[Ramnit- Not curable] Bad Image Error

[jig1980]

Hi Guy's,

I've noted a few posts with the same error as I have but thought instead of high-jacking other peoples thread I'd ask for help in my own.

A Bad error message pops up every time I open a new program, whist this isn't stopping the program from running I do have to click the OK button (more than 20 times on occasion) before I can carry on doing what i need to do. Highly annoying!

Here is the exe-helper log i have just ran.

exeHelper by Raktor
Build 20100414
Run at 12:44:11 on 12/19/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Checked if this had solved the issue before I posted and unfortunaltly it hasn't

Thank you in advance for your help.

Jig

 

[Bobbye]

Is there some reason you ran this program? FYI: There are many different reasons for the Bad Image error and what helps one person resolve it may not be appropriate for you.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[jig1980]

Thanks for your reply Bobbye,

I ran the above program due to reading advise in other threads for what seemed the same problem. Please excuse my ignorance, i believed that there was a standard start point (so to speak) to work from in order to solve these issues.

I have now followed your instructions and here are the logs you need.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5358

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/12/2010 18:15:53
mbam-log-2010-12-19 (18-15-53).txt

Scan type: Quick scan
Objects scanned: 186851
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 7
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Value: {C5428486-50A0-4A02-9D20-520B59A9F9B2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Value: {C5428486-50A0-4A02-9D20-520B59A9F9B3} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Value: {C5428486-50A0-4a02-9D20-520B59A9F9B2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Value: {C5428486-50A0-4a02-9D20-520B59A9F9B3} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{DF0524C8-69C7-82F3-8296-68A7560619E4} (Trojan.ZbotR.Gen) -> Value: {DF0524C8-69C7-82F3-8296-68A7560619E4} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Trojan.Agent) -> Value: nonep -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\emily scott\application data\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\system32 (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\emily scott\application data\shoppingreport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\emily scott\application data\shoppingreport\cs\res1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-19 18:28:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812AS rev.3.ADJ
Running: po9oquj9.exe; Driver: C:\DOCUME~1\EMILYS~1\LOCALS~1\Temp\awlcypow.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----




DDS (Ver_10-12-12.02) - NTFSx86
Run by Emily Scott at 18:31:05.70 on 19/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.342 [GMT 0:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Emily Scott\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070124
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070124
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [EPSON Stylus SX200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiefe.exe /fu "c:\windows\temp\E_S73.tmp" /EF "HKCU"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalk
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [<NO NAME>]
mRun: [TaskTray]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emilys~1\applic~1\mozilla\firefox\profiles\j4rrxsx5.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11505a&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-11-28 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-28 52872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-22 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-11 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-22 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-7-16 2331544]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-28 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-11-28 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-11-28 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-11-28 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-7-16 5897808]
S2 gupdate1c9ae405065311e;Google Update Service (gupdate1c9ae405065311e);c:\program files\google\update\GoogleUpdate.exe [2009-3-26 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-28 30104]
S3 cpuz132;cpuz132;\??\c:\docume~1\emilys~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\emilys~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2008-1-11 29696]
S3 jgameenp;jgameenp;\??\c:\docume~1\jws\locals~1\temp\jgameenp.sys --> c:\docume~1\jws\locals~1\temp\jgameenp.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-12-19 18:06:27 -------- d-----w- c:\docume~1\emilys~1\applic~1\Malwarebytes
2010-12-19 18:05:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 18:05:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-19 18:05:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 18:05:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 16:18:20 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 16:14:52 45568 ------w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 18:33:56.04 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 26/01/2007 19:53:37
System Uptime: 19/12/2010 18:17:26 (0 hours ago)

Motherboard: Dell Inc | | 0HY175
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2204/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 109 GiB total, 18.433 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 36.977 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Description: AMD K8 Processor
Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_75\_0
Manufacturer: Advanced Micro Devices
Name: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_75\_0
Service: AmdK8

Class GUID: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Description: AMD K8 Processor
Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_75\_1
Manufacturer: Advanced Micro Devices
Name: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_75\_1
Service: AmdK8

