02 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: Access is denied.
1/12/2010 10:36:01 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: Access is denied.
1/12/2010 10:35:58 AM, error: Service Control Manager [7000] - The NDIS Usermode I/O Protocol service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:56 AM, error: Service Control Manager [7000] - The Microsoft TV/Video Connection service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:54 AM, error: Service Control Manager [7000] - The NABTS/FEC VBI Codec service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:50 AM, error: Service Control Manager [7000] - The Microsoft Streaming Tee/Sink-to-Sink Converter service failed to start due to the following error: The process cannot access the file because it is being used by another process.
1/12/2010 10:35:48 AM, error: Service Control Manager [7000] - The Microsoft Streaming Quality Manager Proxy service failed to start due to the following error: Access is denied.
1/12/2010 10:35:47 AM, error: Service Control Manager [7000] - The Microsoft Streaming Clock Proxy service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:46 AM, error: Service Control Manager [7000] - The Microsoft Streaming Service Proxy service failed to start due to the following error: Access is denied.
1/12/2010 10:35:44 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: Access is denied.
1/12/2010 10:35:43 AM, error: Service Control Manager [7000] - The is3srv service failed to start due to the following error: Access is denied.
1/12/2010 10:35:42 AM, error: Service Control Manager [7000] - The IR Enumerator Service service failed to start due to the following error: Access is denied.
1/12/2010 10:35:41 AM, error: Service Control Manager [7000] - The IP in IP Tunnel Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:35:40 AM, error: Service Control Manager [7000] - The IP Traffic Filter Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:35:39 AM, error: Service Control Manager [7000] - The IPv6 Windows Firewall Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:35:37 AM, error: Service Control Manager [7000] - The i2omgmt service failed to start due to the following error: Access is denied.
1/12/2010 10:35:36 AM, error: Service Control Manager [7000] - The VIA Rhine Family Fast Ethernet Adapter Driver Service service failed to start due to the following error: Access is denied.
1/12/2010 10:35:35 AM, error: Service Control Manager [7000] - The fasttx2k service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:33 AM, error: Service Control Manager [7000] - The Microsoft Kernel DRM Audio Descrambler service failed to start due to the following error: Access is denied.
1/12/2010 10:35:32 AM, error: Service Control Manager [7000] - The Microsoft Kernel DLS Syntheiszer service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:29 AM, error: Service Control Manager [7000] - The Closed Caption Decoder service failed to start due to the following error: The process cannot access the file because it is being used by another process.
1/12/2010 10:35:26 AM, error: Service Control Manager [7000] - The ATM ARP Client Protocol service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:24 AM, error: Service Control Manager [7000] - The Service for WDM 3D Audio Driver service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:24 AM, error: Service Control Manager [7000] - The RAS Asynchronous Media Driver service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:24 AM, error: Service Control Manager [7000] - The Intel AGP Bus Filter service failed to start due to the following error: Access is denied.
1/12/2010 10:35:23 AM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: The system cannot find the file specified.
1/11/2010 9:32:12 AM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
1/11/2010 9:15:23 AM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the file specified.
1/11/2010 8:18:40 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/11/2010 2:11:22 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows XP (KB955759).
1/11/2010 2:10:52 PM, error: NtServicePack [4379] - Windows XP Hotfix KB955759 installation failed.
KB955759 installation did not complete.
1/11/2010 2:10:50 PM, error: NtServicePack [4373] - Windows XP KB955759 installation failed.
Access is denied.
1/10/2010 2:38:39 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/10/2010 2:38:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner service to connect.
1/10/2010 2:38:04 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/10/2010 2:25:06 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Real-time Scanner service, but this action failed with the following error: An instance of the service is already running.
1/10/2010 2:24:13 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/10/2010 2:21:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
1/10/2010 2:20:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 fasttx2k nv_agp SISAGP
1/10/2010 2:19:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FreezeScreenSaver service to connect.
1/10/2010 2:19:31 PM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/10/2010 2:19:31 PM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/10/2010 2:19:31 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
1/10/2010 12:54:01 PM, error: Dhcp [1002] - The IP address lease 24.36.206.20 for the Network Card with network address 000EA66C566A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/10/2010 12:18:59 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McShield service.
1/10/2010 10:53:23 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
1/10/2010 1:55:04 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:03 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:03 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:03 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/10/2010 1:55:03 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/10/2010 1:55:03 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/10/2010 1:55:02 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:02 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:02 PM, error: Service Control Manager [7034] - The SSHNAS service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:02 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:01 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:01 PM, error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:01 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:01 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:01 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:01 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
1/10/2010 1:55:01 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Re: Desktop your system is infected13th January 2010, 12:12 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTM.exe to run it.
Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:services
is3srv
McShield
mrtRate
McSysmon
FreezeScreenSaver

