# scam ammyy.com



## MamaWesty (Oct 20, 2006)

Hi

Please help. My computer has been not starting properly recently coming up with message to choose which way I want to start computer. It has also been freezing on a black screen.It was not all the time but intermittant but seemed to be coming more often. Unfortunately I haven't had time to look at and try to sort out.
I received a phone call saying I have lots of errors on computer as advised by Microsoft ( I had ben ill and they caught me first thing in morning and I wasn't my normal self, no excuse). I ran program from www.ammyy.com. I now know it was a scam and feel really really stupid. Please can you help a very stupid person put her computer back to a better condition since being invaded.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 2, 32 bit
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3036 Mb
Graphics Card: Intel(R) G45/G43 Express Chipset, 1294 Mb
Hard Drives: C: Total - 468740 MB, Free - 252228 MB; F: Total - 468741 MB, Free - 468636 MB;
Motherboard: Acer, WG43M
Antivirus: Kaspersky Internet Security, Updated and Enabled

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421
Run by Tina West at 12:06:28 on 2012-01-02
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3036.980 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Microsoft Lync\communicator.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Users\Tina West\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sky.com/
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x3810
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x3810
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Virgin Media Toolbar: {a057a204-bacc-4d26-cfc3-3cecc9ab2eda} - c:\progra~1\virgin~2\VIRGIN~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Virgin Media Toolbar: {a057a204-bacc-4d26-cfc3-3cecc9ab2eda} - c:\progra~1\virgin~2\VIRGIN~1.DLL
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
StartupFolder: c:\users\tinawe~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - \\tinawest-pc\users\martin the tank\desktop\logitech touch mouse server\iTouch-Server-Win.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/vistainstaller.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7B14D5A7-DDFF-4790-BD64-01902DE18A46} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl2ccb0e8f;MpKsl2ccb0e8f;c:\programdata\microsoft\microsoft antimalware\definition updates\{7830f6a2-d405-4376-8ac3-695eecd66a31}\MpKsl2ccb0e8f.sys [2012-1-2 29904]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-25 390528]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 352976]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2006-10-10 75048]
R2 CyberLink Media Server Monitor Service;CyberLink Media Server Monitor Service;c:\program files\acer arcade deluxe\acer homemedia connect\kernel\dms\CLMSMonitorService.exe [2006-10-10 58664]
R2 CyberLink Media Server Service;CyberLink Media Server Service;c:\program files\acer arcade deluxe\acer homemedia connect\kernel\dms\CLMSServer.exe [2006-10-10 288120]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-9-30 1051968]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-4-11 220288]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-11 112128]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-11 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-9 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-02 11:43:07	388096	----a-r-	c:\users\tina west\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-02 11:43:06	--------	d-----w-	c:\program files\Trend Micro
2012-01-02 09:16:38	29904	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{7830f6a2-d405-4376-8ac3-695eecd66a31}\MpKsl2ccb0e8f.sys
2012-01-02 09:16:35	56200	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{7830f6a2-d405-4376-8ac3-695eecd66a31}\offreg.dll
2012-01-01 11:20:19	6823496	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{7830f6a2-d405-4376-8ac3-695eecd66a31}\mpengine.dll
2011-12-31 10:19:00	6823496	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-12-30 15:59:33	--------	d-----w-	c:\users\tina west\appdata\local\{20A1696F-73F9-4B0E-B2E2-F7A9E59DFC5B}
2011-12-30 15:59:21	--------	d-----w-	c:\users\tina west\appdata\local\{04B93EC9-9F39-45C2-9CB9-501167A61B10}
2011-12-29 11:35:31	703824	------w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{e6ad69f6-2a35-43c7-ad92-aa7fa9cb56cf}\gapaengine.dll
2011-12-29 11:26:00	--------	d-----w-	c:\program files\Microsoft Security Client
2011-12-29 11:25:09	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2011-12-29 10:17:51	--------	d-----w-	c:\program files\CCleaner
2011-12-29 09:23:53	--------	d-----w-	c:\programdata\AMMYY
2011-12-29 09:11:45	--------	d-----w-	c:\users\tina west\appdata\local\{77F7FD94-EFC1-4578-97BC-6E0D1E6A35AB}
2011-12-29 09:11:33	--------	d-----w-	c:\users\tina west\appdata\local\{F53BBE41-F53F-4095-A387-B1644B6D539A}
2011-12-27 11:50:45	6823496	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{5db68f58-5c78-4873-a8a5-570537ca3fe4}\mpengine.dll
2011-12-26 22:42:07	--------	d-----w-	c:\users\tina west\appdata\local\{4B298829-A796-4CD2-BADA-66621A2FD863}
2011-12-26 22:41:57	--------	d-----w-	c:\users\tina west\appdata\local\{3841F524-6DCE-4B8D-8340-7955C20802E0}
2011-12-26 10:41:32	--------	d-----w-	c:\users\tina west\appdata\local\{B0319698-1ABC-4FB7-B952-D6D0D222CA5D}
2011-12-26 10:41:15	--------	d-----w-	c:\users\tina west\appdata\local\{E8E81807-49D3-47B8-9602-53B0A6AD7170}
2011-12-22 16:55:01	--------	d-----w-	c:\users\tina west\appdata\local\{B09D887C-CFFF-4DAB-878A-5431542A2D7A}
2011-12-22 16:54:34	--------	d-----w-	c:\users\tina west\appdata\local\{2C26D844-1744-42A1-8A7E-12985BD66CF7}
2011-12-21 19:59:24	--------	d-----w-	c:\users\tina west\appdata\local\{04BC0BE0-ACE1-45D9-8532-C063A178950C}
2011-12-21 19:59:06	--------	d-----w-	c:\users\tina west\appdata\local\{F6D46220-B95F-46D3-8012-01CAB1F76015}
2011-12-20 20:08:45	--------	d-----w-	c:\users\tina west\appdata\local\{028973C7-9868-4EDA-BC7A-7B4FE36C9655}
2011-12-20 20:08:03	--------	d-----w-	c:\users\tina west\appdata\local\{65DA114F-42AB-4528-917A-BEB297B2181D}
2011-12-19 18:56:13	--------	d-----w-	c:\users\tina west\appdata\local\{8F7B787A-9A0C-4CDF-ACD2-E4DFD3DABF2C}
2011-12-19 18:56:01	--------	d-----w-	c:\users\tina west\appdata\local\{C60B8BE2-A941-4D61-87E7-5A9EB0D42DD2}
2011-12-18 16:16:29	--------	d-----w-	c:\users\tina west\appdata\local\{ECC306C9-CB16-497E-A4E8-4636F1FA19C2}
2011-12-18 16:16:08	--------	d-----w-	c:\users\tina west\appdata\local\{A9C9A99C-0D5E-45D9-BCFC-E5E031ACF1F5}
2011-12-17 11:06:42	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-17 11:06:42	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-17 11:06:39	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-17 11:06:09	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 11:06:06	2409784	----a-w-	c:\program files\windows mail\OESpamFilter.dat
2011-12-17 11:05:24	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-17 11:04:54	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-16 18:03:29	--------	d-----w-	c:\users\tina west\appdata\local\{9F3E9E99-A174-41C2-927F-117632374220}
2011-12-16 18:03:15	--------	d-----w-	c:\users\tina west\appdata\local\{7358B2FC-06E8-4C1C-BBDE-46A753EBF5C2}
2011-12-16 10:24:52	--------	d-----w-	c:\users\tina west\appdata\local\{42014288-1FE0-407E-9E99-F96E9496E971}
2011-12-16 10:24:38	--------	d-----w-	c:\users\tina west\appdata\local\{2F2AB0F6-4FF5-41A7-8169-00C6717B90D2}
2011-12-14 14:49:17	--------	d-----w-	c:\users\tina west\appdata\local\{DA96B277-17BC-4C93-A006-A5531614E5BA}
2011-12-14 14:49:06	--------	d-----w-	c:\users\tina west\appdata\local\{198268E9-060B-4F23-87B2-5AE0BC67A649}
2011-12-13 12:37:27	--------	d-----w-	c:\users\tina west\appdata\local\{873BCEF0-654A-460E-B2AE-3AD53CFD0F89}
2011-12-13 12:37:14	--------	d-----w-	c:\users\tina west\appdata\local\{AD9A48AB-49A9-432E-9911-A25DF4F96B92}
2011-12-12 16:19:09	--------	d-----w-	c:\users\tina west\appdata\local\{A661EBDE-6212-4244-9FAE-515197039E25}
2011-12-12 16:18:51	--------	d-----w-	c:\users\tina west\appdata\local\{87D439C0-2647-47C9-A663-210735F7C4C4}
2011-12-11 15:21:06	--------	d-----w-	c:\users\tina west\appdata\local\{B8AB0B61-C99C-46A2-A302-7F1442BD328B}
2011-12-11 15:20:55	--------	d-----w-	c:\users\tina west\appdata\local\{1AF731B4-CDAE-47E1-A10F-6E1573DD6AC1}
2011-12-06 22:12:11	--------	d-----w-	c:\users\tina west\appdata\local\{4D78ECF4-4079-4BD3-B075-66C621E3C18A}
2011-12-06 22:11:50	--------	d-----w-	c:\users\tina west\appdata\local\{87A6EF29-2551-479C-8972-47C180AC6172}
2011-12-05 22:05:12	--------	d-----w-	c:\users\tina west\appdata\local\{8F483F51-418C-4739-BC7E-6B8DDF76B476}
2011-12-05 22:05:00	--------	d-----w-	c:\users\tina west\appdata\local\{D36165DD-44C6-4BA5-BF92-515D901A7571}
2011-12-05 16:10:28	784144	----a-w-	c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-5\SpotlightResources.dll
2011-12-04 17:56:02	--------	d-----w-	c:\users\tina west\appdata\local\{6A7BCB55-F858-46BF-9D1F-AB083CEE1773}
2011-12-04 17:55:50	--------	d-----w-	c:\users\tina west\appdata\local\{CCD3F67B-13F0-45AB-A609-D5E3A9C3F440}
2011-12-03 16:54:21	--------	d-----w-	c:\users\tina west\appdata\local\{C8EECE34-83B7-4C52-8B25-224C12E401AF}
2011-12-03 16:54:05	--------	d-----w-	c:\users\tina west\appdata\local\{08BD8147-8379-4135-B695-F41C3EE447C9}
.
==================== Find3M ====================
.
2011-12-02 20:33:29	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 21:28:38	56208	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2011-11-03 22:47:42	1798144	----a-w-	c:\windows\system32\jscript9.dll
2011-11-03 22:40:21	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47	1127424	----a-w-	c:\windows\system32\wininet.dll
