Page 1 of 3 123 LastLast
Results 1 to 10 of 23
  1. #1
    Member
    Join Date
    Mar 2009
    Posts
    12
    Points
    0

    Default Removal of Addestination by Contextual ads

    After a Yahoo search on the title above, I saw a thread here on this subject.

    However it does not lead to a conclusion as to how to remove this Addestination by Contextual ads.

    I tried adding to that thread, but was somehow blocked from doing so.

    I am a new memeber. Can anyone help me get rid of this, because it has slowed my computer right down to something of the speed a pc in the early 1990's.

    Thank you.

  2. #2
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    I would recommend you do the following 6 steps, step 6 will be creating a Highjackthis log, copy the log and paste it to this thread. After that's done, we can get one of our experts to go over it and advise on further steps. Help2Go - free computer help and advice - Get Rid of Spyware, Adware, and Web Browser Hijackers


  3. #3
    Member
    Join Date
    Mar 2009
    Posts
    12
    Points
    0

    Default RemovalofAddestination by Contextual ads

    I am unable to get past step 1, because the scan does not work, as it says it is unable to update.

    Here is the message.

    ActiveScan 2.0 update
    ActiveScan 2.0 update: Update error
    Sorry, updating is incomplete due to an error. Please try again.

    0%

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,189
    Points
    1308

    Default

    Skip the scans that present a problem and keep moving forward with the next instruction.

    zep516
    Last edited by zep516; 03-06-2009 at 05:11 PM. Reason: change

  5. #5
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Is it the variation that includes the Yoog search?
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  6. #6
    Member
    Join Date
    Mar 2009
    Posts
    12
    Points
    0

    Default Log File and Answer to Question.

    Checked

    Regarding the first step that would not update, that is Panda Security by Trend Micro.

    Anyway the only step I could get to work, were the Malwarebytes Anti-Malware step, and the Hijack this log, which I have copied and pasted below.

    Generally my computer runs at the speed of watching paint dry, and then shows that whatever I am trying to do is 'Not Responding', and I have to enter the File Manager, and end the program.

    However through persistance, I have done the two steps as above.

    Here is the log file, and you assistance on this is immensley appreciated.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:50:08, on 09/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\Program Files\Virgin Broadband\PCguard\Rps.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    C:\Program Files\VoipCheapCom\VoipCheapCom.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: addestination - {1362d4b7-dd65-f587-67c8-a7ed7402ee38} - C:\WINDOWS\system32\nsjB1.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: addestination search enhancer - {3411E529-53B0-DB06-53A4-A5AD323F0D6B} - C:\WINDOWS\system32\qxkleyljgqgvnsk.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB002" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S128.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.mygames.co.uk/applet/PowerLoader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1236505640828
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/sel...g/ESTPTest.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSC...ws-i586-jc.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 10942 bytes
    Last edited by Canuck; 03-10-2009 at 12:48 PM.

  7. #7
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Download random's system information tool (RSIT) by random/random from and save it to your Desktop.


    • Double click on RSIT.exe to run.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt <will be maximized and info.txt <will be minimized
    • Please post the contents of both logs in the next reply.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  8. #8
    Member
    Join Date
    Mar 2009
    Posts
    12
    Points
    0

    Default As Requested in last post. The Logfiles. See 26/12/2008 in Files Created!

    I am no expert, but it looks like an Addestination file was created on the 26/12/2008.
    Also only one log file seems to have been created, and not two as you mentioned, but I may be mistaken of course.