:files
c:\windows\system32\FreezeScreenSaver.exe
C:\piom.exe
Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Re: Desktop your system is infected13th January 2010, 2:15 pm

hello, heres from the otm

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
========== FILES ==========
c:\windows\system32\FreezeScreenSaver.exe moved successfully.
C:\piom.exe moved successfully.
File/Folder • not found.

OTM by OldTimer - Version 3.1.5.0 log created on 01132010_091226

Re: Desktop your system is infected13th January 2010, 4:12 pm

Hello.
OTM didn't fix the services, most likely because you missed :services as the top line.

Re: Desktop your system is infected13th January 2010, 4:45 pm

ok I'll try again here u go

Many thanks K

Service is3srv stopped successfully!
Service is3srv deleted successfully!
Error: No service named McShield was found to stop!
Unable to stop service McShield!
Service mrtRate stopped successfully!
Service mrtRate deleted successfully!
Service McSysmon stopped successfully!
Service McSysmon deleted successfully!
Service FreezeScreenSaver stopped successfully!
Service FreezeScreenSaver deleted successfully!
========== FILES ==========
File/Folder c:\windows\system32\FreezeScreenSaver.exe not found.
File/Folder C:\piom.exe not found.

OTM by OldTimer - Version 3.1.5.0 log created on 01132010_114417

Re: Desktop your system is infected13th January 2010, 6:48 pm

We can remove OTMoveIt now.

Please double-click OTM.exe to run it again.
Press the green CleanUp! button.
Press Yes cleanup process prompt, do the same for the reboot prompt.

How is the machine running now?

Re: Desktop your system is infected14th January 2010, 1:56 pm

Hello,

Machine is runing good now. Thanks you. One question if you don"t mind when I start up internet explorer seems to take a long time to start up. Would you have any suggestions?

Once again thanks for the great help

K

Re: Desktop your system is infected14th January 2010, 7:26 pm

Please post a new Hijack This log.

Re: Desktop your system is infected14th January 2010, 8:21 pm

Hello,

Once again thanks

K

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:20:17 PM, on 1/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093924185203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133732068281
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - https://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: rlfile - {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - C:\Program Files\BlacksMemorables\RocketEngine.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10927 bytes

Re: Desktop your system is infected15th January 2010, 12:16 am

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Re: Desktop your system is infected15th January 2010, 4:24 am

Hello,
Once again Thanks

Malwarebytes' Anti-Malware 1.44
Database version: 3542
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/14/2010 11:23:13 PM
mbam-log-2010-01-14 (23-23-13).txt

Scan type: Quick Scan
Objects scanned: 118315
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Desktop your system is infected15th January 2010, 7:35 pm

Hello.

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste BOTH LOGS back here, use more than one post if needed.

Re: Desktop your system is infected15th January 2010, 9:13 pm

as requested

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 16:08:33.73 on Fri 01/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.49 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.ca/
uDefault_Page_URL = hxxp://us10.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer provided by Sympatico
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No File
TB: {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tl-wn3~1.lnk - c:\program files\tp-link\tl-wn321g wireless utility\installer\winxp\TWCU.exe
IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.00.0001.1203\en-us\msntb.dll/search.htm
IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {205FF73B-CA67-11D5-99DD-444553540000} - hxxp://www.wildtangent.com/webdrivers/webinstall/Install.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://fulfillment.puretracks.com/onager.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093924185203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133732068281
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - hxxp://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38062.4207060185
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: rlfile - {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - c:\program files\blacksmemorables\RocketEngine.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2009-12-14 163600]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-12 56816]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2006-12-14 70016]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2004-4-12 6097]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys --> c:\windows\system32\drivers\sonyhcs.sys [?]