2011-11-03 22:31:57	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-24 13:29:02	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02	69632	----a-w-	c:\windows\system32\QuickTime.qts
.
============= FINISH: 12:08:15.63 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2006 21:05:16
System Uptime: 02/01/2012 09:13:20 (3 hours ago)
.
Motherboard: Acer | | WG43M
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 458 GiB total, 244.563 GiB free.
E: is Removable
F: is FIXED (NTFS) - 458 GiB total, 457.652 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP975: 16/12/2011 11:16:28 - Scheduled Checkpoint
RP976: 16/12/2011 16:10:33 - Windows Update
RP977: 16/12/2011 18:11:13 - Windows Update
RP978: 16/12/2011 22:47:02 - Windows Update
RP979: 17/12/2011 12:59:06 - Scheduled Checkpoint
RP980: 18/12/2011 00:08:43 - Windows Update
RP981: 18/12/2011 15:49:12 - Scheduled Checkpoint
RP982: 18/12/2011 22:15:15 - Windows Update
RP983: 19/12/2011 14:20:06 - Scheduled Checkpoint
RP984: 20/12/2011 09:23:29 - Windows Update
RP985: 21/12/2011 12:32:21 - Scheduled Checkpoint
RP986: 22/12/2011 16:49:22 - Scheduled Checkpoint
RP987: 24/12/2011 19:14:43 - Windows Update
RP988: 25/12/2011 18:41:12 - Scheduled Checkpoint
RP989: 26/12/2011 12:50:40 - Scheduled Checkpoint
RP990: 27/12/2011 11:49:49 - Windows Update
RP991: 29/12/2011 11:22:25 - Windows Update
RP992: 29/12/2011 11:37:15 - Windows Update
RP993: 29/12/2011 14:16:00 - Windows Update
RP994: 30/12/2011 10:55:05 - Scheduled Checkpoint
RP995: 31/12/2011 10:17:29 - Windows Update
RP996: 01/01/2012 00:40:06 - Scheduled Checkpoint
RP997: 01/01/2012 01:41:41 - Windows Update
RP998: 01/01/2012 11:19:28 - Windows Update
RP999: 01/01/2012 18:24:22 - Windows Update
RP1000: 02/01/2012 11:00:49 - Scheduled Checkpoint
RP1001: 02/01/2012 11:28:41 - Installed HiJackThis
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acer Arcade Deluxe
Acer eRecovery Management
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Alice Greenfingers
Alien Shooter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AV Input Selection
Bejeweled 2 Deluxe
Bejeweled 3
Bejeweled Twist
Bing Bar
Bonjour
Bookworm Adventures
BTOffer1
Bubble Xmas
Bubbletown
BufferChm
C:\Program Files\Acer GameZone\GameConsole
C4400
C4400_Help
Cake Mania
Cake Mania - Lights Camera Action
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Chicken Invaders 2
Chocolatier
Chocolatier Decadence By Design
Client Settings Tool
Compatibility Pack for the 2007 Office system
Conduit Engine
Cooking Dash 3 - Thrills & Spills CE
Copy
CustomerResearchQFolder
CyberLink MediaShow
CyberLink PowerDirector
D3DX10
Daily Star Sci-Fi Saturday
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dream Day First Home
eSobi v2
eSupportQFolder
Facebook Video Calling 1.0.0.8953
FileSafe
Galapago
Go-Go Gourmet
Google Chrome
Google Desktop
Google Earth
Google SketchUp 7
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
Gyazo 1.0
Heroes of Hellas
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
iCloud
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Jessops Picture Suite
Junk Mail filter update
Kaspersky Internet Security 2011
kikin plugin 2.4
Logitech Touch Mouse Server 1.0
Logitech Vid HD
Logitech Webcam Software
Magic Farm
Magic Match Adventures
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Mystery Solitaire - Secret Island
MyWinLocker
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
PanoStandAlone
PlayReady PC runtime
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickTime
Rapport
rayman2
Realtek High Definition Audio Driver
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Segoe UI
Shop for HP Supplies
SimCity 3000
Sky Broadband
Sky Broadband Browser Branding
Skype Click to Call
Skype 5.5
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
TuneUp Utilities
TuneUp Utilities Language Pack (en-GB)
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VideoToolkit01
Virgin Media Toolbar
Vuze
Vuze Remote Toolbar
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Winemaker Extraordinaire (remove only)
WinRAR archiver
WinX Free DVD Ripper 4.5.12
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
31/12/2011 11:17:10, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
31/12/2011 11:14:07, Error: EventLog [6008] - The previous system shutdown at 11:11:40 on 31/12/2011 was unexpected.
31/12/2011 11:05:30, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
30/12/2011 18:19:10, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user TinaWest-PC\Tina West SID (S-1-5-21-2194634020-195640291-4179135931-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
30/12/2011 18:19:10, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {682159D9-C321-47CA-B3F1-30E36B2EC8B9} to the user TinaWest-PC\Tina West SID (S-1-5-21-2194634020-195640291-4179135931-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
30/12/2011 09:54:16, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/12/2011 20:26:28, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001F16F64452 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
29/12/2011 14:40:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/12/2011 11:34:56, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
29/12/2011 11:23:35, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
29/12/2011 11:23:35, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/12/2011 11:23:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
02/01/2012 09:21:22, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
02/01/2012 09:20:46, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
.
==== End Of File ===========================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-03 07:27:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ST6O
Running: 4o17lxl2.exe; Driver: C:\Users\TINAWE~1\AppData\Local\Temp\ugrorkow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9A90BD50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9A90DF8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9A90E208]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9A90E47E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x943B3080]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9A90C664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9A90D498]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x9A90D9E2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x943B3BDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x9A90D8C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x9A90B93E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9A90D79C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9A90BAE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9A90DB02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x9A9251F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x9A90C2EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9A90D832]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9A90F1F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x943B3DD6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x943B75AC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x943B75DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x9A90CDC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x9A9103FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x9A90CBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x9A90F2E2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x943B7740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x9A925210]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x9A90DA78]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x943B3CF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x9A90D958]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x943B31F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x9A90F7E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x9A90DB98]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x943B33EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwPlugPlayControl [0x9A925200]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x943B351C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9A90E782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x9A90FD84]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x943B76B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x9A90F676]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x943B7620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x943B7652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9A90DEFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9A90DDC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9A90EF8A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x943B7684]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x9A9102A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x9A90A590]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9A90D1DE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x943B3026]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x943B3E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x9A90E824]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetSecurityObject [0x9A90F480]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x9A90FED4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x943B7544]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x9A90FFC6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x943B2FC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x9A90F114]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x943B2EE8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x943B2F30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x9A90FC28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9A90C220]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x9A986640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x9A90E6C8]

