[sita999]

Emails have been sent from my hotmail account that were not from me.
- I can't access antivirus websites (AVG, Avast, McAfee, Symantec etc)
- I have deleted a HUGE list of things from the host file, so now it appears normal (I think, after the standard text all that appears is '127.0.0.1 localhost')
- I have run Spybot several times and Combofix but apart from producing a report it doesn't offer any options to fix anything.
- The Hijackthis report is as follows but I have no idea which things to fix so need help, please!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:16, on 23/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WisKeyState.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Virgin Media\HUB\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackFix\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [WisKeyState] "C:\Program Files\Launch Manager\WisKeyState.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [VirginMediaHUB.exe] "C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\HUB\ServicepointService.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 6905 bytes

[Advertisements]

Hello sita999 and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start cleaning your PC you must print or save to Desktop (in .txt file) this instructions so you can access it in Safe Mode with no internet connection.

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.*
%systemroot%system32*.wt
%systemroot%system32*.ruy
%systemroot%Fonts*.com
%systemroot%Fonts*.dll
%systemroot%Fonts*.ini
%systemroot%Fonts*.ini2
%systemroot%Fonts*.exe
%systemroot%system32spoolprtprocsw32x86*.*
%systemroot%REPAIR*.bak1
%systemroot%REPAIR*.ini
%systemroot%system32*.jpg 
%systemroot%*.jpg 
%systemroot%*.png 
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%AdobeUpdate*.*
%ALLUSERSPROFILE%Favorites*.*
%APPDATA%Microsoft*.*
%PROGRAMFILES%*.*
%APPDATA%Update*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%System32config*.sav 
%PROGRAMFILES%|bak;true;false;false /fp
%systemroot%system32|bak;true;false;false /fp
%ALLUSERSPROFILE%Start Menu*.lnk /x 
%systemroot%system32configsystemprofile*.dat /x
%systemroot%*.config
%systemroot%system32*.db
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please make sure you include the following items:

• OTL log
• OTL Extras log
• GMER log

It would be helpful if you could post each log in separate post

[maliprog]

Hello sita999 and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start cleaning your PC you must print or save to Desktop (in .txt file) this instructions so you can access it in Safe Mode with no internet connection.

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.*
%systemroot%system32*.wt
%systemroot%system32*.ruy
%systemroot%Fonts*.com
%systemroot%Fonts*.dll
%systemroot%Fonts*.ini
%systemroot%Fonts*.ini2
%systemroot%Fonts*.exe
%systemroot%system32spoolprtprocsw32x86*.*
%systemroot%REPAIR*.bak1
%systemroot%REPAIR*.ini
%systemroot%system32*.jpg 
%systemroot%*.jpg 
%systemroot%*.png 
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%AdobeUpdate*.*
%ALLUSERSPROFILE%Favorites*.*
%APPDATA%Microsoft*.*
%PROGRAMFILES%*.*
%APPDATA%Update*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%System32config*.sav 
%PROGRAMFILES%|bak;true;false;false /fp
%systemroot%system32|bak;true;false;false /fp
%ALLUSERSPROFILE%Start Menu*.lnk /x 
%systemroot%system32configsystemprofile*.dat /x
%systemroot%*.config
%systemroot%system32*.db
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please make sure you include the following items:

• OTL log
• OTL Extras log
• GMER log

It would be helpful if you could post each log in separate post

[sita999]

Hi Maliprog - first of all thank you so much for offering to help me!

Just a few things - I have read your instructions and don't quite understand everything so thought it was better to ask like you said.

1) As far as I'm aware the only real-time active protection I have is clamwin, but I can't figure out how to disable it and it's not on the list on the bleeping computer website. When I try to go to FAQ or technical support I can't because the sites are blocked. If you want I could uninstall it and install a better one afterwards?

I've downloaded OTL and posted the reports below, hope that's how you wanted me to do it!

Thanks!

Edited by sita999, 24 November 2010 - 01:36 PM.

[sita999]

OTL logfile created on: 24/11/2010 19:28:04 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Hannah Jebb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.83 Gb Free Space | 72.24% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HANNAH | User Name: Hannah Jebb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 19:05:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah Jebb\Desktop\OTL.scr
PRC - [2010/11/17 15:15:04 | 004,302,000 | ---- | M] (Spotify Ltd) -- C:\Program Files\Spotify\spotify.exe
PRC - [2010/11/13 01:02:28 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2010/09/14 08:18:56 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/14 10:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe
PRC - [2009/12/14 10:25:56 | 004,277,488 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
PRC - [2009/10/13 07:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/07 15:58:00 | 000,208,896 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisKeyState.exe
PRC - [2008/03/03 16:30:20 | 000,258,048 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2008/01/15 14:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2007/12/25 12:45:56 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe
PRC - [2006/05/04 09:34:10 | 000,086,016 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2006/04/19 16:03:42 | 000,065,536 | R--- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2005/07/25 12:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
PRC - [2004/08/16 08:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/24 19:05:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah Jebb\Desktop\OTL.scr


