some help with infections please

[jagz]

Hi,

I’m trying to help my daughter rid her computer of infections using ultraVNC (distance) to connect. She has WinXP sp3.

Recently, severe pop ups began. As I understand, phony virus alerts and phony scans appeared to be running. The system would not allow her to launch programs such as Outlook Express, msconfig and most any other executables and start up was painfully slow. (5-10 minutes) She was able to dnl’d spybot search & destroy as well as the recent update file, but unable to run. I had her boot into safe mode, update definitions and scan from there. 24 problems were fixed but I don’t know the details of the names. She then was able to perform a “system restore” to a previous date. Afterwards she was able to boot normally but a bit slow apparently. It was only after this, she was able to install UVNC with server functions.

After reading some other threads, I’ve installed Malwarebytes, updated, and performed a full system scan, removed the selected then rebooted and produced a Hijackthis log file. The Malwarebytes and HJT logs are below. Hopefully we can eliminate any nasty remnants.

Any help that can be provided will be greatly appreciated.

Thanks

Malwarebytes' Anti-Malware 1.41
Database version: 3118
Windows 5.1.2600 Service Pack 3

07/11/2009 3:45:47 PM
mbam-log-2009-11-07 (15-45-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 279418
Time elapsed: 3 hour(s), 26 minute(s), 48 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 61
Files Infected: 71

Memory Processes Infected:
C:\Program Files\kb_2k.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\SCKBD.DLL (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Pro ducts\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\keyboard (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

[jagz]

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Starware347 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\EntertainmentMarketingSP\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\EntertainmentMarketingSP\images\a ctive (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\EntertainmentMarketingSP\images\d efault (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Pranks (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\ScreensaversMarketingSitePager\im ages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\EntertainmentMarketingSP\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\EntertainmentMarketingSP\images\a ctive (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\EntertainmentMarketingSP\images\d efault (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Pranks (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\ScreensaversMarketingSitePager\im ages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\EntertainmentMarketingSP\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\EntertainmentMarketingSP\images\a ctive (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\EntertainmentMarketingSP\images\d efault (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\JokeSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Pranks (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\ScreensaversMarketingSitePager\im ages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\default (Adware.Starware) -> Quarantined and deleted successfully.

[jagz]

Files Infected:
C:\Documents and Settings\Rylie\My Documents\SetupCasino.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\jokesearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\pranks.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConf ig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConf ig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.x ml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.x ml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.x ml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.x ml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\EntertainmentMarketingSP\images\a ctive\EntertainmentMarketingSP0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml. backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Pranks\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\Pranks\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Braydie\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\EntertainmentMarketingSP\images\a ctive\EntertainmentMarketingSP0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml. backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Pranks\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\Pranks\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.

[jagz]

C:\Documents and Settings\Rylie\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\EntertainmentMarketingSP\images\a ctive\EntertainmentMarketingSP0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml. backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Pranks\PranksOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\Pranks\PranksOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rylie\Application Data\Starware347\ScreensaversMarketingSitePager\im ages\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\SCKBD.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\kb_2k.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[jagz]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:19 PM, on 07/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com
O1 - Hosts: 91.212.127.226 winguard-2009.com
O1 - Hosts: 91.212.127.226 www.winguard-2009.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164037751968
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.11.cab?
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe

--
End of file - 8285 bytes

[classicsoftware]

First, it's best NOT to run any scan until instructed and to have a hijackthis log from before and after the scan to see what changes occurred. That being said:

Open hijackthis and place a check next to:
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com
O1 - Hosts: 91.212.127.226 winguard-2009.com
O1 - Hosts: 91.212.127.226 www.winguard-2009.com

O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)

O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)

close all open program and browser windows except for hijackthis and click fix checked.

Re-boot
Post a fresh log
tell us how the system is running.

[jagz]

Thank you for your reply Classic, I'll know better next time to scan and post the log first. She reports the system seems to be running faster now. Here is the log>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:05 PM, on 07/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164037751968
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.11.cab?
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe

--
End of file - 7869 bytes

[classicsoftware]

Using Internet Explorer, Click here to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.

• Then click the F-Secure Online Scanner Next Generation Beta link.
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
• Click the Full System Scan button.
• It will start to download scanner components and databases. This can take a while.
• The main scan will start.
• Once the scan finished scanning, click the Automatic cleaning (recommended) button
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
• The cleaning can take a while, so please be patient.
• Then click the Show report button and copy and paste what's present under results in your next reply.

[jagz]

Thank you Classic, here is the report.

10 malware found
TrackingCookie.2o7 (spyware)
• System (Disinfected)
TrackingCookie.Advertising (spyware)
• System (Disinfected)
TrackingCookie.Atdmt (spyware)
• System (Disinfected)
TrackingCookie.Doubleclick (spyware)
• System (Disinfected)
TrackingCookie.Revsci (spyware)
• System (Disinfected)
TrackingCookie.Adbrite (spyware)
• System (Disinfected)
TrackingCookie.Webtrends (spyware)
• System (Disinfected)
TrackingCookie.Mediaplex (spyware)
• System (Disinfected)
TrackingCookie.Atwola (spyware)
• System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
• System (Disinfected)

Statistics
Scanned:
• Files: 80287
• System: 9746
• Not scanned: 6
Actions:
• Disinfected: 10
• Renamed: 0
• Deleted: 0
• Not cleaned: 0
• Submitted: 0
Files not scanned:
• C:\PAGEFILE.SYS
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:
Scanning options:
• Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
• Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

[classicsoftware]

Your system appears to be clean. Now let's see if we can keep it this way.

How to Protect Yourself While On-Line

1. Make sure you are careful where you browse. Stay away from porn and gambling sites. The use of P2P software and the downloading of "free" music and movies leaves your machine vulnerable to infection.
2. If you use Windows XP, consider browsing with a program called Drop My Rights. Alternatively, you should consider using the net with a limited user account.
3. Learn to secure your browser.
4. Make sure you have an up to date Antivirus. Scan Regularly. There are many free versions:
   • AVAST
   • AVG
   • Antivir
5. Make sure you have a software firewall and if you are on broadband, get behind a NAT router. There are also free versions:
   • Kerio
   • Sygate
   • Zone Alarm
6. Keep Windows up to date. Visit Windows Update and Office Update regularly, or subscribe to Microsoft Update.
7. Keep all of your software up to date. You can check on your software with the Secunia Software Inspector. Sign up for e-mail notification and they will tell you when to check your system again.
8. Use Firefox with the NoScript extension as your web browser.
9. Download, install and keep an updated version of SpywareBlaster.
10. Do NOT click on links in any I.M. program.
11. Use Thunderbird in place of Outlook or Outlook Express.
12. DO NOT open attachments from ANYONE. Download them, and scan them with your AV before opening and only if your expect to receive them.
13. If you use IE download a copy of IE-Spyad.
14. Ditch Adobe Acrobat Reader. It is the most attacked program at the present time. Use Foxit Reader

[jagz]

Thanks so much for all your help Classic! It's much appreciated.