=============== Created Last 30 ================

2010-01-15 14:37:16 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-14 22:25:19 0 d-----w- c:\program files\CCleaner
2010-01-14 20:45:54 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2010-01-14 20:45:54 935424 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2010-01-14 20:45:54 0 d-----w- c:\program files\MyDefrag v4.2.7
2010-01-13 16:19:00 0 d-----w- c:\program files\Combined Community Codec Pack
2010-01-13 14:23:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-13 14:23:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-13 14:22:52 0 d-----w- c:\program files\LimeWire
2010-01-12 23:00:22 1191616 ------w- c:\windows\wweb32.dll
2010-01-12 23:00:21 0 d-----w- c:\program files\WordWeb
2010-01-12 17:19:00 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-12 17:18:48 0 d-----w- c:\program files\Avira
2010-01-12 17:18:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-12 15:37:14 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-01-12 15:37:14 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-01-12 15:37:09 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-12 15:37:09 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-01-12 15:36:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-01-12 15:36:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-01-12 15:36:57 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-12 15:36:57 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-12 15:36:51 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-12 15:36:51 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-01-12 15:36:50 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2010-01-12 15:36:50 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2010-01-11 21:14:06 0 d-----w- c:\program files\TrendMicro
2010-01-11 20:31:20 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-01-11 20:31:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 20:30:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-11 20:30:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 20:30:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 19:04:29 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 18:20:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-01-10 18:18:34 0 d-----w- c:\program files\STOPzilla!
2010-01-10 18:18:23 0 d-----w- c:\program files\common files\iS3
2010-01-10 18:18:13 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-01-10 16:57:44 0 d-----w- c:\docume~1\owner\applic~1\McAfee
2010-01-10 15:41:18 0 d-----w- c:\program files\common files\McAfee
2010-01-10 15:40:58 0 d-----w- c:\program files\McAfee
2010-01-08 01:55:19 0 d-----w- c:\program files\Western Digital
2010-01-07 17:26:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Seagate
2010-01-07 17:23:30 0 d-----w- c:\program files\Carbonite
2010-01-07 17:21:11 0 d-----w- c:\program files\Seagate
2010-01-06 18:43:11 0 d-----w- C:\extensions
2010-01-06 18:42:55 0 d-----w- c:\program files\YouTube Clip Extractor
2010-01-06 16:28:21 79660 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-01 02:38:00 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-01 02:38:00 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-01 02:35:59 0 d-----w- c:\program files\iPod
2010-01-01 02:35:36 0 d-----w- c:\program files\iTunes
2010-01-01 02:35:36 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 02:23:39 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
2010-01-01 02:23:39 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-23 19:13:34 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-12-23 19:13:32 438928 ----a-r- c:\windows\system32\SZBase5.dll
2009-12-23 19:04:54 17408 ----a-r- c:\windows\system32\SZIO5.dll

==================== Find3M ====================

2010-01-12 17:34:23 81984 ----a-w- c:\windows\system32\bdod.bin
2009-12-14 15:24:24 163600 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2009-12-10 21:11:40 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-12-10 21:11:32 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-12-10 21:09:24 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-12-10 21:09:08 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-12-10 21:08:48 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-12-10 21:06:52 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-12-10 21:06:30 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-12-10 21:05:54 94208 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-12-10 21:02:42 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-12-07 21:59:32 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-12-07 21:59:32 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys.bak
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 00:10:30 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2005-08-28 00:58:47 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-08-19 18:54:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 16:09:38.56 ===============

Re: Desktop your system is infected15th January 2010, 9:14 pm

attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2004 2:00:41 PM
System Uptime: 1/15/2010 9:35:52 AM (7 hours ago)

