Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible malware attack....notebook very slow


  • This topic is locked This topic is locked
11 replies to this topic

#1 samoyed

samoyed

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 24 March 2010 - 01:48 PM

Hi,

possible malware attack....notebook very slow with funny noise.
constantly get this error
http://farm3.static.flickr.com/2691/445988...2dc87acab_o.jpg

surfing the internet is also slow
a few weeks ago, Malwarebytes found Vundo but unsure if it has been removed


DDS (Ver_10-03-17.01) - NTFSx86
Run by Adelene at 22:50:27.42 on Wed 24/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.510.95 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Documents and Settings\Adelene\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Google Update] "c:\documents and settings\adelene\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [S3Hotkey] s3hotkey.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
StartupFolder: c:\docume~1\adelene\startm~1\programs\startup\autoru~1\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\docume~1\adelene\startm~1\programs\startup\autoru~1\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153894173578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://interactivebrokers.webex.com/client/T23L/webex/ieatgpc.cab
Handler: AutorunsDisabled\cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: AutorunsDisabled\cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} -
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adelene\applic~1\mozilla\firefox\profiles\x6w3nqzc.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2|http://www.backtothebible.org/index.php/devotions/authors/lessons_on_living_kroll.html|http://www.bom.gov.au/cgi-bin/wrap_fwo.pl?IDQ10090.html|http://www.yourtv.com.au/|http://www.pennytel.com/au/index.jsp|http://motormouth.com.au/pricesearch.aspx?Region=Brisbane
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\adelene\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\common-use signing interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2005-10-8 7808]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-10-8 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-10-8 23168]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-24 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-24 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-24 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-27 353672]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2005-10-8 4864]
R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [2006-1-7 667648]
R3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [2007-11-15 65604]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-19 3872]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S4 gupdate1c99489d7662a4;Google Update Service (gupdate1c99489d7662a4);c:\program files\google\update\GoogleUpdate.exe [2009-2-22 133104]
S4 WrKPoET2000;WrKPoET2000;c:\program files\winpoet broadband connection\WrKPoET2000.sys [2007-11-15 53046]

=============== Created Last 30 ================


==================== Find3M ====================

2010-03-14 05:37:16 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 05:34:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-30 01:30:48 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-11-29 11:41:55 14580488 -c--a-w- c:\program files\CSIinstall.exe
2009-11-26 07:06:58 32441648 -c--a-w- c:\program files\QuickTimeInstaller.exe
2009-11-26 06:48:22 1206366 -c--a-w- c:\program files\wrar371.exe
2009-11-26 06:45:28 1644712 -c--a-w- c:\program files\flashplayer_9_ax_debug.exe
2009-11-26 06:27:18 14452040 -c--a-w- c:\program files\winzip140.exe
2009-11-26 05:48:47 716320 -c--a-w- c:\program files\PSISetup.exe
2009-08-01 01:48:19 14100376 -c--a-w- c:\program files\klcodec495f.exe
2009-03-27 01:12:29 267152 -c--a-w- c:\program files\zaSetup_en.exe
2009-03-21 01:49:44 1053744 -c--a-w- c:\program files\revosetup.exe
2009-02-22 00:50:08 547472 -c--a-w- c:\program files\GearsSetup.exe
2009-02-03 00:19:04 5966368 -c--a-w- c:\program files\SUPERAntiSpyware.exe
2009-02-01 00:52:26 2788800 -c--a-w- c:\program files\FCSetup.exe
2009-01-11 04:46:44 5969801 -c--a-w- c:\program files\Free3GPVideoConverter.exe
2009-01-10 09:02:54 1851544 -c--a-w- c:\program files\install_flash_player.exe
2008-12-05 02:53:31 2538616 -c--a-w- c:\program files\mbam-setup.exe
2008-10-27 01:49:15 7824960 -c--a-w- c:\program files\picasa3-setup.exe
2008-09-23 06:09:33 35960912 -c--a-w- c:\program files\Nokia_PC_Suite_rel_7_0_8_2_eng_web.exe
2008-09-03 14:30:40 1707190 -c--a-w- c:\program files\noki-v1.7-setup.exe
2008-05-25 08:31:24 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2008-02-25 04:12:14 224264 -c--a-w- c:\program files\YouTubeUploaderSetup.exe
2007-11-13 04:43:36 3201772 -c--a-w- c:\program files\InstallAX.exe
2007-05-20 11:55:35 475790 -c--a-w- c:\program files\Autoruns.zip
2007-04-12 16:00:25 132847 -c--a-w- c:\program files\customess1[1].0-rc2(www.mess.be).zip
2006-10-02 08:42:07 10904644 -c--a-w- c:\program files\tws40_install.exe
2006-08-23 03:35:56 905728 -c--a-w- c:\program files\iview398.exe
2006-08-01 03:43:37 15272744 -c--a-w- c:\program files\Install_Messenger_nous.exe
2001-11-05 00:41:20 101 -c--a-w- c:\program files\Setup.ini
2001-11-05 00:39:52 75181 -c--a-w- c:\program files\DATA2.CAB
2001-11-05 00:39:52 431605 -c--a-w- c:\program files\DATA1.CAB
2001-11-05 00:39:52 417 -c--a-w- c:\program files\LAYOUT.BIN
2001-11-05 00:39:52 11149 -c--a-w- c:\program files\DATA1.HDR
2001-10-19 00:38:38 129990 -c--a-w- c:\program files\Setup.inx
2009-11-11 08:46:28 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-09-23 08:39:41 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 22:51:54.25 ===============

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:11 PM

Posted 27 March 2010 - 12:15 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 28 March 2010 - 01:04 AM

Hi,

I suspect malware attack....my notebook is very slow, lag, hang and making funny noise.
I constantly get this error
http://farm3.static.flickr.com/2691/445988...2dc87acab_o.jpg

The internet is also slow.
A few weeks ago, Malwarebytes found Vundo but unsure if it has been removed.