    Logfile of random's system information tool 1.05 (written by random/random)
    Run by HP_Owner at 2009-03-10 08:11:00
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 44 GB (61%) free of 72 GB
    Total RAM: 1214 MB (32% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:11:06, on 10/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\System32\alg.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\Program Files\Virgin Broadband\PCguard\Rps.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
    C:\Program Files\VoipCheapCom\VoipCheapCom.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\RFT1TG5F\RSIT[1].exe
    C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: addestination - {1362d4b7-dd65-f587-67c8-a7ed7402ee38} - C:\WINDOWS\system32\nsjB1.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: addestination search enhancer - {3411E529-53B0-DB06-53A4-A5AD323F0D6B} - C:\WINDOWS\system32\qxkleyljgqgvnsk.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB002" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S128.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.mygames.co.uk/applet/PowerLoader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1236505640828
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/sel...g/ESTPTest.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 10768 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\User_Feed_Synchronization-{693FC725-6FC5-4DDC-80A1-D892FAAF135D}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1362d4b7-dd65-f587-67c8-a7ed7402ee38}]
    addestination - C:\WINDOWS\system32\nsjB1.dll [2009-03-03 623104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-14 304736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3411E529-53B0-DB06-53A4-A5AD323F0D6B}]
    addestination search enhancer - C:\WINDOWS\system32\qxkleyljgqgvnsk.dll [2009-02-20 609280]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
    PopKill Class - C:\Program Files\Virgin Broadband\PCguard\pkR.dll [2007-09-05 55024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-21 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-21 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-21 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-21 251504]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
    "AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
    "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
    "PS2"=C:\WINDOWS\system32\ps2.exe []
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "Broadbandadvisor.exe"=C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe [2007-08-07 2061552]
    "PCguard"=C:\Program Files\Virgin Broadband\PCguard\Rps.exe [2007-09-05 310000]
    "-FreedomNeedsReboot"=C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe [2007-09-05 13552]
    "EPSON Stylus CX3600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE [2004-03-04 98304]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-14 185872]
    "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "IndexCleaner"=C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe [2007-09-05 61168]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
    "VoipCheapCom"=C:\Program Files\VoipCheapCom\VoipCheapCom.exe [2008-09-08 9218872]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
    "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "IndexCleaner"=C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe [2007-09-05 61168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Games\PES08\PES2008.exe"="C:\Games\PES08\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
    "C:\WINDOWS\Temp\NavBrowser.exe"="C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser"
    "C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
    "C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Documents and Settings\HP_Owner\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\HP_Owner\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 3 months======

    2009-03-10 08:08:26 ----D---- C:\rsit
    2009-03-09 22:21:21 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-09 22:21:21 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-09 22:21:21 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-09 22:20:49 ----D---- C:\Program Files\Java
    2009-03-09 12:47:01 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2009-03-09 12:47:00 ----A---- C:\WINDOWS\system32\mucltui.dll
    2009-03-08 22:59:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-03-08 22:58:56 ----D---- C:\Program Files\Common Files\PC Tools
    2009-03-08 22:58:46 ----D---- C:\Program Files\Spyware Doctor
    2009-03-08 22:58:46 ----D---- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
    2009-03-08 22:58:46 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
    2009-03-08 22:47:44 ----D---- C:\Program Files\Trend Micro
    2009-03-08 09:56:06 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2009-03-06 21:25:12 ----D---- C:\Program Files\Panda Security
    2009-03-04 20:56:56 ----SHD---- C:\WINDOWS\ftpcache
    2009-03-03 12:30:14 ----A---- C:\WINDOWS\system32\nsjB1.dll
    2009-02-25 18:48:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-20 10:38:36 ----A---- C:\WINDOWS\system32\qxkleyljgqgvnsk.dll
    2009-02-17 08:27:54 ----D---- C:\WINDOWS\system32\Epson
    2009-02-11 23:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
    2009-02-11 23:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
    2009-02-05 15:09:10 ----A---- C:\WINDOWS\system32\2698e7a4-d8cb-b7b3-86e4-2814241bce62.exe
    2009-01-26 16:42:52 ----D---- C:\Program Files\*
    2009-01-14 14:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2008-12-30 21:54:27 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Sonic
    2008-12-30 21:54:06 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Leadertech
    2008-12-26 02:44:13 ----A---- C:\WINDOWS\system32\qxkleyljgqgvnsk.dll-uninst.exe
    2008-12-26 02:41:55 ----A---- C:\WINDOWS\system32\cont_addestination-remove.exe
    2008-12-26 02:41:46 ----A---- C:\WINDOWS\system32\qgecpzgnxbs.exe