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/14 10:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe -- (ServicepointService)
SRV - [2009/10/13 07:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/15 14:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Wbutton.sys -- (Wbutton)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HANNAH~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/14 08:18:56 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/26 23:00:00 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/07/24 15:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/21 13:59:06 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/03/23 08:59:36 | 000,037,888 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/03/23 08:59:28 | 000,061,056 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/15 07:51:00 | 000,244,608 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2003/04/28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/11/23 17:27:56 | 000,000,645 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [VirginMediaHUB.exe] C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe (Virgin Media)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/12 11:56:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: iwyct - C:\WINDOWS\system32\fjxol.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 19:05:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hannah Jebb\Desktop\OTL.scr
[2010/11/23 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder (2)
[2010/11/23 16:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\HijackFix
[2010/11/23 15:37:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/23 15:36:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/23 15:36:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/23 15:36:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/23 15:36:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/23 15:36:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/23 15:35:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/23 14:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/23 14:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/14 01:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/14 00:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\Sun
[2010/11/14 00:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2010/11/13 13:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Spotify
[2010/11/13 13:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\Spotify
[2010/11/13 13:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010/11/10 14:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\tmp
[2010/11/10 14:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hps
[2010/11/10 14:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Jessops Photo
[2010/11/10 14:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Photobook Software
[2010/11/02 19:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/11/01 09:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Identities
[2010/10/31 18:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Temp
[2010/10/31 18:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Google
[2010/10/31 18:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Deployment
[2010/10/28 22:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\Nero
[2010/10/28 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/28 16:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/10/28 16:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/10/28 16:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/28 16:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/28 16:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Adobe
[2010/10/28 15:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\Apple Computer
[2010/10/28 15:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/28 15:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/28 15:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/28 15:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/28 15:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/10/28 15:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Apple
[2010/10/28 15:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/10/28 15:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/28 15:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/10/28 15:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/10/28 15:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Apple Computer
[2010/10/28 15:03:28 | 075,019,048 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2010/10/28 14:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\Virgin Media
[2010/10/28 14:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/10/28 14:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2010/10/28 14:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2010/10/28 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin
[2010/10/28 12:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/10/28 12:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/10/28 12:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/10/28 12:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/10/28 12:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/10/28 12:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/10/28 12:18:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/10/28 12:18:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/10/28 11:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/28 11:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/28 11:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
[2010/10/28 11:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/10/28 11:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\Macromedia
[2010/10/28 11:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\Adobe
[2010/10/28 10:35:27 | 000,069,722 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2010/10/28 10:35:26 | 000,193,056 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010/10/28 10:35:26 | 000,114,688 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
[2010/10/28 10:35:26 | 000,094,298 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010/10/28 10:35:26 | 000,082,013 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
[2010/10/28 10:35:26 | 000,081,920 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2010/10/28 10:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/10/28 10:35:20 | 000,000,000 | ---D | C] -- C:\fsc.tmp
[2010/10/26 11:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2010/10/26 11:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\InstallShield
[2010/10/26 11:12:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Hannah Jebb\UserData
[2010/10/26 11:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\MSNInstaller
[2010/10/26 11:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah Jebb\Application Data\CyberLink
[2010/10/26 11:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/10/26 11:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 19:08:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-606747145-1177238915-1003UA.job
[2010/11/24 19:05:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah Jebb\Desktop\OTL.scr
[2010/11/24 18:50:27 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Desktop\Instructions.doc
[2010/11/24 18:08:00 | 000,000,948 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-606747145-1177238915-1003Core.job
[2010/11/24 16:01:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/23 19:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/23 17:27:56 | 000,000,645 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/23 15:57:43 | 003,914,095 | R--- | M] () -- C:\Documents and Settings\Hannah Jebb\Desktop\ComboFix.exe
[2010/11/23 15:37:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/23 14:44:29 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/23 14:44:29 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Desktop\Spybot - Search & Destroy.lnk
[2010/11/23 13:06:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/20 23:45:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/19 21:00:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/11/19 21:00:22 | 000,431,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/19 21:00:22 | 000,067,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/18 12:51:05 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Application Data\default.rss
[2010/11/18 12:49:00 | 007,009,341 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Desktop\My_Morning_Run.wmv
[2010/11/18 11:57:43 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/13 13:17:25 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Desktop\Spotify.lnk
[2010/11/12 13:29:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/12 12:27:37 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/06 21:09:11 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Desktop\Google Chrome.lnk
[2010/11/06 21:09:11 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/28 16:31:40 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/28 15:04:44 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/28 13:24:59 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/28 12:26:45 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Hannah Jebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/10/28 12:26:45 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/10/28 11:31:49 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/10/28 11:31:49 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/10/26 11:04:53 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 18:50:26 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Desktop\Instructions.doc
[2010/11/23 15:57:43 | 003,914,095 | R--- | C] () -- C:\Documents and Settings\Hannah Jebb\Desktop\ComboFix.exe
[2010/11/23 15:37:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/23 15:37:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/23 15:36:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/23 15:36:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/23 15:36:06 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/23 15:36:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/23 15:36:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/23 14:44:29 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/23 14:44:29 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Desktop\Spybot - Search & Destroy.lnk
[2010/11/19 21:00:27 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/11/18 12:48:56 | 007,009,341 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Desktop\My_Morning_Run.wmv
[2010/11/15 14:56:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/13 13:17:25 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Desktop\Spotify.lnk
[2010/11/12 13:20:38 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Application Data\default.rss
[2010/11/12 13:20:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/31 18:04:34 | 000,002,330 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Desktop\Google Chrome.lnk
[2010/10/31 18:04:34 | 000,002,308 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/31 18:03:12 | 000,001,000 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-606747145-1177238915-1003UA.job
[2010/10/31 18:03:12 | 000,000,948 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-606747145-1177238915-1003Core.job
[2010/10/28 16:31:39 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/28 15:05:30 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/28 15:04:44 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/28 15:04:27 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/28 12:26:45 | 000,002,345 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/10/28 12:26:45 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/10/28 12:23:59 | 000,114,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/28 11:31:49 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/10/28 11:31:49 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/10/26 11:36:27 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2010/10/26 11:04:53 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
[2010/09/14 18:33:25 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/14 08:15:45 | 000,356,352 | R--- | C] () -- C:\WINDOWS\EMCRI.dll
[2010/09/12 12:49:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/12 12:11:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/14 07:00:00 | 000,163,879 | RHS- | C] () -- C:\WINDOWS\System32\fjxol.dll
[2006/01/20 11:34:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/01/20 11:34:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/01/20 11:34:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/01/20 11:34:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/01/20 11:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/01/20 11:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/01/20 11:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/01/20 11:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/01/20 11:34:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/28 14:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/11/10 17:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tmp
[2010/10/28 14:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2010/10/28 15:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 11:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Jebb\Application Data\MSNInstaller
[2010/11/24 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Jebb\Application Data\Spotify
[2010/10/28 14:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Jebb\Application Data\Virgin Media