INT 0x62 ? 914AECD0
INT 0x71 ? 91462A50
INT 0x81 ? 91462CD0
INT 0xA2 ? 914AE7D0
INT 0xB0 ? 914627D0

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 8BEE789C 4 Bytes [50, BD, 90, 9A]
.text ntkrnlpa.exe!KeSetEvent + 13D 8BEE78C0 8 Bytes [8E, DF, 90, 9A, 08, E2, 90, ...]
.text ntkrnlpa.exe!KeSetEvent + 181 8BEE7904 4 Bytes [7E, E4, 90, 9A]
.text ntkrnlpa.exe!KeSetEvent + 191 8BEE7914 4 Bytes [80, 30, 3B, 94] {XOR BYTE [EAX], 0x3b; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1A9 8BEE792C 4 Bytes [64, C6, 90, 9A]
.text ... 
? C:\Users\TINAWE~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] ntdll.dll!KiUserApcDispatcher 77415B48 5 Bytes JMP 00414D50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] kernel32.dll!LoadLibraryExW + 173 75B593EF 4 Bytes JMP 71AA000A 
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!getaddrinfo 75DC418A 5 Bytes JMP 71A40022 
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!gethostbyname 75DD62D4 5 Bytes JMP 71AD0022 
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1604] C:\Windows\system32\ntdll.dll time/date stamp mismatch; 
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1604] C:\Windows\system32\kernel32.dll time/date stamp mismatch; 
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1604] USER32.dll!SetScrollInfo + 7A8 770E7980 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3112] C:\Windows\system32\ntdll.dll time/date stamp mismatch; 
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3112] C:\Windows\system32\kernel32.dll time/date stamp mismatch; 
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[3112] USER32.dll!SetScrollInfo + 7A8 770E7980 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
.text C:\Windows\Explorer.EXE[3184] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75F7B37C 4 Bytes [B0, 22, 40, 00]
.text C:\Windows\Explorer.EXE[3184] SHELL32.dll!ShellExecuteExW + 18B7 75FADA0C 4 Bytes [20, 1B, 40, 00]
.text C:\Program Files\Internet Explorer\iexplore.exe[6400] USER32.dll!EnableWindow 770DCD8B 5 Bytes JMP 6A709A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6400] USER32.dll!DialogBoxParamW 771010B0 5 Bytes JMP 6A66170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6400] USER32.dll!DialogBoxIndirectParamW 77102EF5 5 Bytes JMP 6A8562BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6400] USER32.dll!DialogBoxParamA 77118152 5 Bytes JMP 6A856259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6400] USER32.dll!DialogBoxIndirectParamA 7711847D 5 Bytes JMP 6A856323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6400] USER32.dll!MessageBoxIndirectA 7712D4D9 5 Bytes JMP 6A8561E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6400] USER32.dll!MessageBoxIndirectW 7712D5D3 5 Bytes JMP 6A856167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6400] USER32.dll!MessageBoxExA 7712D639 5 Bytes JMP 6A856103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6400] USER32.dll!MessageBoxExW 7712D65D 5 Bytes JMP 6A85609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] kernel32.dll!CreateThread 75B7CB2E 5 Bytes JMP 6A6C7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!CreateDialogParamW 770D72A2 5 Bytes JMP 6A856628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!GetAsyncKeyState 770D863C 5 Bytes JMP 6A6ADD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!SetWindowsHookExW 770D87AD 5 Bytes JMP 6A702194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!CallNextHookEx 770D8E3B 5 Bytes JMP 6A727BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!UnhookWindowsHookEx 770D98DB 5 Bytes JMP 6A74EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!EnableWindow 770DCD8B 5 Bytes JMP 6A709A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!DefWindowProcA 770DDB88 7 Bytes JMP 6A6C952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!CreateWindowExA 770DDC2A 5 Bytes JMP 6A6D3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!CreateWindowExW 770E1305 5 Bytes JMP 6A72FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!GetKeyState 770E8CB1 5 Bytes JMP 6A6ADC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!DefWindowProcW 770F03B4 7 Bytes JMP 6A727C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!IsDialogMessageW 770F0745 5 Bytes JMP 6A856D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!CreateDialogParamA 770F17AA 5 Bytes JMP 6A8565F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!IsDialogMessage 770F1847 2 Bytes JMP 6A856D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!IsDialogMessage + 3 770F184A 2 Bytes [76, F3] {JBE 0xfffffffffffffff5}
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!CreateDialogIndirectParamA 770F26F1 5 Bytes JMP 6A856660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!CreateDialogIndirectParamW 770F9A62 5 Bytes JMP 6A856698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!SetKeyboardState 77100987 5 Bytes JMP 6A857649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!DialogBoxParamW 771010B0 5 Bytes JMP 6A66170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!DialogBoxIndirectParamW 77102EF5 5 Bytes JMP 6A8562BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!SendInput 77102F75 5 Bytes JMP 6A8575F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!EndDialog 7710326E 5 Bytes JMP 6A85702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!SetCursorPos 77116FB2 5 Bytes JMP 6A8576CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!DialogBoxParamA 77118152 5 Bytes JMP 6A856259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!DialogBoxIndirectParamA 7711847D 5 Bytes JMP 6A856323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!MessageBoxIndirectA 7712D4D9 5 Bytes JMP 6A8561E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!MessageBoxIndirectW 7712D5D3 5 Bytes JMP 6A856167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!MessageBoxExA 7712D639 5 Bytes JMP 6A856103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!MessageBoxExW 7712D65D 5 Bytes JMP 6A85609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] USER32.dll!keybd_event 7712D972 5 Bytes JMP 6A8575AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] SHELL32.dll!SHRestricted + D95 75FC89A8 4 Bytes [CF, 01, 1B, 67]
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] SHELL32.dll!SHRestricted + D9D 75FC89B0 8 Bytes [E0, 61, 1A, 67, 79, F7, 1A, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6580] ole32.dll!OleLoadFromStream 75E11E80 5 Bytes JMP 6A856A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] kernel32.dll!CreateThread 75B7CB2E 5 Bytes JMP 6A6C7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!CreateDialogParamW 770D72A2 5 Bytes JMP 6A856628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!GetAsyncKeyState 770D863C 5 Bytes JMP 6A6ADD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!SetWindowsHookExW  770D87AD 5 Bytes JMP 6A702194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!CallNextHookEx 770D8E3B 5 Bytes JMP 6A727BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!UnhookWindowsHookEx 770D98DB 5 Bytes JMP 6A74EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!EnableWindow 770DCD8B 5 Bytes JMP 6A709A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!DefWindowProcA 770DDB88 7 Bytes JMP 6A6C952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!CreateWindowExA 770DDC2A 5 Bytes JMP 6A6D3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!CreateWindowExW 770E1305 5 Bytes JMP 6A72FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!GetKeyState 770E8CB1 5 Bytes JMP 6A6ADC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!DefWindowProcW 770F03B4 7 Bytes JMP 6A727C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!IsDialogMessageW 770F0745 5 Bytes JMP 6A856D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!CreateDialogParamA 770F17AA 5 Bytes JMP 6A8565F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!IsDialogMessage 770F1847 2 Bytes JMP 6A856D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!IsDialogMessage + 3 770F184A 2 Bytes [76, F3] {JBE 0xfffffffffffffff5}