==== System Restore Points ===================

RP778: 22/09/2010 11:37:47 - System Checkpoint
RP779: 23/09/2010 12:38:24 - System Checkpoint
RP780: 24/09/2010 09:47:08 - Avg Update
RP781: 24/09/2010 09:49:01 - Avg Update
RP782: 24/09/2010 09:51:36 - Avg Update
RP783: 25/09/2010 11:14:49 - System Checkpoint
RP784: 25/09/2010 12:01:51 - Installed Finding Nemo
RP785: 26/09/2010 20:46:02 - System Checkpoint
RP786: 28/09/2010 17:09:05 - System Checkpoint
RP787: 29/09/2010 12:55:22 - Software Distribution Service 3.0
RP788: 01/10/2010 11:06:59 - System Checkpoint
RP789: 01/10/2010 22:38:39 - Installed LG Internet Kit
RP790: 03/10/2010 18:03:42 - System Checkpoint
RP791: 05/10/2010 09:45:16 - Avg Update
RP792: 05/10/2010 21:31:13 - Restore Operation
RP793: 05/10/2010 21:38:19 - Restore Operation
RP794: 06/10/2010 07:44:08 - Software Distribution Service 3.0
RP795: 07/10/2010 13:21:36 - System Checkpoint
RP796: 08/10/2010 13:56:35 - System Checkpoint
RP797: 09/10/2010 08:36:12 - Restore Operation
RP798: 09/10/2010 08:52:17 - Restore Operation
RP799: 09/10/2010 16:06:14 - Installed Windows Media Player 11
RP800: 09/10/2010 16:09:04 - Installed Windows XP MSCompPackV1.
RP801: 09/10/2010 16:55:24 - Software Distribution Service 3.0
RP802: 10/10/2010 18:06:13 - System Checkpoint
RP803: 12/10/2010 17:19:24 - System Checkpoint
RP804: 13/10/2010 08:12:43 - Software Distribution Service 3.0
RP805: 13/10/2010 11:29:19 - Software Distribution Service 3.0
RP806: 14/10/2010 12:43:56 - System Checkpoint
RP807: 14/10/2010 17:24:06 - Installed Driver Detective.
RP808: 17/10/2010 00:45:38 - System Checkpoint
RP809: 18/10/2010 11:33:27 - System Checkpoint
RP810: 20/10/2010 12:07:03 - System Checkpoint
RP811: 22/10/2010 12:54:12 - System Checkpoint
RP812: 23/10/2010 16:06:42 - System Checkpoint
RP813: 24/10/2010 20:52:12 - System Checkpoint
RP814: 26/10/2010 09:59:40 - Avg Update
RP815: 27/10/2010 09:43:35 - Removed Power Rangers Ninja Storm
RP816: 27/10/2010 09:43:54 - Installed Power Rangers Ninja Storm
RP817: 29/10/2010 14:52:46 - System Checkpoint
RP818: 30/10/2010 15:43:38 - System Checkpoint
RP819: 31/10/2010 15:34:04 - System Checkpoint
RP820: 02/11/2010 12:38:55 - System Checkpoint
RP821: 03/11/2010 17:52:10 - System Checkpoint
RP822: 05/11/2010 15:01:38 - System Checkpoint
RP823: 06/11/2010 17:40:10 - System Checkpoint
RP824: 09/11/2010 13:34:31 - System Checkpoint
RP825: 10/11/2010 12:04:13 - Avg Update
RP826: 10/11/2010 12:04:45 - Avg Update
RP827: 10/11/2010 12:07:46 - Avg Update
RP828: 11/11/2010 12:12:04 - System Checkpoint
RP829: 11/11/2010 13:59:56 - Software Distribution Service 3.0
RP830: 12/11/2010 17:35:29 - System Checkpoint
RP831: 13/11/2010 18:03:46 - System Checkpoint
RP832: 15/11/2010 16:40:56 - System Checkpoint
RP833: 16/11/2010 16:52:33 - System Checkpoint
RP834: 19/11/2010 11:25:26 - System Checkpoint
RP835: 20/11/2010 16:49:54 - System Checkpoint
RP836: 21/11/2010 16:50:44 - System Checkpoint
RP837: 23/11/2010 12:35:48 - System Checkpoint
RP838: 24/11/2010 17:33:34 - System Checkpoint
RP839: 25/11/2010 11:42:28 - Avg Update
RP840: 25/11/2010 11:44:16 - Avg Update
RP841: 25/11/2010 11:47:37 - Avg Update
RP842: 27/11/2010 16:55:23 - System Checkpoint
RP843: 30/11/2010 17:31:02 - System Checkpoint
RP844: 01/12/2010 18:29:59 - System Checkpoint
RP845: 03/12/2010 09:01:07 - System Checkpoint
RP846: 07/12/2010 16:31:08 - System Checkpoint
RP847: 08/12/2010 16:42:27 - System Checkpoint
RP848: 10/12/2010 09:14:39 - System Checkpoint
RP849: 12/12/2010 16:45:16 - System Checkpoint
RP850: 13/12/2010 17:49:14 - System Checkpoint
RP851: 15/12/2010 16:51:43 - System Checkpoint
RP852: 15/12/2010 21:09:34 - Software Distribution Service 3.0
RP853: 17/12/2010 13:02:39 - System Checkpoint
RP854: 17/12/2010 22:09:41 - Software Distribution Service 3.0
RP855: 19/12/2010 08:36:33 - System Checkpoint