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%*.* >
[2010/09/12 11:56:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/12 11:52:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/23 15:37:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/23 17:25:49 | 000,016,304 | ---- | M] () -- C:\ComboFix.txt
[2010/09/12 11:56:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/28 10:35:42 | 000,000,530 | ---- | M] () -- C:\FSC-DeskUpdate.txt
[2010/09/12 11:56:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/12 11:56:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/24 16:01:41 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%system32*.wt >

< %systemroot%system32*.ruy >

< %systemroot%Fonts*.com >

< %systemroot%Fonts*.dll >

< %systemroot%Fonts*.ini >

< %systemroot%Fonts*.ini2 >

< %systemroot%Fonts*.exe >

< %systemroot%system32spoolprtprocsw32x86*.* >

< %systemroot%REPAIR*.bak1 >

< %systemroot%REPAIR*.ini >

< %systemroot%system32*.jpg >

< %systemroot%*.jpg >

< %systemroot%*.png >

< %systemroot%*.scr >

< %systemroot%*._sy >

< %APPDATA%AdobeUpdate*.* >

< %ALLUSERSPROFILE%Favorites*.* >

< %APPDATA%Microsoft*.* >

< %PROGRAMFILES%*.* >
[2010/10/28 15:03:35 | 075,019,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe

< %APPDATA%Update*.* >

< %systemroot%*. /mp /s >

< %systemroot%System32config*.sav >

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%system32|bak;true;false;false /fp >