Motherboard: ASUSTek Computer INC. | | Kamet2
Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2157/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 118.999 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.931 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
L: is Removable
N: is CDROM ()
O: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ActiveSpeed
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 8.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz 2
Avery Wizard 3.0
Avira AntiVir Personal - Free Antivirus
Black's Digital Solution Studio
BlacksMemorables
BufferChm
CCleaner
Chainz
Combined Community Codec Pack 2009-09-09
Copy
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
cp_PrintOnCDConfig
cp_UpdateProjectsConfig
Creative Memories StoryBook Creator Plus
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
D6100_D7100_D7300_Help
D7100
DeviceManagementQFolder
DocProc
Easy Internet Sign-up
eSupportQFolder
FullDPAppQFolder
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 7.0
HP Deskjet Preloaded Printer Drivers
HP Imaging Device Functions 7.0
HP Instant Support
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Premier Software 6.5
HP Solution Center 7.0
hph_ProductContext
hph_readme
hph_software
hph_software_req
hpmdtab
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 16
KBD
LimeWire 5.4.6
Lotus SmartSuite 97
Lyra Applications
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 4.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
MyDefrag v4.2.7
Nero Suite
Nikon Message Center
Nikon Transfer
NVIDIA GART Driver
NWF Peoples Choice 2003-800
OptionalContentQFolder
PanoStandAlone
Photodex Presenter
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Picture Control Utility
Pipeline
PIXELA ImageMixer
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
QuickTax 2004
QuickTax 2005
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTime
RandMap
RealArcade
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scan
Scientific Notebook 5.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shape Shifter
Simply Accounting 2004 Basic
SkinsHP1
SkinsHP2
SlideShow
SlideShowMusic
SolutionCenter
Sonic Update Manager
Sonic_PrimoSDK
Status
STOPzilla
TL-WN321G Wireless Utility
TONKA Search & Rescue 2
Toolbox
toolkit
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
ViewNX
Virtools 3D Life Player
WebFldrs XP
WebReg
Wildlife Treasures 800
WildTangent Web Driver
Winamp
Winamp Toolbar for Internet Explorer
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 12.0
WordWeb
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/13/2010 9:03:55 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/13/2010 3:24:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 fasttx2k nv_agp SISAGP
1/13/2010 3:24:21 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
1/13/2010 3:24:21 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The system cannot find the file specified.
1/13/2010 3:24:21 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The system cannot find the file specified.
1/13/2010 3:24:21 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
1/13/2010 3:24:21 AM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
1/13/2010 3:24:13 AM, error: SRService [104] - The System Restore initialization process failed.
1/12/2010 3:32:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/12/2010 3:28:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/12/2010 3:27:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD agp440 AmdK7 avgio avipbb fasttx2k Fips IPSec MRxSmb NetBIOS NetBT nv_agp ohci1394 RasAcd Rdbss SISAGP ssmdrv Tcpip
1/12/2010 3:27:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2010 3:27:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2010 3:27:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2010 3:27:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2010 3:27:29 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2010 3:27:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/12/2010 3:03:26 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
1/12/2010 12:32:02 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
1/12/2010 10:37:15 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wstcodec.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
1/12/2010 10:37:15 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file usbohci.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:15 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file usbaudio.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file tdtcp.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mstee.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mspqm.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file lbrtfdc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.10.1.0.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ip6fw.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file i2omgmt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file changer.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ccdecode.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.0.900.
1/12/2010 10:37:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file agp440.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:36:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\usbscan.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/12/2010 10:36:46 AM, error: Service Control Manager [7000] - The Intel(R) Graphics Chipset (KCH) Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:45 AM, error: Service Control Manager [7000] - The World Standard Teletext Codec service failed to start due to the following error: Access is denied.
1/12/2010 10:36:45 AM, error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework Reflector service failed to start due to the following error: Access is denied.
1/12/2010 10:36:45 AM, error: Service Control Manager [7000] - The Intel(R) Graphics Platform (SoftBIOS) Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:44 AM, error: Service Control Manager [7000] - The WpdUsb service failed to start due to the following error: Access is denied.
1/12/2010 10:36:43 AM, error: Service Control Manager [7000] - The USB Scanner Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:43 AM, error: Service Control Manager [7000] - The Microsoft USB Open Host Controller Miniport Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:42 AM, error: Service Control Manager [7000] - The Sony Digital Imaging Audio service failed to start due to the following error: Access is denied.
1/12/2010 10:36:42 AM, error: Service Control Manager [7000] - The Apple Mobile USB Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:39 AM, error: Service Control Manager [7000] - The Microsoft Kernel GS Wavetable Synthesizer service failed to start due to the following error: Access is denied.