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!CreateDialogIndirectParamA 770F26F1 5 Bytes JMP 6A856660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!CreateDialogIndirectParamW 770F9A62 5 Bytes JMP 6A856698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!SetKeyboardState 77100987 5 Bytes JMP 6A857649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!DialogBoxParamW 771010B0 5 Bytes JMP 6A66170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!DialogBoxIndirectParamW 77102EF5 5 Bytes JMP 6A8562BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!SendInput  77102F75 5 Bytes JMP 6A8575F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!EndDialog 7710326E 5 Bytes JMP 6A85702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!SetCursorPos 77116FB2 5 Bytes JMP 6A8576CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!DialogBoxParamA 77118152 5 Bytes JMP 6A856259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!DialogBoxIndirectParamA 7711847D 5 Bytes JMP 6A856323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!MessageBoxIndirectA 7712D4D9 5 Bytes JMP 6A8561E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!MessageBoxIndirectW 7712D5D3 5 Bytes JMP 6A856167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!MessageBoxExA 7712D639 5 Bytes JMP 6A856103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!MessageBoxExW 7712D65D 5 Bytes JMP 6A85609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] USER32.dll!keybd_event 7712D972 5 Bytes JMP 6A8575AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] SHELL32.dll!SHRestricted + D95 75FC89A8 4 Bytes [CF, 01, 1B, 67]
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] SHELL32.dll!SHRestricted + D9D 75FC89B0 8 Bytes [E0, 61, 1A, 67, 79, F7, 1A, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7752] ole32.dll!OleLoadFromStream 75E11E80 5 Bytes JMP 6A856A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] kernel32.dll!CreateThread 75B7CB2E 5 Bytes JMP 6A6C7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!CreateDialogParamW 770D72A2 5 Bytes JMP 6A856628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!GetAsyncKeyState 770D863C 5 Bytes JMP 6A6ADD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!SetWindowsHookExW 770D87AD 5 Bytes JMP 6A702194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!CallNextHookEx 770D8E3B 5 Bytes JMP 6A727BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!UnhookWindowsHookEx 770D98DB 5 Bytes JMP 6A74EB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!EnableWindow 770DCD8B 5 Bytes JMP 6A709A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!DefWindowProcA 770DDB88 7 Bytes JMP 6A6C952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!CreateWindowExA 770DDC2A 5 Bytes JMP 6A6D3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!CreateWindowExW 770E1305 5 Bytes JMP 6A72FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!GetKeyState 770E8CB1 5 Bytes JMP 6A6ADC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!DefWindowProcW 770F03B4 7 Bytes JMP 6A727C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!IsDialogMessageW 770F0745 5 Bytes JMP 6A856D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!CreateDialogParamA 770F17AA 5 Bytes JMP 6A8565F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!IsDialogMessage 770F1847 2 Bytes JMP 6A856D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!IsDialogMessage + 3 770F184A 2 Bytes [76, F3] {JBE 0xfffffffffffffff5}
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!CreateDialogIndirectParamA 770F26F1 5 Bytes JMP 6A856660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!CreateDialogIndirectParamW 770F9A62 5 Bytes JMP 6A856698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!SetKeyboardState 77100987 5 Bytes JMP 6A857649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!DialogBoxParamW 771010B0 5 Bytes JMP 6A66170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!DialogBoxIndirectParamW 77102EF5 5 Bytes JMP 6A8562BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!SendInput 77102F75 5 Bytes JMP 6A8575F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!EndDialog 7710326E 5 Bytes JMP 6A85702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!SetCursorPos 77116FB2 5 Bytes JMP 6A8576CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!DialogBoxParamA 77118152 5 Bytes JMP 6A856259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!DialogBoxIndirectParamA 7711847D 5 Bytes JMP 6A856323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!MessageBoxIndirectA 7712D4D9 5 Bytes JMP 6A8561E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!MessageBoxIndirectW 7712D5D3 5 Bytes JMP 6A856167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!MessageBoxExA 7712D639 5 Bytes JMP 6A856103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!MessageBoxExW 7712D65D 5 Bytes JMP 6A85609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] USER32.dll!keybd_event 7712D972 5 Bytes JMP 6A8575AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] SHELL32.dll!SHRestricted + D95 75FC89A8 4 Bytes [CF, 01, 1B, 67]
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] SHELL32.dll!SHRestricted + D9D 75FC89B0 8 Bytes [E0, 61, 1A, 67, 79, F7, 1A, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[8492] ole32.dll!OleLoadFromStream 75E11E80 5 Bytes JMP 6A856A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- EOF - GMER 1.0.15 ----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:55:32, on 03/01/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Tina West\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x3810
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x3810
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Virgin Media Toolbar - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\PROGRA~1\VIRGIN~2\VIRGIN~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Virgin Media Toolbar - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\PROGRA~1\VIRGIN~2\VIRGIN~1.DLL
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-2194634020-195640291-4179135931-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2194634020-195640291-4179135931-1000\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode (User '?')
O4 - HKUS\S-1-5-21-2194634020-195640291-4179135931-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - S-1-5-21-2194634020-195640291-4179135931-1000 Startup: Logitech Touch Mouse Server.lnk = Martin The Tank\Desktop\Logitech Touch Mouse Server\iTouch-Server-Win.exe (User '?')
O4 - S-1-5-21-2194634020-195640291-4179135931-1000 Startup: Logitech Touch Mouse Server.lnk = Martin The Tank\Desktop\Logitech Touch Mouse Server\iTouch-Server-Win.exe (User '?')
O4 - Startup: Logitech Touch Mouse Server.lnk = Martin The Tank\Desktop\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - http://downloads.virginmedia.com/CST/ver1/vistainstaller.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: CyberLink Media Server Monitor Service - Unknown owner - C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
O23 - Service: CyberLink Media Server Service - CyberLink - C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 15720 bytes