< %ALLUSERSPROFILE%Start Menu*.lnk /x >

< %systemroot%system32configsystemprofile*.dat /x >
[2010/11/24 16:02:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\0.log
[2005/05/03 17:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2006/05/04 15:26:36 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2008/04/14 07:00:00 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/11/24 16:01:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/04/14 07:00:00 | 000,082,944 | ---- | M] () -- C:\WINDOWS\clock.avi
[2010/09/12 11:52:24 | 000,000,200 | ---- | M] () -- C:\WINDOWS\cmsetacl.log
[2008/04/14 07:00:00 | 000,017,062 | ---- | M] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/09/12 12:00:10 | 000,016,161 | ---- | M] () -- C:\WINDOWS\comsetup.log
[2010/09/12 11:56:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/04/14 07:00:00 | 000,000,002 | ---- | M] () -- C:\WINDOWS\desktop.ini
[2010/10/28 12:17:18 | 000,026,436 | ---- | M] () -- C:\WINDOWS\DirectX.log
[2010/09/12 12:05:03 | 000,014,850 | ---- | M] () -- C:\WINDOWS\DPINST.LOG
[2010/09/12 11:53:48 | 000,000,130 | ---- | M] () -- C:\WINDOWS\DtcInstall.log
[2004/02/13 12:49:44 | 000,356,352 | R--- | M] () -- C:\WINDOWS\EMCRI.dll
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
[2010/09/12 11:54:10 | 000,011,537 | ---- | M] () -- C:\WINDOWS\FaxSetup.log
[2008/04/14 07:00:00 | 000,016,730 | ---- | M] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/04/14 07:00:00 | 000,017,336 | ---- | M] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/04/14 07:00:00 | 000,026,582 | ---- | M] () -- C:\WINDOWS\Greenstone.bmp
[2000/08/31 08:00:00 | 000,080,412 | ---- | M] () -- C:\WINDOWS\grep.exe
[2008/04/14 07:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2010/09/12 12:00:10 | 000,049,240 | ---- | M] () -- C:\WINDOWS\iis6.log
[2010/09/12 12:00:10 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.log
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/09/12 11:54:10 | 000,001,498 | ---- | M] () -- C:\WINDOWS\MedCtrOC.log
[2006/06/28 13:00:40 | 002,158,592 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2008/04/14 07:00:00 | 000,001,405 | ---- | M] () -- C:\WINDOWS\msdfmap.ini
[2010/09/12 11:54:10 | 000,000,871 | ---- | M] () -- C:\WINDOWS\msgsocm.log
[2010/09/12 11:53:47 | 000,010,228 | ---- | M] () -- C:\WINDOWS\msmqinst.log
[2010/11/12 13:29:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/12 11:54:09 | 000,002,790 | ---- | M] () -- C:\WINDOWS\netfxocm.log
[2009/04/20 12:56:28 | 000,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/04/14 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2010/09/12 12:00:10 | 000,008,066 | ---- | M] () -- C:\WINDOWS\ntdtcsetup.log
[2010/09/12 11:54:10 | 000,014,772 | ---- | M] () -- C:\WINDOWS\ocgen.log
[2010/09/12 12:00:10 | 000,000,885 | ---- | M] () -- C:\WINDOWS\ocmsn.log
[2010/09/12 12:11:46 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/09/12 11:56:46 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/01 16:31:21 | 000,001,178 | ---- | M] () -- C:\WINDOWS\OEWABLog.txt
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2008/04/14 07:00:00 | 000,065,954 | ---- | M] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/04/14 07:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2010/09/12 12:00:56 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/09/12 12:51:51 | 000,002,148 | ---- | M] () -- C:\WINDOWS\regopt.log
[2008/04/14 07:00:00 | 000,017,362 | ---- | M] () -- C:\WINDOWS\Rhododendron.bmp
[2008/04/14 07:00:00 | 000,026,680 | ---- | M] () -- C:\WINDOWS\River Sumida.bmp
[2010/10/28 14:49:17 | 000,028,579 | ---- | M] () -- C:\WINDOWS\Rp_SPA.log
[2006/07/21 15:56:38 | 016,261,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2006/05/04 15:35:14 | 009,709,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2005/04/16 21:20:00 | 000,487,424 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2006/03/09 16:45:20 | 000,364,544 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2008/04/14 07:00:00 | 000,065,832 | ---- | M] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/11/24 10:04:18 | 000,032,542 | ---- | M] () -- C:\WINDOWS\SchedLgU.Txt
[2000/08/31 08:00:00 | 000,098,816 | ---- | M] () -- C:\WINDOWS\sed.exe
[2010/09/12 11:54:10 | 000,001,022 | ---- | M] () -- C:\WINDOWS\sessmgr.setup.log
[2010/10/28 10:35:31 | 000,173,893 | ---- | M] () -- C:\WINDOWS\setupact.log
[2010/11/10 13:18:54 | 000,321,900 | ---- | M] () -- C:\WINDOWS\setupapi.log
[2010/09/12 12:48:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\setuperr.log
[2010/09/14 08:12:35 | 000,776,702 | ---- | M] () -- C:\WINDOWS\setuplog.txt
[2006/05/16 17:04:26 | 002,879,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/09/14 08:18:56 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll
[2010/09/14 08:18:56 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
[2010/09/14 08:18:56 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
[2010/09/14 08:18:56 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
[2010/09/14 08:18:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
[2010/09/14 08:18:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
[2010/09/14 08:18:56 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
[2010/09/14 08:18:56 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
[2010/09/14 08:18:56 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll
[2010/09/14 08:18:56 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
[2008/04/14 07:00:00 | 000,065,978 | ---- | M] () -- C:\WINDOWS\Soap Bubbles.bmp
[2006/07/21 15:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/09/12 12:51:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sti_Trace.log
[2000/08/31 08:00:00 | 000,161,792 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2000/08/31 08:00:00 | 000,136,704 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2000/08/31 08:00:00 | 000,212,480 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/28 10:35:33 | 000,000,634 | ---- | M] () -- C:\WINDOWS\SynInst.log
[2010/11/23 17:24:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/12 12:00:10 | 000,001,294 | ---- | M] () -- C:\WINDOWS\tabletoc.log
[2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/09/12 12:00:10 | 000,010,801 | ---- | M] () -- C:\WINDOWS\tsoc.log
[2008/04/14 07:00:00 | 000,094,784 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twain.dll
[2008/04/14 07:00:00 | 000,050,688 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twain_32.dll
[2008/04/14 07:00:00 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe
[2008/04/14 07:00:00 | 000,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2010/09/12 11:53:51 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/09/12 11:53:51 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vmmreg32.dll
[2010/11/24 16:01:56 | 000,000,159 | ---- | M] () -- C:\WINDOWS\wiadebug.log
[2010/11/24 16:01:56 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wiaservc.log
[2010/09/12 12:11:32 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/12 11:55:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/11/24 10:04:17 | 000,023,256 | ---- | M] () -- C:\WINDOWS\WindowsUpdate.log
[2008/04/14 07:00:00 | 000,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe
[2008/04/14 07:00:00 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2008/04/14 07:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt.bmp
[2008/04/14 07:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt256.bmp
[2010/11/12 13:48:14 | 000,003,213 | ---- | M] () -- C:\WINDOWS\wmsetup.log
[2010/09/12 11:56:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/12 12:03:10 | 000,042,910 | ---- | M] () -- C:\WINDOWS\ydi.log
[2008/04/14 07:00:00 | 000,009,522 | ---- | M] () -- C:\WINDOWS\Zapotec.bmp
[2000/08/31 08:00:00 | 000,068,096 | ---- | M] () -- C:\WINDOWS\zip.exe
[2008/04/14 07:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%*.config >