1/12/2010 10:36:39 AM, error: Service Control Manager [7000] - The HP && Alcor Micro Corp for Phison service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:36:38 AM, error: Service Control Manager [7000] - The BDA IPSink service failed to start due to the following error: Access is denied.
1/12/2010 10:36:36 AM, error: Service Control Manager [7000] - The Microsoft Kernel Audio Splitter service failed to start due to the following error: Access is denied.
1/12/2010 10:36:35 AM, error: Service Control Manager [7000] - The Sony Digital Imaging Video service failed to start due to the following error: Access is denied.
1/12/2010 10:36:33 AM, error: Service Control Manager [7000] - The Sony Digital Imaging Base service failed to start due to the following error: Access is denied.
1/12/2010 10:36:32 AM, error: Service Control Manager [7000] - The SiS AGP Filter service failed to start due to the following error: Access is denied.
1/12/2010 10:36:32 AM, error: Service Control Manager [7000] - The BDA Slip De-Framer service failed to start due to the following error: Access is denied.
1/12/2010 10:36:29 AM, error: Service Control Manager [7000] - The fasttx2k service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/12/2010 10:36:27 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\ipfltdrv.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
1/12/2010 10:36:27 AM, error: Service Control Manager [7000] - The Secdrv service failed to start due to the following error: Access is denied.
1/12/2010 10:36:25 AM, error: Service Control Manager [7000] - The Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:23 AM, error: Service Control Manager [7000] - The RT73 USB Wireless LAN Card Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:21 AM, error: Service Control Manager [7000] - The Processor Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:36:10 AM, error: Service Control Manager [7000] - The IPX Traffic Forwarder Driver service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:36:08 AM, error: Service Control Manager [7001] - The IPX Traffic Filter Driver service depends on the IPX Traffic Forwarder Driver service which failed to start because of the following error: The system cannot find the file specified.
1/12/2010 10:36:04 AM, error: Service Control Manager [7000] - The NVIDIA nForce AGP Bus Filter service failed to start due to the following error: Access is denied.
1/12/2010 10:36:02 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: Access is denied.
1/12/2010 10:36:01 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: Access is denied.
1/12/2010 10:35:58 AM, error: Service Control Manager [7000] - The NDIS Usermode I/O Protocol service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:56 AM, error: Service Control Manager [7000] - The Microsoft TV/Video Connection service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:54 AM, error: Service Control Manager [7000] - The NABTS/FEC VBI Codec service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:50 AM, error: Service Control Manager [7000] - The Microsoft Streaming Tee/Sink-to-Sink Converter service failed to start due to the following error: The process cannot access the file because it is being used by another process.
1/12/2010 10:35:48 AM, error: Service Control Manager [7000] - The Microsoft Streaming Quality Manager Proxy service failed to start due to the following error: Access is denied.
1/12/2010 10:35:47 AM, error: Service Control Manager [7000] - The Microsoft Streaming Clock Proxy service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:46 AM, error: Service Control Manager [7000] - The Microsoft Streaming Service Proxy service failed to start due to the following error: Access is denied.
1/12/2010 10:35:44 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: Access is denied.
1/12/2010 10:35:43 AM, error: Service Control Manager [7000] - The is3srv service failed to start due to the following error: Access is denied.
1/12/2010 10:35:42 AM, error: Service Control Manager [7000] - The IR Enumerator Service service failed to start due to the following error: Access is denied.
1/12/2010 10:35:41 AM, error: Service Control Manager [7000] - The IP in IP Tunnel Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:35:40 AM, error: Service Control Manager [7000] - The IP Traffic Filter Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:35:39 AM, error: Service Control Manager [7000] - The IPv6 Windows Firewall Driver service failed to start due to the following error: Access is denied.
1/12/2010 10:35:37 AM, error: Service Control Manager [7000] - The i2omgmt service failed to start due to the following error: Access is denied.
1/12/2010 10:35:36 AM, error: Service Control Manager [7000] - The VIA Rhine Family Fast Ethernet Adapter Driver Service service failed to start due to the following error: Access is denied.
1/12/2010 10:35:35 AM, error: Service Control Manager [7000] - The fasttx2k service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:33 AM, error: Service Control Manager [7000] - The Microsoft Kernel DRM Audio Descrambler service failed to start due to the following error: Access is denied.
1/12/2010 10:35:32 AM, error: Service Control Manager [7000] - The Microsoft Kernel DLS Syntheiszer service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:29 AM, error: Service Control Manager [7000] - The Closed Caption Decoder service failed to start due to the following error: The process cannot access the file because it is being used by another process.
1/12/2010 10:35:26 AM, error: Service Control Manager [7000] - The ATM ARP Client Protocol service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:24 AM, error: Service Control Manager [7000] - The Service for WDM 3D Audio Driver service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:24 AM, error: Service Control Manager [7000] - The RAS Asynchronous Media Driver service failed to start due to the following error: The system cannot find the file specified.
1/12/2010 10:35:24 AM, error: Service Control Manager [7000] - The Intel AGP Bus Filter service failed to start due to the following error: Access is denied.
1/12/2010 10:35:23 AM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: The system cannot find the file specified.
1/11/2010 9:15:23 AM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the file specified.
1/11/2010 9:11:37 PM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/11/2010 9:11:37 PM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/11/2010 3:57:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FreezeScreenSaver service to connect.
1/11/2010 2:11:22 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows XP (KB955759).
1/11/2010 2:10:52 PM, error: NtServicePack [4379] - Windows XP Hotfix KB955759 installation failed.
KB955759 installation did not complete.
1/11/2010 2:10:50 PM, error: NtServicePack [4373] - Windows XP KB955759 installation failed.
Access is denied.

