Bricat - sorry for the delay
Combofix log =
ComboFix 10-09-23.01 - Clayton Family 23/09/2010 19:30:23.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.959.525 [GMT 1:00]
Running from: c:\documents and settings\Clayton Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Clayton Family\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
FILE ::
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\avp.exe"
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\avp32.exe"
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\gdi32.exe"
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\iexplarer. exe"
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\login.exe"
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\mwthu69.ex e"
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\n0bletlb7. exe"
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\Pwp.exe"
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\r34jirtsui.exe "
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\win.exe"
"c:\docume~1\CLAYTO~1\LOCALS~1\Temp\win16.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\etmex.exe"
"c:\documents and settings\LogMeInRemoteUser.FAMILY_PC\Start Menu\Programs\Startup\dyic.exe"
"c:\windows\login.exe"
"c:\windows\msauenf2.dll"
"c:\windows\ocadomigivajiy.dll"
"c:\windows\Phozum.dat"
"c:\windows\Ppivya.exe"
"c:\windows\system32\163988363A.sys"
"c:\windows\Ysakeyeguwiviy.bin"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Clayton Family\Application Data\Exbiz
c:\documents and settings\Clayton Family\Application Data\Exbiz\yxen.exe
c:\documents and settings\Clayton Family\Application Data\Iwex
c:\documents and settings\Clayton Family\Application Data\Iwex\yvto.exe
c:\documents and settings\Clayton Family\Application Data\Keumez
c:\documents and settings\Clayton Family\Application Data\Keumez\baer.ebo
c:\documents and settings\Clayton Family\Application Data\Leonr
c:\documents and settings\Clayton Family\Application Data\Leonr\okwyp.exe
c:\documents and settings\Clayton Family\Application Data\Microsoft\svchost .exe
c:\documents and settings\Clayton Family\Application Data\Osxe
c:\documents and settings\Clayton Family\Application Data\Otipsi
c:\documents and settings\Clayton Family\Application Data\Suod
c:\documents and settings\Clayton Family\Application Data\Suod\gaif .exe
c:\documents and settings\Clayton Family\Application Data\Suod\gaif.exe
c:\documents and settings\Clayton Family\Local Settings\Application Data\ssktxkcxl
c:\documents and settings\Default User\Start Menu\Programs\Startup\etmex.exe
c:\documents and settings\LogMeInRemoteUser.FAMILY_PC\Start Menu\Programs\Startup\dyic.exe
c:\program files\sys1
c:\program files\sys1\se.exe
c:\program files\sys2
c:\program files\sys2\sol.exe
c:\program files\sys4
c:\program files\sys5
c:\program files\sys5\sol.exe
c:\windows\login.exe
c:\windows\msauenf2.dll
c:\windows\ocadomigivajiy.dll
c:\windows\Phozum.dat
c:\windows\Ppivya.exe
c:\windows\system32\163988363A.sys
c:\windows\Ysakeyeguwiviy.bin
.
((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.
2010-09-21 22:31 . 2010-09-21 22:31 -------- d-----w- c:\program files\ieSpell
2010-09-19 19:22 . 2010-09-19 19:22 -------- d-----w- c:\program files\Trend Micro
2010-09-19 19:18 . 2010-09-19 19:18 -------- d-----w- c:\documents and settings\Clayton Family\Local Settings\Application Data\AVG Security Toolbar
2010-09-19 11:30 . 2010-09-19 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-18 20:10 . 2010-09-20 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-09-18 18:11 . 2010-09-18 18:11 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-18 11:56 . 2010-09-18 11:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-12 11:24 . 2010-09-23 18:30 -------- d-----w- c:\program files\FVD Suite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-23 19:57 . 2008-09-12 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-09-23 18:30 . 2005-09-07 21:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-23 18:30 . 2009-12-29 18:27 -------- d-----w- c:\program files\QuickTime
2010-09-23 18:30 . 2008-04-17 10:15 -------- d-----w- c:\program files\Picasa2
2010-09-23 18:30 . 2005-05-08 18:04 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-23 18:30 . 2009-12-31 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 18:30 . 2007-07-08 22:20 -------- d-----w- c:\program files\BitTorrent
2010-09-23 18:30 . 2006-08-02 21:18 -------- d-----w- c:\program files\ActivBoard
2010-09-23 18:22 . 2008-10-04 19:25 -------- d-----w- c:\program files\LogMeIn
2010-09-21 19:34 . 2009-09-25 21:18 -------- d-----w- c:\program files\Microsoft
2010-09-21 18:55 . 2010-03-14 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-21 18:43 . 2010-09-18 18:06 112 ----a-w- c:\documents and settings\All Users\Application Data\ThtUMbh.dat
2010-09-20 12:43 . 2005-10-31 15:56 745472 ----a-w- C:\StubInstaller.exe
2010-09-19 14:48 . 2010-09-19 13:22 2096 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-09-19 14:40 . 2005-09-07 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-12 11:24 . 2010-05-17 21:17 -------- d-----w- c:\documents and settings\Clayton Family\Application Data\FVDToolbar