< %systemroot%system32*.db >

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >

[sita999]

OTL Extras logfile created on: 24/11/2010 19:28:04 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Hannah Jebb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.83 Gb Free Space | 72.24% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HANNAH | User Name: Hannah Jebb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE PHOTO SHOW] -- "C:\Program Files\Jessops Photo\Jessops Photo\CEWE PHOTO SHOW.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Jessops Photo] -- "C:\Program Files\Jessops Photo\Jessops Photo\Jessops Photo.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1358:TCP" = 1358:TCP:*:Enabled:qdgzt

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Virgin Media\HUB\ServicepointService.exe" = C:\Program Files\Virgin Media\HUB\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85ab52b4-1301-466f-974b-10aae173492b}" = Nero 9 Essentials
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.5
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BBAD1A7054D7B16ED03E62627C123F5CBA70A4E7" = Windows Driver Package - Intel (NETw3x32) net (09/27/2006 10.5.1.68)
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.96.4
"D16AA00FE65B9D2C6E0A57F54400303BF3259CC3" = Windows Driver Package - Intel (w29n51) net (06/26/2006 9.0.4.17)
"Jessops Photo" = Jessops Photo
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MSNINST" = MSN
"RadialpointClientGateway_is1" = Virgin Media HUB 3.5.12
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinZip" = WinZip
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Windows System Scanner" = Windows System Scanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/11/2010 12:59:50 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2031

Error - 08/11/2010 02:55:43 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/11/2010 02:55:43 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2031

Error - 08/11/2010 02:55:43 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2031

Error - 08/11/2010 09:20:48 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/11/2010 09:20:48 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1985

Error - 08/11/2010 09:20:48 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1985

Error - 08/11/2010 16:07:23 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/11/2010 16:07:23 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2032

Error - 08/11/2010 16:07:23 | Computer Name = HANNAH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2032

[ System Events ]
Error - 24/11/2010 05:47:43 | Computer Name = HANNAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 24/11/2010 05:47:43 | Computer Name = HANNAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 24/11/2010 05:47:43 | Computer Name = HANNAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 24/11/2010 05:47:43 | Computer Name = HANNAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 24/11/2010 05:48:38 | Computer Name = HANNAH | Source = Service Control Manager | ID = 7023
Description = The Support Network service terminated with the following error: %%1114

Error - 24/11/2010 12:02:03 | Computer Name = HANNAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 24/11/2010 12:02:03 | Computer Name = HANNAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 24/11/2010 12:02:03 | Computer Name = HANNAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 24/11/2010 12:02:03 | Computer Name = HANNAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 24/11/2010 12:03:13 | Computer Name = HANNAH | Source = Service Control Manager | ID = 7023
Description = The Support Network service terminated with the following error: %%1114


< End of report >

[maliprog]

Hi sita999,

Clamwin does not have real time scaner. You can continue with GMER.

[maliprog]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[maliprog]

User returned.

Please post your GMER log.

[sita999]

Sorry about that! Here it is:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-29 15:19:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST98823A rev.3.04
Running: ylgrr0td.exe; Driver: C:\DOCUME~1\HANNAH~1\LOCALS~1\Temp\uwtdipog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes JMP 01B19DB4
.text C:\WINDOWS\System32\svchost.exe[1208] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 01B19D54
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes JMP 00649DB4

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

[maliprog]

Hi sita999,

Step 1

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  NetSvcs: iwyct - C:\WINDOWS\system32\fjxol.dll ()
  [2008/04/14 07:00:00 | 000,163,879 | RHS- | C] () -- C:\WINDOWS\System32\fjxol.dll
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply.

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please download MBRCheck.exe to your desktop.

• Double click to run it
• It will prompt you with some text
• A text file will be generated on your desktop
• Now paste that text here for me.

Step 4

Please post Combofix log here for me from C:\Combofix.txt

Step 5

How is your system now? What problems do you experience?

Please don't forget to include these items in your reply:

• OTL fix log
• Malwarebytes log
• MBRCheck

It would be helpful if you could post each log in separate post

[sita999]

All processes killed
========== OTL ==========
iwyct removed from NetSvcs value successfully!
Service iwyct stopped successfully!
Service iwyct deleted successfully!
File move failed. C:\WINDOWS\system32\fjxol.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\fjxol.dll scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Hannah Jebb
->Temp folder emptied: 4345524 bytes
->Temporary Internet Files folder emptied: 42559167 bytes
->Java cache emptied: 347930 bytes
->Google Chrome cache emptied: 265345698 bytes
->Flash cache emptied: 43363 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Tom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 22958220 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 637313 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 442412469 bytes

Total Files Cleaned = 745.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Hannah Jebb
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Tom
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11292010_162600

Files\Folders moved on Reboot...
C:\WINDOWS\system32\fjxol.dll moved successfully.
File\Folder C:\Documents and Settings\Hannah Jebb\Local Settings\Temp\~DF240C.tmp not found!
File\Folder C:\Documents and Settings\Hannah Jebb\Local Settings\Temp\~DFE6A7.tmp not found!
File\Folder C:\Documents and Settings\Hannah Jebb\Local Settings\Temp\~WRD0000.doc not found!