    ======List of files/folders modified in the last 3 months======

    2009-03-10 08:09:02 ----D---- C:\Documents and Settings\HP_Owner\Application Data\skypePM
    2009-03-10 08:08:32 ----D---- C:\WINDOWS\Prefetch
    2009-03-10 08:03:35 ----D---- C:\WINDOWS\Temp
    2009-03-10 07:40:20 ----SHD---- C:\RECYCLER
    2009-03-10 07:40:17 ----SHD---- C:\WINDOWS\Installer
    2009-03-10 07:40:16 ----D---- C:\Config.Msi
    2009-03-10 07:39:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Skype
    2009-03-10 07:36:26 ----D---- C:\WINDOWS
    2009-03-10 07:36:16 ----D---- C:\WINDOWS\system32\drivers
    2009-03-09 23:06:13 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-09 23:06:12 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-09 22:21:22 ----D---- C:\WINDOWS\system32
    2009-03-09 22:20:54 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-09 22:20:49 ----D---- C:\Program Files
    2009-03-09 15:22:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-03-09 15:12:00 ----A---- C:\WINDOWS\win.ini
    2009-03-09 15:05:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2009-03-09 15:04:17 ----D---- C:\WINDOWS\pchealth
    2009-03-09 12:46:57 ----HD---- C:\WINDOWS\inf
    2009-03-08 22:58:56 ----D---- C:\Program Files\Common Files
    2009-03-08 09:47:26 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-03-07 17:06:41 ----D---- C:\Program Files\VoipCheapCom
    2009-03-06 16:16:33 ----D---- C:\WINDOWS\system32\FxsTmp
    2009-03-06 14:20:11 ----D---- C:\Documents and Settings\HP_Owner\Application Data\PowerChallenge
    2009-03-06 04:50:51 ----D---- C:\WINDOWS\system32\Adobe
    2009-03-04 20:56:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2009-03-04 20:56:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-04 20:56:00 ----D---- C:\WINDOWS\system32\dllcache
    2009-03-04 20:55:32 ----D---- C:\Program Files\Internet Explorer
    2009-03-04 20:55:10 ----D---- C:\Program Files\Google
    2009-02-25 18:45:16 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-14 12:07:49 ----A---- C:\WINDOWS\cdplayer.ini
    2009-02-11 23:23:48 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-11 10:44:16 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
    2009-02-03 23:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-01-20 23:31:25 ----D---- C:\WINDOWS\Help
    2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-01-13 02:20:07 ----D---- C:\Program Files\Adobe
    2008-12-30 18:28:03 ----D---- C:\WINDOWS\SoftwareDistribution
    2008-12-25 19:27:32 ----A---- C:\WINDOWS\orun32.ini
    2008-12-25 19:06:40 ----D---- C:\Documents and Settings\HP_Owner\Application Data\HPQ
    2008-12-25 00:33:21 ----D---- C:\WINDOWS\Tasks
    2008-12-24 15:26:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-12-20 23:15:41 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-12-20 23:15:40 ----A---- C:\WINDOWS\system32\webcheck.dll
    2008-12-20 23:15:40 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-12-20 23:15:39 ----A---- C:\WINDOWS\system32\url.dll
    2008-12-20 23:15:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-12-20 23:15:38 ----A---- C:\WINDOWS\system32\occache.dll
    2008-12-20 23:15:32 ----A---- C:\WINDOWS\system32\mstime.dll
    2008-12-20 23:15:31 ----A---- C:\WINDOWS\system32\msrating.dll
    2008-12-20 23:15:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-12-20 23:15:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-12-20 23:15:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-12-20 23:15:23 ----A---- C:\WINDOWS\system32\jsproxy.dll
    2008-12-20 23:15:22 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-12-20 23:15:21 ----A---- C:\WINDOWS\system32\iernonce.dll
    2008-12-20 23:15:21 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-12-20 23:15:16 ----A---- C:\WINDOWS\system32\iedkcs32.dll
    2008-12-20 23:15:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-12-20 23:15:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
    2008-12-20 23:15:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
    2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\extmgr.dll
    2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-12-20 23:15:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-12-20 23:15:11 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-12-19 09:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-12-19 09:10:15 ----A---- C:\WINDOWS\system32\ie4uinit.exe
    2008-12-19 05:23:56 ----A---- C:\WINDOWS\system32\ieakui.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
    R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-11-26 835792]
    R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-11-04 53192]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
    R3 cmpci;TerraTec Aureon 5.1 (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624]
    R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
    S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
    R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-11-27 177448]
    R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
    R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]
    R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\Fws.exe [2007-09-05 293104]
    R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
    R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
    R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]
    R3 RPSUpdaterR;Virgin Broadband PCguard Update Service; C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe [2008-11-04 99056]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 137200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Radialpoint Security Services;Virgin Broadband PCguard; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------

  9. #9
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make. Please follow these instructions to disable it.

    To deactivate Spyware Doctor's OnGuard Tools


    • Click the Spyware Doctor icon in the System Tray.
    • Click Settings.
    • Click Startup Settings under Pick a Category.
    • Uncheck Run at Windows startup.
    • Click Apply and Exit Spyware Doctor.
    • From within Spyware Doctor, click the OnGuard button on the left side.
    • Uncheck Activate OnGuard.
    • (When we are done, you can re-enable Spyware Doctor)



    ----------

    Look in Add/Remove Programs and uninstall (if found):

    - *Random name Tool Addestination
    - Addestination
    - Addestination Search Enhancer
    - Advanced Optimization Addestination
    - Ad Rotator
    - Search Enhancer

    ----------

    Open HijackThis and select Do a system scan only.

    Place a check mark next to the following entries: (if there)

    - O2 - BHO: addestination - {1362d4b7-dd65-f587-67c8-a7ed7402ee38} - C:\WINDOWS\system32\nsjB1.dll
    - O2 - BHO: addestination search enhancer - {3411E529-53B0-DB06-53A4-A5AD323F0D6B} - C:\WINDOWS\system32\qxkleyljgqgvnsk.dll
    - O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.