Hope this info helps but please help me to get back to a safe place

Thanks


----------



## Deejay100six (Sep 27, 2011)

Hi Tina and welcome to TSG.

I am reviewing your logs and will respond with a reply as soon as I can.

Please note that *all* my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.


----------



## Deejay100six (Sep 27, 2011)

Hi, my name is Dave and I will be helping you to clean any malware which may be present on your system.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does *NOT* mean that your system is clean.
If there is anything you don't understand, please ask *BEFORE* proceeding with the fixes.
Please ensure that you follow the instructions in the order I have them listed.
Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into your thread. If the logs are too big to post in one reply, please feel free to use more posts. Do *NOT* add them as attachments unless specifically instructed.
If I don't hear from you within *3 days* from this initial or any subsequent post, I will have to unsubscribe from this thread, which means I will not recieve notifications of any further replies and will move on to assist someone else.
*---------------------------------------------------------------------------------------------------------------------------------*

*Combofix*

We will begin with *ComboFix.exe*. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Please read all the information carefully!*

*You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.*

Please include the log *C:\ComboFix.txt* in your next reply for further review.


----------



## MamaWesty (Oct 20, 2006)

Hi Dave

Thanks again for your help

Log listed

ComboFix 12-01-06.03 - Tina West 06/01/2012 23:09:52.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3036.1133 [GMT 0:00]
Running from: c:\users\Tina West\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\users\Martin The Tank\AppData\Local\Microsoft\Windows\Temporary Internet Files\pse_350_enu.exe
c:\users\Martin The Tank\AppData\Roaming\.#
c:\users\Phillip The PSP Game\AppData\Roaming\.#
c:\users\Phillip West\AppData\Local\{E8E22400-E563-4ED0-A2CA-C8B00D1953F1}
c:\users\Phillip West\AppData\Local\{E8E22400-E563-4ED0-A2CA-C8B00D1953F1}\chrome.manifest
c:\users\Phillip West\AppData\Local\{E8E22400-E563-4ED0-A2CA-C8B00D1953F1}\chrome\content\overlay.xul
c:\users\Phillip West\AppData\Local\{E8E22400-E563-4ED0-A2CA-C8B00D1953F1}\install.rdf
c:\users\Phillip West\AppData\Roaming\Adobe\plugs
c:\users\Phillip West\AppData\Roaming\Adobe\plugs\KB7954802.exe
c:\users\Phillip West\AppData\Roaming\Adobe\plugs\KB7954896.exe
c:\users\Phillip West\AppData\Roaming\Adobe\shed
c:\users\Tina West\AppData\Roaming\.#
c:\users\Tina West\AppData\Roaming\.#\[email protected]@16F2928.###
c:\users\Tina West\AppData\Roaming\.#\[email protected]@16F2958.###
c:\users\Tina West\AppData\Roaming\.#\[email protected]@16F2988.###
c:\users\Tina West\GoToAssistDownloadHelper.exe
c:\users\Tony The Fat Man\AppData\Local\Microsoft\Windows\Temporary Internet Files\pse_350_enu.exe
c:\users\Tony The Fat Man\AppData\Roaming\.#
c:\windows\iun6002.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-06 23:29 . 2012-01-06 23:29	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441FD386-C7EA-4B4B-A7F7-CDFB730A73E3}\offreg.dll
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Phillip West\AppData\Local\temp
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Tony The Fat Man\AppData\Local\temp
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Martin The Tank\AppData\Local\temp
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Phillip The PSP Game\AppData\Local\temp
2012-01-06 22:59 . 2011-11-30 02:21	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441FD386-C7EA-4B4B-A7F7-CDFB730A73E3}\mpengine.dll
2012-01-02 11:43 . 2012-01-02 11:43	388096	----a-r-	c:\users\Tina West\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-02 11:43 . 2012-01-02 11:43	--------	d-----w-	c:\program files\Trend Micro
2011-12-31 10:19 . 2011-11-30 02:21	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-29 11:35 . 2011-10-04 17:22	703824	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6AD69F6-2A35-43C7-AD92-AA7FA9CB56CF}\gapaengine.dll
2011-12-29 11:26 . 2011-12-29 11:26	--------	d-----w-	c:\program files\Microsoft Security Client
2011-12-29 11:25 . 2010-04-05 20:00	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2011-12-29 10:17 . 2011-12-29 10:17	--------	d-----w-	c:\program files\CCleaner
2011-12-27 11:50 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DB68F58-5C78-4873-A8A5-570537CA3FE4}\mpengine.dll
2011-12-17 11:06 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-17 11:06 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-17 11:06 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-17 11:06 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 11:06 . 2011-11-08 12:10	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-17 11:05 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-17 11:04 . 2011-11-08 14:42	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.


----------



## Deejay100six (Sep 27, 2011)

Hi Tina,

I notice you have more than one antivirus program running on your machine. This is not a good idea.



> NOTE - only ever have one AV installed and running on your system. Having more than one installed may seem like a good idea, but most AVs contain a 'real time' scanning system. If you have more than one installed then each system will be constantly trying to check files that the other system has just checked, and so on. We often find users reporting slowdowns, Blue Screens of Death (BSOD) and other 'odd' symptoms that are cured when they uninstall their second AV.


Read more *here* and *here*.
In short, you should never have more than one Antivirus program installed on the machine, please uninstall all but one via control panel >> programs and features. I personally reccomend Microsoft Security Essentials but if Kaspersky is a paid for version thats ok too.

*-------------------------------------------------------------------------------------------------------------------------------------*

It appears that some of the combofix log is missing, did combofix complete its run?