==== Installed Programs ======================


32 Bit HP CIO Components Installer
4oD
ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat Reader 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Amazon MP3 Downloader 1.0.4
Ask Toolbar
Aston.1.9.2
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 9.0
Boots F2CD Picture Suite
Broadcom Management Programs
BufferChm
Camera RAW Plug-In for EPSON Creativity Suite
Cars
Cars - Radiator Springs Adventures
Command & Conquer 3
Copy
Corel Paint Shop Pro Photo XI
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Vision M
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Support 3.2.1
Dell System Restore
Destinations
DeviceDiscovery
Disc2Phone
Disney's Animated StoryBook 101 Dalmatians
DJ_AIO_06_F4500_SW_MIN
Driver Detective
eMusic Download Manager
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus SX200 Series Printer Uninstall
EPSON Stylus SX200_SX400_TX200_TX400 Manual
EPSON Web-To-Page
F4500
Facebook Plug-In
ffdshow [rev 1723] [2007-12-24]
Finding Nemo
Full Tilt Poker
GameShadow
GameSpy Arcade
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService2
Hardware Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Deskjet 5700 Series
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
KODAK Gallery Upload Software
Last.fm 1.5.4.24567
Learn2 Player (Uninstall Only)
LG Internet Kit
LG USB Modem Drivers
LucasArts' Rogue Squadron
M²Convert for ZEN
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
McDonald's Dragons
MCU
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft AutoRoute 2006
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image 2006*Standard Edition
Microsoft Digital Image 2006*Standard Edition Editor
Microsoft Digital Image 2006*Standard Edition Library
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MT882
Nero 7 Premium
Network
Photo Viewer
PokerStars
Power Rangers Ninja Storm
QuickTime
RealPlayer Basic
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Scan
Scooby-Doo(TM), Jinx At The Sphinx(TM)
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SolutionCenter
Sonic Activation Module
Sonic Update Manager
SopCast 3.0.3
Status
TalkTalk Assist & Go
Texas Hold'em 3D XP Championship
thomas
Thomas New Line
Tomb Raider - The Last Revelation
Toolbox
Toy Story 2 ToyShelf_Cone
TrayApp
TVersity Codec Pack 1.2
TVersity Media Server 1.0.0.11 RC7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VideoLAN VLC media player 0.8.6b
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Works Upgrade
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