2010-09-09 18:39 . 2009-09-05 21:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-03 23:15 . 2007-07-08 22:21 -------- d-----w- c:\documents and settings\Clayton Family\Application Data\BitTorrent
2010-08-17 13:17 . 2004-08-10 15:38 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-06 20:04 . 2010-08-06 20:04 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-06 20:04 . 2010-08-06 20:04 -------- d-----w- c:\program files\eRightSoft
2010-08-06 16:07 . 2009-08-02 16:07 -------- d-----w- c:\documents and settings\Clayton Family\Application Data\LimeWire
2010-08-03 19:25 . 2009-05-24 15:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-22 15:49 . 2004-08-10 15:38 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 06:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 08:45 . 2010-03-14 13:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 08:45 . 2010-07-17 08:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 08:44 . 2008-08-03 10:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2004-08-10 15:38 149504 ----a-w- c:\windows\system32\schannel.dll
2006-05-03 09:06 . 2010-08-06 20:04 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-08-06 20:04 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-08-06 20:04 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Clayton Family\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-5-23 95232]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 08:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 10:04 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HNUKUOXRpYecd.com/dw/dw.php?id=%s&ver=d01]
c:\docume~1\CLAYTO~1\LOCALS~1\Temp\n0bletlb7.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2008-02-27 16:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-09-20 11:57 87552 ----a-w- c:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 21:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 16:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 17:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 21:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
2006-10-27 09:43 1495111 ----a-w- c:\program files\PPMate\PPMate\ppmate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 09:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tesco Insert Detect]
2003-02-17 11:45 262144 ----a-w- c:\program files\Tesco\Picture Suite\InsDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Zattoo\\zattood.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\Program Files\\Zattoo\\Zattoo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Clayton Family\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"29566:TCP"= 29566:TCP:limewire
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [31/12/2009 10:23 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/08/2008 11:40 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14/03/2010 14:06 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/07/2010 09:45 308136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 18:46 12856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 09:22 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [18/09/2010 21:10 431432]
S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvb i.sys [11/09/2005 21:36 6400]
.
Contents of the 'Scheduled Tasks' folder
2010-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:22]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: FVDToolbar Add Page - c:\program files\FVD Suite\addons\IE\FVDToolbar.dll/IECONTEXT.DLL.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: musicmatch.com\online
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} - hxxp://img.funtigo.com/images/uploader/ssiPictureUploader.cab
FF - ProfilePath - c:\documents and settings\Clayton Family\Application Data\Mozilla\Firefox\Profiles\g3jdtdiv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - component: c:\documents and settings\Clayton Family\Application Data\Mozilla\Firefox\Profiles\g3jdtdiv.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - component: c:\program files\FVD Suite\addons\Firefox\components\fvd_connector.dll
FF - plugin: c:\documents and settings\Clayton Family\Application Data\Mozilla\Firefox\Profiles\g3jdtdiv.default\ext ensions\DeviceDetection@logitech.com\plugins\npLog itechDeviceDetection.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-{53CA19EC-130C-D451-FFD0-EDF302D09732} - c:\documents and settings\Clayton Family\Application Data\Iwex\yvto.exe
HKCU-Run-{CE05C686-7259-07A8-E676-C8561C3AD9BF} - c:\documents and settings\Clayton Family\Application Data\Leonr\okwyp.exe
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
MSConfigStartUp-ASH24SXZ9S - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\Pwp.exe
MSConfigStartUp-BlockChecker - c:\program files\Block Checker\block-checker.exe
MSConfigStartUp-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
MSConfigStartUp-ControlCenter3 - c:\program files\Brother\ControlCenter3\brctrcen.exe
MSConfigStartUp-Dlovopologocel - c:\windows\ocadomigivajiy.dll
MSConfigStartUp-handlerfix70700en00 - c:\documents and settings\Clayton Family\Application Data\974F63B7E4EDF9AC14C0A6ED735FD952\handlerfix70 700en00.exe
MSConfigStartUp-HNUKUOXRme - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\avp.exe
MSConfigStartUp-534 - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\avp.exe