Registry entries deleted on Reboot...

[sita999]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

29/11/2010 16:53:53
mbam-log-2010-11-29 (16-53-53).txt

Scan type: Quick scan
Objects scanned: 145650
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[sita999]

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7B0C000 \WINDOWS\system32\KDCOM.DLL
0xF7A1C000 \WINDOWS\system32\BOOTVID.dll
0xF75BD000 ACPI.sys
0xF7B0E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75AC000 pci.sys
0xF760C000 isapnp.sys
0xF7A20000 compbatt.sys
0xF7A24000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BD4000 pciide.sys
0xF788C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF758E000 pcmcia.sys
0xF761C000 MountMgr.sys
0xF756F000 ftdisk.sys
0xF7B10000 dmload.sys
0xF7549000 dmio.sys
0xF7894000 PartMgr.sys
0xF7A28000 ACPIEC.sys
0xF7BD5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF762C000 VolSnap.sys
0xF746F000 iastor.sys
0xF7457000 atapi.sys
0xF763C000 disk.sys
0xF764C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7437000 fltMgr.sys
0xF7425000 sr.sys
0xF740E000 KSecDD.sys
0xF7381000 Ntfs.sys
0xF7354000 NDIS.sys
0xF733A000 Mup.sys
0xF775C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF670A000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF66F6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF66CE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6692000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF64F0000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF64CC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78E4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF776C000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0xF64B8000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF777C000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0xF7312000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF778C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78EC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6488000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B32000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF779C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77BC000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6465000 \SystemRoot\system32\DRIVERS\ks.sys
0xF78FC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7C50000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF730A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF644E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77DC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77EC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7904000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF643D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77FC000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF790C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7914000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF63E5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF780C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B34000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5DA0000 \SystemRoot\system32\DRIVERS\update.sys
0xF72D5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF784C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA9ADA000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA9AB6000 \SystemRoot\system32\drivers\portcls.sys
0xF76FC000 \SystemRoot\system32\drivers\drmk.sys
0xA99E3000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF79A4000 \SystemRoot\System32\Drivers\Modem.SYS
0xA540F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BA2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA2DFE000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BA4000 \SystemRoot\System32\Drivers\Beep.SYS
0xA2E68000 \SystemRoot\System32\drivers\vga.sys
0xF7BA6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BA8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA2E60000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA2E58000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA9493000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1E51000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA1DF8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA1DD0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA1DAA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA1D88000 \SystemRoot\System32\drivers\afd.sys
0xA53FF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA3348000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA1D5D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA1CED000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA4FC0000 \SystemRoot\System32\Drivers\Hotkey.SYS
0xA3338000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7A04000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9DDED000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9C853000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9D10F000 \SystemRoot\System32\drivers\Dxapi.sys
0x9D14F000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xF7C57000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E4000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D5000 \SystemRoot\System32\ialmrnt5.dll
0xBFA06000 \SystemRoot\System32\ialmdev5.DLL
0xBFA41000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA052D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C7FE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9C784000 \SystemRoot\system32\DRIVERS\srv.sys
0x9C6A7000 \SystemRoot\system32\drivers\wdmaud.sys
0x9CDA3000 \SystemRoot\system32\drivers\sysaudio.sys
0x9C5C8000 \SystemRoot\System32\Drivers\HTTP.sys
0x9BD44000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
796 C:\WINDOWS\system32\smss.exe
864 csrss.exe
888 C:\WINDOWS\system32\winlogon.exe
932 C:\WINDOWS\system32\services.exe
944 C:\WINDOWS\system32\lsass.exe
1092 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1216 C:\WINDOWS\system32\svchost.exe
1336 svchost.exe
1364 svchost.exe
1632 C:\WINDOWS\system32\spoolsv.exe
184 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
192 C:\Program Files\Bonjour\mDNSResponder.exe
256 C:\Program Files\Java\jre6\bin\jqs.exe
272 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
492 C:\Program Files\Virgin Media\HUB\ServicepointService.exe
560 C:\WINDOWS\system32\svchost.exe
1280 alg.exe
2000 C:\WINDOWS\explorer.exe
720 C:\WINDOWS\NOTEPAD.EXE
936 C:\WINDOWS\RTHDCPL.EXE
948 C:\WINDOWS\system32\igfxtray.exe
992 C:\WINDOWS\system32\hkcmd.exe
908 C:\WINDOWS\system32\igfxpers.exe
1420 C:\WINDOWS\sm56hlpr.exe
1600 C:\Program Files\ClamWin\bin\ClamTray.exe
1720 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
1788 C:\Program Files\Launch Manager\HotkeyApp.exe
1868 C:\Program Files\Launch Manager\WisKeyState.exe
1936 C:\Program Files\Launch Manager\OSD.exe
2052 C:\Program Files\Launch Manager\OSDCtrl.exe
2076 C:\Program Files\Launch Manager\WisLMSvc.exe
2092 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2148 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2176 C:\Program Files\Launch Manager\LaunchAp.exe
2184 C:\Program Files\Launch Manager\WButton.exe
2196 C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
2224 C:\Program Files\iTunes\iTunesHelper.exe
2320 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2396 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2440 C:\Program Files\WinZip\WZQKPICK.EXE
2732 wmiprvse.exe
2844 C:\Program Files\iPod\bin\iPodService.exe
1408 C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
2800 C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3184 C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2304 C:\Documents and Settings\Hannah Jebb\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
384 C:\WINDOWS\system32\notepad.exe
3632 wmiprvse.exe
2688 C:\Documents and Settings\Hannah Jebb\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST98823AS, Rev: 3.04
PhysicalDrive1 Model Number: MaxtorBasics Desktop, Rev: 0122