Press the *Windows Flag key* and *R* to bring up the run requester.
In the requester copy and paste the following *C:\ComboFix.txt* and press the *OK* button
The full combofix log should now open.
Copy and paste the contents of this log back in your next reply. 
Please ensure that the whole of the log is copied in to the post


----------



## MamaWesty (Oct 20, 2006)

Hi Dave

I have uninstall Microsoft security essentials as this is what the scammers installed and I have paid for Kaspersky for another month and been using them for a few years as recommended by yourselves a couple of years ago when I had some problems. I will review the situation when Kaspersky runs out.

log attached
ComboFix 12-01-06.03 - Tina West 06/01/2012 23:09:52.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3036.1133 [GMT 0:00]
Running from: c:\users\Tina West\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\users\Martin The Tank\AppData\Local\Microsoft\Windows\Temporary Internet Files\pse_350_enu.exe
c:\users\Martin The Tank\AppData\Roaming\.#
c:\users\Phillip The PSP Game\AppData\Roaming\.#
c:\users\Phillip West\AppData\Local\{E8E22400-E563-4ED0-A2CA-C8B00D1953F1}
c:\users\Phillip West\AppData\Local\{E8E22400-E563-4ED0-A2CA-C8B00D1953F1}\chrome.manifest
c:\users\Phillip West\AppData\Local\{E8E22400-E563-4ED0-A2CA-C8B00D1953F1}\chrome\content\overlay.xul
c:\users\Phillip West\AppData\Local\{E8E22400-E563-4ED0-A2CA-C8B00D1953F1}\install.rdf
c:\users\Phillip West\AppData\Roaming\Adobe\plugs
c:\users\Phillip West\AppData\Roaming\Adobe\plugs\KB7954802.exe
c:\users\Phillip West\AppData\Roaming\Adobe\plugs\KB7954896.exe
c:\users\Phillip West\AppData\Roaming\Adobe\shed
c:\users\Tina West\AppData\Roaming\.#
c:\users\Tina West\AppData\Roaming\.#\[email protected]@16F2928.###
c:\users\Tina West\AppData\Roaming\.#\[email protected]@16F2958.###
c:\users\Tina West\AppData\Roaming\.#\[email protected]@16F2988.###
c:\users\Tina West\GoToAssistDownloadHelper.exe
c:\users\Tony The Fat Man\AppData\Local\Microsoft\Windows\Temporary Internet Files\pse_350_enu.exe
c:\users\Tony The Fat Man\AppData\Roaming\.#
c:\windows\iun6002.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-06 23:29 . 2012-01-06 23:29	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441FD386-C7EA-4B4B-A7F7-CDFB730A73E3}\offreg.dll
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Phillip West\AppData\Local\temp
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Tony The Fat Man\AppData\Local\temp
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Martin The Tank\AppData\Local\temp
2012-01-06 23:27 . 2012-01-06 23:27	--------	d-----w-	c:\users\Phillip The PSP Game\AppData\Local\temp
2012-01-06 22:59 . 2011-11-30 02:21	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441FD386-C7EA-4B4B-A7F7-CDFB730A73E3}\mpengine.dll
2012-01-02 11:43 . 2012-01-02 11:43	388096	----a-r-	c:\users\Tina West\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-02 11:43 . 2012-01-02 11:43	--------	d-----w-	c:\program files\Trend Micro
2011-12-31 10:19 . 2011-11-30 02:21	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-29 11:35 . 2011-10-04 17:22	703824	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6AD69F6-2A35-43C7-AD92-AA7FA9CB56CF}\gapaengine.dll
2011-12-29 11:26 . 2011-12-29 11:26	--------	d-----w-	c:\program files\Microsoft Security Client
2011-12-29 11:25 . 2010-04-05 20:00	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2011-12-29 10:17 . 2011-12-29 10:17	--------	d-----w-	c:\program files\CCleaner
2011-12-27 11:50 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DB68F58-5C78-4873-A8A5-570537CA3FE4}\mpengine.dll
2011-12-17 11:06 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-17 11:06 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-17 11:06 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-17 11:06 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 11:06 . 2011-11-08 12:10	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-17 11:05 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-17 11:04 . 2011-11-08 14:42	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 16:10 . 2011-12-05 16:10	784144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-5\SpotlightResources.dll
2011-12-02 20:33 . 2011-05-15 14:22	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 19:49 . 2009-11-27 12:29	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-11-07 21:28 . 2011-11-07 21:28	56208	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51	3911776	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 12:51	3911776	----a-w-	c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23	1385864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-09-09 18:02	799472	----a-w-	c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_Backedup]
@="{6BEDF914-4178-42DE-8D48-B11A9B8DC7AB}"
[HKEY_CLASSES_ROOT\CLSID\{6BEDF914-4178-42DE-8D48-B11A9B8DC7AB}]
2009-11-02 02:14	638728	----a-w-	c:\program files\FileSafe\SpareShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_Failed]
@="{20FA8895-5630-473A-A86A-54166558605F}"
[HKEY_CLASSES_ROOT\CLSID\{20FA8895-5630-473A-A86A-54166558605F}]
2009-11-02 02:14	638728	----a-w-	c:\program files\FileSafe\SpareShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_NotBackedup]
@="{D432C173-DFAD-491A-A01A-4E7AE1670A6F}"
[HKEY_CLASSES_ROOT\CLSID\{D432C173-DFAD-491A-A01A-4E7AE1670A6F}]
2009-11-02 02:14	638728	----a-w-	c:\program files\FileSafe\SpareShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05	40496	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-10 6957600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-05 30192]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-03-27 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-27 202024]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-09-14 352976]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-04-26 593920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2011-07-21 12023568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Martin The Tank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\users\Tony The Fat Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\users\Tina West\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - \\TINAWEST-PC\Users\Martin The Tank\Desktop\Logitech Touch Mouse Server\iTouch-Server-Win.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2194634020-195640291-4179135931-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper	REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
WindowsMobile	REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194634020-195640291-4179135931-1001Core.job
- c:\users\Martin The Tank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 20:44]
.
2012-01-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194634020-195640291-4179135931-1001UA.job
- c:\users\Martin The Tank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 20:44]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:17]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x3810
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MCODS
AddRemove-Daily Star Sci-Fi Saturday1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 23:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5436)
c:\program files\FileSafe\SpareShellExtension.dll
c:\program files\FileSafe\SQLite3.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
c:\program files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2012-01-06 23:42:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-06 23:42
.
Pre-Run: 264,507,957,248 bytes free
Post-Run: 286,710,964,224 bytes free
.
- - End Of File - - EF5C5CBC9D37E7A8AE6B9D3A5D0D46E8

hope it is all there now


----------



## Deejay100six (Sep 27, 2011)

Hi Tina, apologies for the delay.

Please don't think you're silly or stupid to fall for this scam. If you've been on Google, I'm sure you've seen how many other victims there are. Luckily you didn't go as far as some and it doesn't appear that much, if any, damage had been done.

Looks like Combofix caught it but we'll check to make sure there is nothing else in there.

Download  *Malwarebytes' Anti-Malware* to your desktop.


Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
 *Update Malwarebytes' Anti-Malware*
 *Launch Malwarebytes' Anti-Malware*

Then click *Finish*.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform Quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. *Save it to your desktop*.
* Note:* Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, *post that saved log *in your next reply.

*--------------------------------------------------------------------------------------------------------------------------------*

Go *here* to run an online scannner from ESET.

*Note:* You will need to use *Internet explorer* for this scan
 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is unticked, and the option *Scan unwanted applications* is checked
Click *Scan*
Wait for the scan to finish
Use *notepad* to open the logfile located at *C:\Program Files\EsetOnlineScanner\log.txt*
Copy and paste that log in your next reply.


----------



## MamaWesty (Oct 20, 2006)

Hi Dave

Sorry for delay, Eset scan took a long time.

