Basically i've come home for the holidays to find my sister had almost obliterated the home computer. I managed to get rid of lots of Ad/Spyware with Searchbot, 3 viruses picked up by a very out of date Norton Security and Antivir, and then 7 (my sister is careless) trojan horses after I removed Norton in exchange for the newest edition on AVG. But mozilla seems to be the only thing affected now as every attempt to run the programme just gets a pop-up saying:
The application of DLL C:\Program Files\Mozilla Firefox\xul.dll is not a valid Windows image. Please check this against your installation diskette.
This seems to be the only programme that i've found that gives me that.
I'm running Windows XP Home Edition SP3 on a Dell desktop (if that helps =)...)
I'm attaching the logs and copy and pasting them below.
p.s My sister always has her iPod plugged in to shift around films, would it be wise to run all these checks on her iPod aswell?? Her old one had an infection before.
Thanks.
_______________________________________
__________
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 01/08/2010 at 05:27 AM
Application Version : 4.33.1000
Core Rules Database Version : 4459
Trace Rules Database Version: 2280
Scan type : Complete Scan
Total Scan Time : 02:56:16
Memory items scanned : 524
Memory threats detected : 0
Registry items scanned : 6111
Registry threats detected : 7
File items scanned : 123509
File threats detected : 154
MyWay Search Assistant Computers
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
HKU\S-1-5-21-1684091330-3342741118-4197664105-1014\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
Adware.Tracking Cookie
C:\Documents and Settings\the girl\Cookies\the_girl@atdmt[2].txt
C:\Documents and Settings\the girl\Cookies\the_girl@statcounter[1].txt
C:\Documents and Settings\the girl\Cookies\the_girl@adbrite[1].txt
C:\Documents and Settings\the girl\Cookies\the_girl@doubleclick[1].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad\Cookies\dad@2o7[2].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad\Cookies\dad@advertising[1].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad\Cookies\dad@atdmt[2].txt
C:\Documents and Settings\Dad\Cookies\dad@bluestreak[1].txt
C:\Documents and Settings\Dad\Cookies\dad@bravenet[1].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad\Cookies\dad@casalemedia[1].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad\Cookies\dad@doubleclick[1].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad\Cookies\dad@fastclick[2].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad\Cookies\dad@hitbox[1].txt
C:\Documents and Settings\Dad\Cookies\dad@maxserving[2].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad\Cookies\dad@mediaplex[2].txt
C:\Documents and Settings\Dad\Cookies\dad@revsci[1].txt
C:\Documents and Settings\Dad\Cookies\dad@serving-sys[2].txt
C:\Documents and Settings\Dad\Cookies\dad@statcounter[1].txt
C:\Documents and Settings\Dad\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@adecn[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@adrevolver[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@adtech[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@advertising[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@adviva[2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][3].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@atdmt[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@atwola[2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@bluestreak[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@burstnet[2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@doubleclick[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@imrworldwide[2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@insightexpressai[2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][3].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@mediaplex[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@overture[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@questionmarket[2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@revsci[2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][3].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@serving-sys[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@specificclick[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@tacoda[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@tradedoubler[2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@tribalfusion[1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][2].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\
[email protected][1].txt
C:\Documents and Settings\Dad.SAKURA\Cookies\dad@zedo[1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@adecn[1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@adrevolver[2].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][2].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@adtech[1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@advertising[2].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@adviva[1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@atdmt[2].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@bluestreak[1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@doubleclick[1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@imrworldwide[2].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][2].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][3].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@mediaplex[1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@serving-sys[2].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@specificclick[2].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\finance_office@tradedoubler[1].txt
C:\Documents and Settings\FINANCE OFFICE\Cookies\
[email protected][1].txt
.122.2o7.net [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.122.2o7.net [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.122.2o7.net [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.adknowledge.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.as-eu.falkag.net [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
.stats.channel4.com [ C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\m7gxrpoj.default\cookies.txt ]
C:\Documents and Settings\Mum\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mum\Cookies\mum@adknowledge[1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mum\Cookies\mum@advertising[2].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\mum@apmebf[1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\mum@atdmt[2].txt
C:\Documents and Settings\Mum\Cookies\mum@burstnet[2].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\mum@casalemedia[2].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\mum@doubleclick[1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\mum@fastclick[2].txt
C:\Documents and Settings\Mum\Cookies\mum@hitbox[1].txt
C:\Documents and Settings\Mum\Cookies\mum@hypertracker[1].txt
C:\Documents and Settings\Mum\Cookies\mum@kanoodle[1].txt
C:\Documents and Settings\Mum\Cookies\mum@maxserving[2].txt
C:\Documents and Settings\Mum\Cookies\mum@mediaplex[1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\mum@qksrv[2].txt
C:\Documents and Settings\Mum\Cookies\mum@questionmarket[1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mum\Cookies\mum@statcounter[2].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mum\Cookies\mum@tacoda[2].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][2].txt
C:\Documents and Settings\Mum\Cookies\mum@tradedoubler[1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\
[email protected][1].txt
C:\Documents and Settings\Mum\Cookies\mum@zedo[1].txt
_______________________________________
__________
Malwarebytes' Anti-Malware 1.44
Database version: 3514
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
08/01/2010 07:44:46
mbam-log-2010-01-08 (07-44-46).txt
Scan type: Quick Scan
Objects scanned: 164065
Time elapsed: 15 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 9
Folders Infected: 3
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Dropper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\THEGIR~1\APPLIC~1\MACROM~1\Common\fb03a04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\THEGIR~1\APPLIC~1\MACROM~1\Common\fb03a04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\THEGIR~1\APPLIC~1\MACROM~1\Common\fb03a04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\THEGIR~1\APPLIC~1\MACROM~1\Common\fb03a04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\THEGIR~1\APPLIC~1\MACROM~1\Common\fb03a04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\THEGIR~1\APPLIC~1\MACROM~1\Common\fb03a04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\THEGIR~1\APPLIC~1\MACROM~1\Common\fb03a04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\THEGIR~1\APPLIC~1\MACROM~1\Common\fb03a04a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\Documents and Settings\the girl\Application Data\Macromedia\Common\fb03a04a1.dll (Hijack.Sound) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
_______________________________________
__________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:59:02, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.co.uk/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://bfc.myway.com/search/de_srchlft.html?p=DKR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 11648 bytes
[Saving space, attachment deleted by admin]