==== End Of File ===========================

Re: Desktop your system is infected16th January 2010, 12:08 am

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

How is the machine running now?

Re: Desktop your system is infected17th January 2010, 2:29 pm

Hi there the machine is running good I will remove the P2P programss.. once again thanks for all the help. This fourum has been so helpful for other applications as well.

Regards K

Re: Desktop your system is infected17th January 2010, 5:02 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

Desktop your system is infected

descriptionDesktop your system is infected11th January 2010, 7:44 pm

descriptionRe: Desktop your system is infected11th January 2010, 9:01 pm

descriptionRe: Desktop your system is infected11th January 2010, 9:20 pm

descriptionRe: Desktop your system is infected12th January 2010, 1:34 am

descriptionRe: Desktop your system is infected12th January 2010, 3:22 am

descriptionRe: Desktop your system is infected12th January 2010, 7:05 pm

descriptionRe: Desktop your system is infected12th January 2010, 7:51 pm

descriptionRe: Desktop your system is infected12th January 2010, 7:52 pm

descriptionRe: Desktop your system is infected13th January 2010, 12:12 am

descriptionRe: Desktop your system is infected13th January 2010, 2:15 pm

descriptionRe: Desktop your system is infected13th January 2010, 4:12 pm

descriptionRe: Desktop your system is infected13th January 2010, 4:45 pm

descriptionRe: Desktop your system is infected13th January 2010, 6:48 pm

descriptionRe: Desktop your system is infected14th January 2010, 1:56 pm

descriptionRe: Desktop your system is infected14th January 2010, 7:26 pm

descriptionRe: Desktop your system is infected14th January 2010, 8:21 pm

descriptionRe: Desktop your system is infected15th January 2010, 12:16 am

descriptionRe: Desktop your system is infected15th January 2010, 4:24 am

descriptionRe: Desktop your system is infected15th January 2010, 7:35 pm

descriptionRe: Desktop your system is infected15th January 2010, 9:13 pm

descriptionRe: Desktop your system is infected15th January 2010, 9:14 pm

descriptionRe: Desktop your system is infected16th January 2010, 12:08 am

descriptionRe: Desktop your system is infected17th January 2010, 2:29 pm

descriptionRe: Desktop your system is infected17th January 2010, 5:02 pm

descriptionRe: Desktop your system is infected