MBAM scan results

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tina West :: TINAWEST-PC [administrator]

08/01/2012 21:47:02
mbam-log-2012-01-08 (21-47-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 491634
Time elapsed: 13 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

With the Eset scan I unchecked the Remove found threats box but there wasn't a scan unwanted applications. Should I have checked scan archives? I didn't but this was the results

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

Do I need to d it again?


----------



## Deejay100six (Sep 27, 2011)

Hi Tina,



> Do I need to d it again?


Yes please and if you look under Remove found threats and scan archives, (no, you don't need to check that one) you will see Advanced options. If you click that, it will reveal the "Scan for potentially unwanted applications" option.


----------



## MamaWesty (Oct 20, 2006)

Hi Dave

I did scan last night but couldn't find log this morning so did again and this is what was listed under scan reults

C:\Qoobox\Quarantine\C\Users\Phillip West\AppData\Roaming\Adobe\plugs\KB7954802.exe.vir	Win32/TrojanDropper.Agent.PEY trojan
C:\Qoobox\Quarantine\C\Users\Phillip West\AppData\Roaming\Adobe\plugs\KB7954896.exe.vir	Win32/TrojanDropper.Agent.PEY trojan

Hope this helps

thanks


----------



## Deejay100six (Sep 27, 2011)

Hi Tina,

Looking good.  Those are safely in quarantine now and will be gone for good when we finish cleaning up after ourselves.

Download *Security Check* by screen317 from here or here.


Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

*-----------------------------------------------------------------------------------------------------------*

Another point I'd like to bring to your attention, you do seem to have a lot of toolbars and browser plugins which, to be honest, you could do without.

Here is what I found. Have a read and tell me what you think and let me know if you would like me to remove any or all of them.

*Conduit Engine* Reputed to have a certain trackware functionality. Read more here

*Vuze Remote Toolbar* Also related to Conduit as stated here.

*FrostWire Toolbar* Related to Ask Toolbar. Read more here.

*kikin Plugin* A browser plugin. Looks a bit dubious. Read here.

*Virgin Media Toolbar* This one is actually detected as adware. Read here.


----------



## MamaWesty (Oct 20, 2006)

Hi dave

security log below

Results of screen317's Security Check version 0.99.30 
Windows Vista Service Pack 2 x86 (UAC is enabled) 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
ESET Online Scanner v3 
Kaspersky Internet Security 2011 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
TuneUp Utilities 
TuneUp Utilities Language Pack (en-GB) 
TuneUp Utilities 
CCleaner 
Java(TM) 6 Update 26 
*Java version out of date!* 
Adobe Flash Player 10.3.181.14 *Flash Player out of Date!* 
Adobe Reader 9 *Adobe Reader out of date!* 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe 
*``````````End of Log````````````*

With regard to toolbars , lets get rid of them, we used to be with Virgin Media for our broadband so I expect that one dates back to then. Getting rid of the toolbars isn't going to affect me as you can tell I'm not a big user of the computer for browsing. Any problems it will be with my children and I will deal with it then


----------



## Deejay100six (Sep 27, 2011)

Hi Tina,

*Your Java is out of date.* Older versions have vulnerabilities that malware can use to infect your system. *Please follow these steps to remove older version Java components and update.*

*Updating Java:*


Visit this site *Java*
Click the *'Free Java Download'* button.
The site will advise if you need an updated version
Follow the instructions.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)


On the General tab, under Temporary Internet Files, click the *Settings* button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - *Leave BOTH Checked*
*Applications and Applets
Trace and Log Files*

Click OK on Delete Temporary Files Window
*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.*
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

*----------------------------------------------------------------------------------------------------*

*Your Adobe Flash Player is out of date. Older versions have vulnerabilities that malware can use to infect your system.*

There is a newer version of *Adobe Flash Player* available.


Please go to this link *Adobe Flash Player Download Link*
Untick *any program(s)* you do not wish to include in the installation.
Click Download
Click the Continue button
Click Run.
Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Control panel >> Programs and features and uninstall all previous versions.

*----------------------------------------------------------------------------------------------------*

*Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.*

Adobe Reader is a large program and if you prefer a smaller program you can get Foxit 2.0 here.

There is a newer version of *Adobe Acrobat Reader* available.


Please go to this link *Adobe Acrobat Reader Download Link*
Untick *any program(s)* you do not wish to include in the installation.
Click Download Now
Follow all on screen prompts

When the installation is complete go to Control panel >> Programs and features and uninstall all previous versions.

*----------------------------------------------------------------------------------------------------*

Now for the toolbars etc.

Sometimes its not this easy with some toolbars but you never know. :smile:

Go to Control panel >> Programs and features and uninstall the following;

*Ask Toolbar
Conduit Engine
kikin plugin 2.4
Virgin Media Toolbar
Vuze
Vuze Remote Toolbar*

I would also remove these two, such programs generally cause more problems than they solve.

*TuneUp Utilities
TuneUp Utilities Language Pack (en-GB)*

Something I missed earlier, the Vuze remote toolbar is bundled with Vuze the program. Vuze is related to downloading torrents.

This is the warning we usually give for such things.

We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

After you have removed the toolbars, reboot and run Combofix again by double clicking its icon so we can check that the toolbars are completely gone.

Please include the log *C:\ComboFix.txt* in your next reply for further review.

*----------------------------------------------------------------------------------------------------*

Also, please do this;

Press the *Windows Logo Key+R* and type the following bolded text into the Run box and click OK:

*C:\Qoobox\Add-Remove Programs.txt*

Please post the report.


----------



## MamaWesty (Oct 20, 2006)

Hi Dave

Done all you asked. When I tried to uninstall Kilkin it said Installer corrupted , invalid opcode. I tried again and it can up with error message saying it may have been uninstalled already, and did I want to remove from list of programs & features which I did.