MSConfigStartUp-HNUKUOXRmSc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\avp32.exe
MSConfigStartUp-HNUKUOXRnoc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\debug.exe
MSConfigStartUp-HNUKUOXRnsc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\drweb.exe
MSConfigStartUp-HNUKUOXRnyc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\csrss.exe
MSConfigStartUp-HNUKUOXRnZ - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\cmd.exe
MSConfigStartUp-HNUKUOXRoMc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\gdi32.exe
MSConfigStartUp-HNUKUOXRota - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\install.exe
MSConfigStartUp-HNUKUOXRotc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\hexdump.exe
MSConfigStartUp-HNUKUOXRouqc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\iexplarer.exe
MSConfigStartUp-HNUKUOXRprc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\login.exe
MSConfigStartUp-HNUKUOXRpuc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\lsass.exe
MSConfigStartUp-HNUKUOXRpw+ - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\nvsvc32.exe
MSConfigStartUp-HNUKUOXRpyA - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\mwthu69.exe
MSConfigStartUp-HNUKUOXRpYec - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\n0bletlb7.exe
MSConfigStartUp-HNUKUOXRpZ - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\mdm.exe
MSConfigStartUp-HNUKUOXRqOzd - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\r34jirtsui.exe
MSConfigStartUp-HNUKUOXRre - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\user.exe
MSConfigStartUp-HNUKUOXRrrb - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\taskmgr.exe
MSConfigStartUp-HNUKUOXRrta - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\services.exe
MSConfigStartUp-HNUKUOXRrtc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\sysedit.exe
MSConfigStartUp-HNUKUOXRruf - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\spoolsv.exe
MSConfigStartUp-HNUKUOXRrvc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\setup.exe
MSConfigStartUp-HNUKUOXRrxe - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\system.exe
MSConfigStartUp-HNUKUOXRsa - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\win.exe
MSConfigStartUp-HNUKUOXRsPc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\win16.exe
MSConfigStartUp-HNUKUOXRspe - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\winamp.exe
MSConfigStartUp-HNUKUOXRsre - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\wininst.exe
MSConfigStartUp-HNUKUOXRssc - c:\docume~1\CLAYTO~1\LOCALS~1\Temp\winlogon.exe
MSConfigStartUp-MKasc - c:\windows\drweb.exe
MSConfigStartUp-Olitapim - c:\windows\msauenf2.dll
MSConfigStartUp-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
MSConfigStartUp-pnbjotuu - c:\documents and settings\Clayton Family\Local Settings\Application Data\ssktxkcxl\liaekcwtssd.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-09-23 20:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,67,2e ,46,9f,49,c3,48,b4,71,64,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,67,2e ,46,9f,49,c3,48,b4,71,64,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(916)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
************************************************** ************************
.
Completion time: 2010-09-23 21:07:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-23 20:07
ComboFix2.txt 2010-09-21 19:57
Pre-Run: 69,702,684,672 bytes free
Post-Run: 69,736,173,568 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 22D7D8225C72E8DC5BDE7C90EE705740
HJT log =
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:23, on 23/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Clayton Family\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:50370
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\prog ram files\microsoft\desktoplayer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FVD Suite Toolbar - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nonep] C:\Program Files\sys5\sol.exe
O4 - HKCU\..\Run: [{53CA19EC-130C-D451-FFD0-EDF302D09732}] "C:\Documents and Settings\Clayton Family\Application Data\Ubid\wamow.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: FVDToolbar Add Page - res://C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll/IECONTEXT.DLL.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Open FVD Suite Toolbar - {2B171655-A69C-5c18-B693-6CB5DC269D43} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Open FVD Suite Toolbar - {2B171655-A69C-5c18-B693-6CB5DC269D43} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (HKCU)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) -
http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) -
https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Documents and Settings\Clayton Family\My Documents\lucinda\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 11764 bytes
================================================== ===================
still getting the resident shield errors and windows is still blocking explorer
can't get fire fox to start at all but can live with that at the mo
================================================== ===============
thanks for your fantastic help so far
regards
David
Re: Big problems for someone who ought to know better
Linear Mode