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

[sita999]

ComboFix 10-11-22.05 - Hannah Jebb 23/11/2010 17:20:44.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.641 [GMT 0:00]
Running from: c:\documents and settings\Hannah Jebb\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hannah Jebb\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 16:18 . 2010-11-23 16:21 -------- d-----w- c:\program files\HijackFix
2010-11-23 14:44 . 2010-11-23 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-23 14:44 . 2010-11-23 14:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-14 01:39 . 2010-11-14 01:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 01:39 . 2010-11-14 01:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 00:28 . 2010-11-14 00:28 -------- d-----w- c:\program files\New Folder
2010-11-13 13:17 . 2010-11-23 13:32 -------- d-----w- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Spotify
2010-11-13 13:17 . 2010-11-23 13:32 -------- d-----w- c:\documents and settings\Hannah Jebb\Application Data\Spotify
2010-11-13 13:16 . 2010-11-13 13:17 -------- d-----w- c:\program files\Spotify
2010-11-10 14:31 . 2010-11-10 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\tmp
2010-11-10 14:31 . 2010-11-10 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\hps
2010-11-10 14:25 . 2010-11-10 14:25 -------- d-----w- c:\program files\Jessops Photo
2010-11-10 14:23 . 2010-11-10 14:24 -------- d-----w- c:\program files\Photobook Software
2010-11-10 10:31 . 2008-04-14 05:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-11-10 10:31 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-11-10 10:31 . 2008-04-14 00:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-11-10 10:31 . 2008-04-14 00:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-02 19:13 . 2010-11-02 19:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-11-01 16:31 . 2008-04-14 07:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-01 16:31 . 2010-11-01 16:31 -------- d-----w- c:\documents and settings\Tom
2010-11-01 09:35 . 2010-11-01 09:35 -------- d-----w- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Identities
2010-10-31 18:03 . 2010-11-06 21:08 -------- d-----w- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Temp
2010-10-31 18:03 . 2010-10-31 18:04 -------- d-----w- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Google
2010-10-31 18:02 . 2010-10-31 18:03 -------- d-----w- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Deployment
2010-10-28 22:31 . 2010-11-12 13:20 -------- d-----w- c:\documents and settings\Hannah Jebb\Application Data\Nero
2010-10-28 16:31 . 2010-10-28 16:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-28 16:30 . 2010-10-28 16:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-28 16:30 . 2010-10-28 16:32 -------- d-----w- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Adobe
2010-10-28 15:05 . 2010-10-28 19:23 -------- d-----w- c:\documents and settings\Hannah Jebb\Application Data\Apple Computer
2010-10-28 15:04 . 2010-10-28 15:04 -------- d-----w- c:\program files\QuickTime
2010-10-28 15:04 . 2010-10-28 15:04 -------- d-----w- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Apple
2010-10-28 15:04 . 2010-10-28 15:04 -------- d-----w- c:\program files\Apple Software Update
2010-10-28 15:04 . 2010-10-28 15:04 -------- d-----w- c:\program files\Bonjour
2010-10-28 15:04 . 2010-10-28 15:05 -------- d-----w- c:\program files\Common Files\Apple
2010-10-28 15:04 . 2010-10-28 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-28 15:03 . 2010-10-28 15:05 -------- d-----w- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Apple Computer
2010-10-28 14:49 . 2010-10-28 14:49 -------- d-----w- c:\documents and settings\Hannah Jebb\Application Data\Virgin Media
2010-10-28 14:49 . 2010-10-28 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2010-10-28 14:49 . 2010-10-28 14:49 -------- d-----w- c:\program files\Virgin Media
2010-10-28 14:49 . 2010-10-28 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Media
2010-10-28 14:48 . 2010-10-28 14:48 -------- d-----w- c:\program files\Virgin
2010-10-28 12:26 . 2010-10-28 12:34 -------- d-----w- c:\program files\Nero
2010-10-28 12:25 . 2010-10-28 12:30 -------- d-----w- c:\program files\Common Files\Nero
2010-10-28 12:25 . 2010-10-28 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-10-28 12:24 . 2010-10-28 12:24 -------- d-----w- c:\program files\MSBuild
2010-10-28 12:20 . 2010-10-28 12:20 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-28 12:20 . 2010-10-28 12:20 -------- d-----w- c:\program files\Reference Assemblies
2010-10-28 12:20 . 2006-10-14 15:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-28 12:20 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-28 12:20 . 2006-06-29 12:07 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2010-10-28 11:33 . 2010-11-14 01:38 -------- d-----w- c:\program files\Java
2010-10-28 11:33 . 2010-11-14 01:39 -------- d-----w- c:\program files\Common Files\Java
2010-10-28 11:33 . 2010-10-28 11:33 -------- d-----w- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2010-10-28 10:35 . 2006-04-21 14:17 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-10-28 10:35 . 2010-10-28 10:35 -------- d-----w- c:\program files\Synaptics
2010-10-28 10:35 . 2006-04-21 14:19 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-10-28 10:35 . 2006-04-21 14:04 94298 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-10-28 10:35 . 2006-04-21 14:03 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2010-10-28 10:35 . 2006-04-21 14:03 82013 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-28 10:35 . 2006-04-21 13:59 193056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-10-28 10:35 . 2010-10-28 11:38 -------- d-----w- C:\fsc.tmp
2010-10-26 11:36 . 2010-10-28 11:40 -------- d-----w- c:\program files\Launch Manager
2010-10-26 11:36 . 2003-04-28 10:27 9867 ----a-w- c:\windows\system32\drivers\HOTKEY.sys
2010-10-26 11:36 . 2010-10-26 11:36 -------- d-----w- c:\documents and settings\Hannah Jebb\Application Data\InstallShield
2010-10-26 11:12 . 2010-10-26 11:12 -------- d-s---w- c:\documents and settings\Hannah Jebb\UserData
2010-10-26 11:11 . 2010-10-26 11:12 -------- d-----w- c:\documents and settings\Hannah Jebb\Application Data\MSNInstaller
2010-10-26 11:06 . 2010-10-26 11:06 -------- d-----w- c:\documents and settings\Hannah Jebb\Application Data\CyberLink
2010-10-26 11:04 . 2010-10-26 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-10-26 11:04 . 2010-10-26 11:04 -------- d-----w- c:\program files\CyberLink
2010-10-26 11:03 . 2001-09-05 03:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-10-26 11:03 . 2001-09-05 03:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2010-10-26 11:03 . 2001-09-05 03:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-10-26 11:03 . 2001-09-05 03:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-10-26 11:03 . 2003-04-16 10:26 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 08:18 . 2006-01-20 11:44 862340 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-09-14 08:18 . 2006-01-20 11:34 49152 ----a-w- c:\windows\sm56cht.dll
2010-09-14 08:18 . 2006-01-20 11:34 61440 ----a-w- c:\windows\sm56fra.dll
2010-09-14 08:18 . 2006-01-20 11:34 53248 ----a-w- c:\windows\sm56jpn.dll
2010-09-14 08:18 . 2006-01-20 11:34 49152 ----a-w- c:\windows\sm56chs.dll
2010-09-14 08:18 . 2006-01-20 11:34 69632 ----a-w- c:\windows\sm56spn.dll
2010-09-14 08:18 . 2006-01-20 11:34 69632 ----a-w- c:\windows\sm56itl.dll
2010-09-14 08:18 . 2006-01-20 11:34 69632 ----a-w- c:\windows\sm56eng.dll
2010-09-14 08:18 . 2006-01-20 11:34 69632 ----a-w- c:\windows\sm56brz.dll
2010-09-14 08:18 . 2006-01-20 11:34 61440 ----a-w- c:\windows\sm56ger.dll
2010-09-14 08:18 . 2006-01-20 11:34 544768 ----a-w- c:\windows\sm56hlpr.exe
2010-09-14 08:18 . 2006-01-20 11:34 131072 ----a-w- c:\windows\system32\sm56co.dll
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2010-11-23_15.41.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-23 17:16 . 2010-11-23 17:16 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-31 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SMSERIAL"="sm56hlpr.exe" [2010-09-14 544768]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-11-13 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-04-19 65536]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-03 258048]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 761946]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-05-04 86016]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-10-28 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1358:TCP"= 1358:TCP:qdgzt