Logs for Comcfix and Qoobox below

ComboFix 12-01-12.04 - Tina West 12/01/2012 19:39:07.2.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3036.1394 [GMT 0:00]
Running from: c:\users\Tina West\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martin The Tank\Desktop\Internet Explorer.lnk
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 18:00 . 2012-01-12 18:00	--------	d-----w-	c:\program files\Common Files\Java
2012-01-11 10:03 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-11 10:03 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-11 10:03 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 10:03 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-11 10:03 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-11 10:03 . 2011-12-01 15:21	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 10:03 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 10:03 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2012-01-08 22:11 . 2012-01-08 22:11	--------	d-----w-	c:\program files\ESET
2012-01-08 21:45 . 2012-01-08 21:45	--------	d-----w-	c:\users\Tina West\AppData\Roaming\Malwarebytes
2012-01-08 21:45 . 2012-01-08 21:45	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-08 21:45 . 2012-01-08 21:45	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-08 21:45 . 2011-12-10 15:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-06 23:42 . 2012-01-12 20:04	--------	d-----w-	c:\users\Tina West\AppData\Local\temp
2012-01-02 11:43 . 2012-01-02 11:43	388096	----a-r-	c:\users\Tina West\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-02 11:43 . 2012-01-02 11:43	--------	d-----w-	c:\program files\Trend Micro
2011-12-29 11:35 . 2011-10-04 17:22	703824	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6AD69F6-2A35-43C7-AD92-AA7FA9CB56CF}\gapaengine.dll
2011-12-29 11:25 . 2010-04-05 20:00	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2011-12-29 10:17 . 2011-12-29 10:17	--------	d-----w-	c:\program files\CCleaner
2011-12-17 11:06 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-17 11:06 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-17 11:06 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-17 11:06 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 11:05 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-17 11:04 . 2011-11-08 14:42	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 20:01 . 2012-01-12 20:01	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7ABEE3FB-B285-4E86-BF66-61FE83F97F13}\offreg.dll
2012-01-12 18:22 . 2011-05-15 14:22	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-05 16:10 . 2011-12-05 16:10	784144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-5\SpotlightResources.dll
2011-11-21 10:47 . 2012-01-10 11:22	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7ABEE3FB-B285-4E86-BF66-61FE83F97F13}\mpengine.dll
2011-11-20 19:49 . 2009-11-27 12:29	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-11-15 14:29 . 2010-01-20 21:05	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-10 05:54 . 2010-04-28 16:19	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-11-07 21:28 . 2011-11-07 21:28	56208	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_Backedup]
@="{6BEDF914-4178-42DE-8D48-B11A9B8DC7AB}"
[HKEY_CLASSES_ROOT\CLSID\{6BEDF914-4178-42DE-8D48-B11A9B8DC7AB}]
2009-11-02 02:14	638728	----a-w-	c:\program files\FileSafe\SpareShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_Failed]
@="{20FA8895-5630-473A-A86A-54166558605F}"
[HKEY_CLASSES_ROOT\CLSID\{20FA8895-5630-473A-A86A-54166558605F}]
2009-11-02 02:14	638728	----a-w-	c:\program files\FileSafe\SpareShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SpareBackup_NotBackedup]
@="{D432C173-DFAD-491A-A01A-4E7AE1670A6F}"
[HKEY_CLASSES_ROOT\CLSID\{D432C173-DFAD-491A-A01A-4E7AE1670A6F}]
2009-11-02 02:14	638728	----a-w-	c:\program files\FileSafe\SpareShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05	40496	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-10 6957600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-05 30192]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-03-27 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-27 202024]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-09-14 352976]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-04-26 593920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2011-11-16 12065056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Martin The Tank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\users\Tony The Fat Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\users\Tina West\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - \\TINAWEST-PC\Users\Martin The Tank\Desktop\Logitech Touch Mouse Server\iTouch-Server-Win.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2194634020-195640291-4179135931-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper	REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
WindowsMobile	REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194634020-195640291-4179135931-1001Core.job
- c:\users\Martin The Tank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 20:44]
.
2012-01-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194634020-195640291-4179135931-1001UA.job
- c:\users\Martin The Tank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-19 20:44]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:17]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x3810
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(8808)
c:\program files\FileSafe\SpareShellExtension.dll
c:\program files\FileSafe\SQLite3.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
c:\program files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-01-12 20:15:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 20:15
ComboFix2.txt 2012-01-06 23:42
.
Pre-Run: 288,296,603,648 bytes free
Post-Run: 287,564,808,192 bytes free
.
- - End Of File - - 3F0434D0AD469294D639F2DEC1BDC297

32 Bit HP CIO Components Installer
Acer Arcade Deluxe
Acer eRecovery Management
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Adobe Flash Player 11 ActiveX
Alice Greenfingers
Alien Shooter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AV Input Selection
Bejeweled 2 Deluxe
Bejeweled 3
Bejeweled Twist
Bing Bar
Bonjour
Bookworm Adventures
BTOffer1
Bubble Xmas
Bubbletown
BufferChm
C:\Program Files\Acer GameZone\GameConsole
C4400
C4400_Help
Cake Mania
Cake Mania - Lights Camera Action
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Chicken Invaders 2
Chocolatier
Chocolatier Decadence By Design
Client Settings Tool
Compatibility Pack for the 2007 Office system
Cooking Dash 3 - Thrills & Spills CE
Copy
CustomerResearchQFolder
CyberLink MediaShow
CyberLink PowerDirector
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dream Day First Home
ESET Online Scanner v3
eSobi v2
eSupportQFolder
Facebook Video Calling 1.0.0.8953
FileSafe
Galapago
Go-Go Gourmet
Google Chrome
Google Desktop
Google Earth
Google SketchUp 7
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
Gyazo 1.0
Heroes of Hellas
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
iCloud
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Jessops Picture Suite
Junk Mail filter update
Kaspersky Internet Security 2011
Logitech Touch Mouse Server 1.0
Logitech Vid HD
Logitech Webcam Software
Magic Farm
Magic Match Adventures
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Mystery Solitaire - Secret Island
MyWinLocker
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
PanoStandAlone
PlayReady PC runtime
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickTime
Rapport
rayman2
Realtek High Definition Audio Driver
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Segoe UI
Shop for HP Supplies
SimCity 3000
Sky Broadband
Sky Broadband Browser Branding
Skype Click to Call
Skype 5.5
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VideoToolkit01
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Winemaker Extraordinaire (remove only)
WinRAR archiver
WinX Free DVD Ripper 4.5.12
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)

I didn't realise quite how many programs for games on computer, I think a belated New Years Resolution to myself to look and uninstall alot of them

Tina


----------



## Deejay100six (Sep 27, 2011)

Hi Tina,

Yes, your machine does seem very busy, the language packs, in particular, are unneccessary unless you all speak several different languages.  Anyway, all the toolbars are gone now so we're about done.

Congratulations, your logs are now clean.









The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below










Please press the Windows Logo key + R and copy/paste, or type the following bolded text into the run box and click ok or press enter.

*Combofix /Uninstall*

Now that your system is clean, it is recommended that you update your Operating System to close any vulnerabilities and help make your system more secure against attack. You should visit Windows Updates and download any required patches for your system.

To help protect your computer in the future I recommend that you read the following articles:

Making Internet Explorer Safer.
Think Prevention!
Staying Secure - by sjb007
How to prevent Malware - By miekiemoes

Please ensure you have an Anti Virus installed and updated regularly as well as a firewall to block intrusion attempts. For additional protection, I would suggest using a Hosts file that blocks access to thousands of known bad sites, a spyware blocker such as Spyware Blaster and the combined protection of Spybot's scanner and real time function Tea Timer. Full details can be found in the links below:

MVPS Hosts file
Spyware Blaster
Spybot - Search & Destroy

Please let me know if there are any issues which you think we haven't addressed, otherwise all that is left is for you to respond to this thread one more time so that we can mark it as resolved. I wish you happy and safe surfing.


----------



## MamaWesty (Oct 20, 2006)

Hi Dave

Thanks for getting me back to a secure place. I have uninstalled Combofix and run spybot which came back saying no threats. I will install Hosts file and Spyware blaster shortly.

Another stupid question, none of us have used the internet since this problem , should we change our passwords on our banking sites, if so should we do on another computer or can we do on this one now.

Tina


----------



## Deejay100six (Sep 27, 2011)

Hi Tina,

I never did get around to asking you, did you actually establish a remote connection with these scammers?

While malware removal never comes with a 100% guarantee, the logs you have provided show that your system is clean. Changing your passwords regularly is always a good idea - if you wish to do this now then I suggest you use a known clean system to do so.


----------



## MamaWesty (Oct 20, 2006)

Hi Dave

Thanks again, the scammers did get access to computer, I will get passwords changed from another system. 

Hope your training is nearly finished, you did a great job for me

All the best

Tina


----------



## Deejay100six (Sep 27, 2011)

No problem Tina, glad to have helped. Take care.


----------