19/12/2010 17:51:06, error: Service Control Manager [7034] - The KService service terminated unexpectedly. It has done this 1 time(s).
19/12/2010 17:50:55, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (TalkTalk) service terminated unexpectedly. It has done this 1 time(s).
19/12/2010 17:50:55, error: Service Control Manager [7034] - The SupportSoft Repair Service (TalkTalk) service terminated unexpectedly. It has done this 1 time(s).
19/12/2010 17:50:55, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
19/12/2010 17:50:55, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
19/12/2010 17:50:54, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
19/12/2010 17:50:54, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 1 time(s).
19/12/2010 17:50:52, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
19/12/2010 17:50:49, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
19/12/2010 11:19:33, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
18/12/2010 14:55:46, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
18/12/2010 14:54:07, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
18/12/2010 08:34:30, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8
18/12/2010 08:34:30, error: Service Control Manager [7022] - The KService service hung on starting.
18/12/2010 08:33:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVersityMediaServer service to connect.

==== End Of File ===========================

 

[Bobbye]

Okay. First thing for you to do is decide whether you want McAfee or AVG for the antivirus program. You have both running and multiple AV makes a system more vulnerable, not less. Here are tools to help in the removal> download and use only the tool for the AV you don't want to keep:

AVG Removal: Note: You may have to reinstall AVG to uninstall it fully
McAfee Removal
Please reboot the computer when finished.
=============================================
There are some entries that need to be removed and I'd like to run an online virus scan:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=====================================
If you have kept AVG, try disabling it when you're ready to run the following. If Combofix tells you it won't run with AVG on the system, then you will need to uninstall AVG to run the scan:
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

• Double click combofix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[jig1980]

Hi Bobbye,

Sorry for the delayed reply. Hope you had a good xmas. Here's the logs you requested.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=433fd17981dbf24fa2fb789ef7e405fd
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-31 03:03:28
# local_time=2010-12-31 03:03:28 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 4449 4449 0 0
# scanned=109654
# found=28
# cleaned=0
# scan_time=3521
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\about.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_AB.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirm.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_general.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_SPupdate.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\deletehistory_processing.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_config.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_askdialog.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_checkboxdialog.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_closedialog.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_main.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\toolbarprotector_window.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\updater_processing.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_26\chrome\content\html\tabswelcome.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_26\chrome\content\html\tabswelcome_ie7header.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_41\chrome\content\html\tabswelcome.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_41\chrome\content\html\tabswelcome_ie7header.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_42\chrome\content\html\tabswelcome.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_42\chrome\content\html\tabswelcome_ie7header.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_49\chrome\content\html\tabswelcome.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_49\chrome\content\html\tabswelcome_ie7header.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PokerStars\backup\gx\templates\dialog.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PokerStars\gx\templates\dialog.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I


And the Combofix Log

ComboFix 10-12-31.02 - Emily Scott 01/01/2011 15:03:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.467 [GMT 0:00]
Running from: c:\documents and settings\Emily Scott\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\windows\system32\STEC3.sys
c:\windows\system32\system

----- BITS: Possible infected sites -----

hxxp://assist.talktalk.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STEC3
-------\Service_STEC3


((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
.

2010-12-31 15:38 . 2010-12-31 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-19 18:06 . 2010-12-19 18:06 -------- d-----w- c:\documents and settings\Emily Scott\Application Data\Malwarebytes
2010-12-19 18:05 . 2010-12-19 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-19 18:05 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 18:05 . 2010-12-19 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 18:05 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 16:18 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 16:14 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2004-08-10 13:02 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-10 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-10 12:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-10 12:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-10 12:51 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 12:51 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 12:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 12:51 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 22:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-20 39408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-24 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-24 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 15:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtsvc.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Documents and Settings\\Jws\\Desktop\\utorrent.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
S2 gupdate1c9ae405065311e;Google Update Service (gupdate1c9ae405065311e);c:\program files\Google\Update\GoogleUpdate.exe [26/03/2009 18:25 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [11/01/2008 20:06 29696]
S3 jgameenp;jgameenp;\??\c:\docume~1\Jws\LOCALS~1\Temp\jgameenp.sys --> c:\docume~1\Jws\LOCALS~1\Temp\jgameenp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-20 19:14]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 18:25]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 18:25]