R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [10/28/2010 2:49 PM 668912]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [10/26/2010 11:36 AM 118784]
S0 cerc6;cerc6; [x]
S1 mailKmd;mailKmd; [x]
S2 iwyct;Support Network;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 7:00 AM 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iwyct
.
Contents of the 'Scheduled Tasks' folder

2010-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-606747145-1177238915-1003Core.job
- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 18:03]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-606747145-1177238915-1003UA.job
- c:\documents and settings\Hannah Jebb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 18:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\program files\HijackFix\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 17:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????\??????|H??|????A??|>j?wwj?w????????0??? ???????????????d???y??|????????p?????@?????????X{?w???????????????sx??s@???????????v??|h??st??????????s?????????????????C?sc"?sx??s??????B~??@?N'?st=?? :@??=?????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iwyct]
"ServiceDll"="c:\windows\system32\fjxol.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-23 17:25:48
ComboFix-quarantined-files.txt 2010-11-23 17:25
ComboFix2.txt 2010-11-23 16:07
ComboFix3.txt 2010-11-23 15:43

Pre-Run: 58,158,772,224 bytes free
Post-Run: 58,151,690,240 bytes free

- - End Of File - - 8413149DAF8EBDD2333EB277818A00F3

[sita999]

Does this all look ok then? The Combofix log I posted is the one from last week because you didn't say to run it again, let me know if you want me to.

Just checked anti virus websites and first two appear unblocked - HURRAH!! Thank you so much!!! I will reboot now just to make sure everything seems ok.....