    ----------

    Go to Start > Run and type notepad.exe then click OK

    Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

    Code:
    REGEDIT4
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1362d4b7-dd65-f587-67c8-a7ed7402ee38}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3411E529-53B0-DB06-53A4-A5AD323F0D6B}]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "AlcxMonitor"=-
    Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

    Delete the fixme.reg from the Desktop.

    ----------

    Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

    Link #1
    Link #2

    **Note: It is important that it is saved directly to your Desktop

    Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Double click combofix.exe & follow the prompts.
    When finished ComboFix will produce a log for you.
    Post the ComboFix log in your next reply.

    Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

    If you have problems with ComboFix usage, see How to use ComboFix
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  10. #10
    Member
    Join Date
    Mar 2009
    Posts
    12
    Points
    0

    Default The ComboFix log file as per the last steps (completed)

    Here it is. Thank you again for this help. How do you get finaced here? I want to show my gratitude, so please allow me to do that in the most useful way to your team.

    ComboFix 09-03-06.02 - HP_Owner 2009-03-10 19:15:33.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1214.539 [GMT 0:00]
    Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
    AV: PCguard Anti-Virus *On-access scanning disabled* (Updated)
    FW: PCguard Firewall *disabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\HP_Owner\Application Data\addons.dat
    c:\windows\system32\tmp80.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
    .

    2009-03-10 17:27 . 2009-03-10 17:27 0 --a------ c:\windows\nsreg.dat
    2009-03-10 08:08 . 2009-03-10 08:08 <DIR> d-------- C:\rsit
    2009-03-09 22:21 . 2009-03-09 22:20 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-03-09 22:20 . 2009-03-09 22:20 <DIR> d-------- c:\program files\Java
    2009-03-09 12:47 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-03-09 12:47 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-03-08 22:59 . 2009-03-10 19:08 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-03-08 22:59 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
    2009-03-08 22:59 . 2009-02-23 10:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
    2009-03-08 22:59 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
    2009-03-08 22:58 . 2009-03-10 08:03 <DIR> d-------- c:\program files\Spyware Doctor
    2009-03-08 22:58 . 2009-03-08 23:01 <DIR> d-------- c:\program files\Common Files\PC Tools
    2009-03-08 22:58 . 2009-03-08 22:58 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\PC Tools
    2009-03-08 22:58 . 2009-03-08 22:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
    2009-03-08 22:58 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
    2009-03-08 22:47 . 2009-03-08 22:47 <DIR> d-------- c:\program files\Trend Micro
    2009-03-08 09:56 . 2009-03-08 09:56 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-03-06 21:25 . 2009-03-06 21:25 <DIR> d-------- c:\program files\Panda Security
    2009-03-06 21:25 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
    2009-03-04 20:56 . 2009-03-04 20:56 <DIR> d--hs---- c:\windows\ftpcache
    2009-02-17 08:27 . 2009-02-17 08:27 <DIR> d-------- c:\windows\system32\Epson

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-10 19:19 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Skype
    2009-03-10 16:09 --------- d-----w c:\documents and settings\HP_Owner\Application Data\skypePM
    2009-03-09 22:20 410,984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-09 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-03-07 17:06 --------- d-----w c:\program files\VoipCheapCom
    2009-03-06 14:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\PowerChallenge
    2009-03-04 20:56 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-03-04 20:55 --------- d-----w c:\program files\Google
    2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-01-26 16:42 --------- d-----w c:\program files\*
    2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
    2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
    2008-11-26 17:59 0 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
    "VoipCheapCom"="c:\program files\VoipCheapCom\VoipCheapCom.exe" [2008-09-08 9218872]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
    "PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
    "-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
    "EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-14 185872]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Games\\PES08\\PES2008.exe"=
    "c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
    "c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Documents and Settings\\HP_Owner\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-06 28544]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-08 130424]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-08 348752]
    S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [2006-07-04 5120]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv
    .
    Contents of the 'Scheduled Tasks' folder

    2009-03-10 c:\windows\Tasks\User_Feed_Synchronization-{693FC725-6FC5-4DDC-80A1-D892FAAF135D}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-PS2 - c:\windows\system32\ps2.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://powersoccer.mygames.co.uk/applet/PowerLoader.cab
    FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r0e5zguw.default\
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www8.yoog.com/search.php?q=
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www8.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-10 19:19:39
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(776)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-03-10 19:22:23
    ComboFix-quarantined-files.txt 2009-03-10 19:22:19

    Pre-Run: 46,279,004,160 bytes free
    Post-Run: 47,470,845,952 bytes free

    146 --- E O F --- 2009-03-09 15:22:45

Page 1 of 3 123 LastLast