2011-01-01 c:\windows\Tasks\User_Feed_Synchronization-{493AA78B-28A5-4BF1-A22D-23C6F2656669}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070124
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Emily Scott\Application Data\Mozilla\Firefox\Profiles\j4rrxsx5.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b11505a&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TaskTray - (no file)
Notify-avgrsstarter - avgrsstx.dll
AddRemove-All ATI Software - c:\program files\ATI Technologies\UninstallAll\AtiCimUn.exe
AddRemove-Boots F2CD Picture Suite - c:\program files\Boots F2CD\Picture Suite\Uninstal.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-InstallShield_{1A5488D7-314D-4CBC-89BF-C5B59510BDBA} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-MT882 - c:\program files\MT882\Adsl\uninstall.exe
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Nero\Nero 7\\nero\uninstall\UNNERO.exe
AddRemove-PictureItPrem_v11 - c:\program files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update\\rnuninst.exe
AddRemove-Scooby-Doo(TM), Jinx At The Sphinx(TM) - c:\program files\The Learning Company\Scooby-Doo(TM)
AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31} - c:\program files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-01 15:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1584)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2011-01-01 15:14:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-01 15:14

Pre-Run: 20,969,701,376 bytes free
Post-Run: 21,565,730,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4C075F81156D5732A0E7AFDADE77567F

 

[Bobbye]

Sorry to have to start off your New Year like this, but you have an incurable, polymorphic Ramnit malware infection.

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the operating system.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a usb, pen, thumb, jump, flash drive where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote crack or keygen sites. These type of sites are infested with a numerous malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively curable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
(Text courtesy Broni)

You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html

 

[jig1980]

Thanks for your valued advice Bobbye,

I now have a nice new shiny and 'Clean' Computer. I ummmmed and arrrred about weather to fully format and re-install the infected PC, but as you said

"there is no guarantee this infection can be completely removed" .

And

"It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed."

This made up my mind, and i brought a new machine. Needed an ungrade anyway ;0) Many thanks for your help in this matter.

I have many Photos and word Documents on the old PC with i stuipdly have no back up for. Would these also be infected with the Ramnit virus and therefore infect the new machine if I were to transfer them over via disk or email?

Really appreciated your help.

Jig

 

[Bobbye]

The photos are probably okay, but the Word docs are 'iffy'. I cannot guaranteed the files aren't infected. If you've been using a flash drive, don't put that into the new machine unless you disinfect first- and then I'm not sure if it will touch Ramnit. The best I can do is offer the following tips to help you keep the system clean:

Tips for added security and safer browsing:

1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
   This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
   
2. Have layered Security:
   • Antivirus Software(only one):Both of the following programs are free and known to be good:
     [o]Avira Free
     [o]Avast Home
   • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
     [o]Comodo
     [o]Zone Alarm
   • Antispyware: I recommend all of the following:
     [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
   [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
   For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
   IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
   Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
   [o]Replace the Host Files
   MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
   [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
   
3. Stay current on updates:
   [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
   [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
   [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
   
4. Reset Cookies to prevent Tracking Cookies:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   
5. Do regular Maintenance
   Remove Temporary Internet Files regularly:
   [o]ATF Cleaner by Atribune
   OR
   [o]TFC
   Disable and Enable System Restore:
   [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
   
6. Practice Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

And use a Site Advisor:
The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

Every time to do a search and the screen comes up with the sites, they will have the rating light. Green (2 shades), Amber/Yellow Caution, Red> not advised. A few sites haven't been rated and show as a blue flashlight.

If you want to link to another site from the page you're on to another, WOT will give you an Alert that the site is known for fraudulent entries, unreliable or other and the site won't load. Don't worry- those Alerts don't happen if you still to the green rating.

Give it a try- http://www.mywot.com/en/download