I also suspect my notebook would be hacked.

Thanks


DDS (Ver_10-03-17.01) - NTFSx86
Run by Adelene at 13:45:41.95 on Sun 28/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.510.117 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Documents and Settings\Adelene\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Google Update] "c:\documents and settings\adelene\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [S3Hotkey] s3hotkey.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
StartupFolder: c:\docume~1\adelene\startm~1\programs\startup\autoru~1\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\docume~1\adelene\startm~1\programs\startup\autoru~1\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153894173578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://interactivebrokers.webex.com/client/T23L/webex/ieatgpc.cab
Handler: AutorunsDisabled\cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: AutorunsDisabled\cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} -
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adelene\applic~1\mozilla\firefox\profiles\x6w3nqzc.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2|http://www.backtothebible.org/index.php/devotions/authors/lessons_on_living_kroll.html|http://www.bom.gov.au/cgi-bin/wrap_fwo.pl?IDQ10090.html|http://www.yourtv.com.au/|http://www.pennytel.com/au/index.jsp|http://motormouth.com.au/pricesearch.aspx?Region=Brisbane
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\adelene\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\common-use signing interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2005-10-8 7808]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-10-8 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-10-8 23168]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-24 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-24 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-24 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-27 353672]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2005-10-8 4864]
R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [2006-1-7 667648]
R3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [2007-11-15 65604]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-19 3872]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S4 gupdate1c99489d7662a4;Google Update Service (gupdate1c99489d7662a4);c:\program files\google\update\GoogleUpdate.exe [2009-2-22 133104]
S4 WrKPoET2000;WrKPoET2000;c:\program files\winpoet broadband connection\WrKPoET2000.sys [2007-11-15 53046]

=============== Created Last 30 ================

2010-03-16 09:49:38 0 d-----w- c:\windows\system32\XPSViewer
2010-03-14 05:37:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 02:58:40 23510720 ----a-w- c:\program files\dotnetfx.exe
2010-03-12 09:32:22 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 12:52:53 0 d-----w- c:\program files\Paint.NET
2010-03-08 10:30:26 33644792 ----a-w- c:\program files\5ue68r32.exe
2010-03-08 09:32:04 0 d-sha-r- C:\cmdcons
2010-03-08 09:30:14 98816 ----a-w- c:\windows\sed.exe
2010-03-08 09:30:14 77312 ----a-w- c:\windows\MBR.exe
2010-03-08 09:30:14 261632 ----a-w- c:\windows\PEV.exe
2010-03-08 09:30:14 161792 ----a-w- c:\windows\SWREG.exe
2010-03-07 11:28:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Protexis
2010-03-07 10:48:54 0 d-----w- c:\program files\gs
2010-03-07 04:48:35 0 d-----w- c:\program files\CorelDRAW.Graphics.Suite.X5.v15.0.0.486-CORE
2010-03-07 04:07:23 0 d-----w- c:\program files\QuickMediaConverter
2010-03-07 03:04:27 0 d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BB.TMP
2010-03-06 04:58:13 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2010-03-01 19:51:21 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-01 19:50:51 0 d-----w- c:\program files\PC Connectivity Solution
2010-03-01 18:57:44 0 d-----w- c:\docume~1\alluse~1\applic~1\OviInstallerCache
2010-02-27 12:51:40 6582600 ----a-w- c:\program files\bitcomet_setup.exe
2010-02-27 05:55:47 0 d-----w- C:\$AVG
2010-02-27 05:53:39 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-27 05:18:51 97229360 ----a-w- c:\program files\avg_free_stf_all_90_730a1834.exe

==================== Find3M ====================

2010-03-27 09:58:52 95912 -c--a-w- c:\docume~1\adelene\applic~1\GDIPFONTCACHEV1.DAT
2010-03-14 05:37:16 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-14 05:34:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 07:46:30 5030616 ----a-w- c:\program files\Paint.NET.3.5.4.Install.exe
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-30 01:30:48 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-11-29 11:41:55 14580488 -c--a-w- c:\program files\CSIinstall.exe
2009-11-26 07:06:58 32441648 -c--a-w- c:\program files\QuickTimeInstaller.exe
2009-11-26 06:48:22 1206366 -c--a-w- c:\program files\wrar371.exe
2009-11-26 06:45:28 1644712 -c--a-w- c:\program files\flashplayer_9_ax_debug.exe
2009-11-26 06:27:18 14452040 -c--a-w- c:\program files\winzip140.exe
2009-11-26 05:48:47 716320 -c--a-w- c:\program files\PSISetup.exe
2009-08-01 01:48:19 14100376 -c--a-w- c:\program files\klcodec495f.exe
2009-03-27 01:12:29 267152 -c--a-w- c:\program files\zaSetup_en.exe
2009-03-21 01:49:44 1053744 -c--a-w- c:\program files\revosetup.exe
2009-02-22 00:50:08 547472 -c--a-w- c:\program files\GearsSetup.exe
2009-02-03 00:19:04 5966368 -c--a-w- c:\program files\SUPERAntiSpyware.exe
2009-02-01 00:52:26 2788800 -c--a-w- c:\program files\FCSetup.exe
2009-01-11 04:46:44 5969801 -c--a-w- c:\program files\Free3GPVideoConverter.exe
2009-01-10 09:02:54 1851544 -c--a-w- c:\program files\install_flash_player.exe
2008-12-05 02:53:31 2538616 -c--a-w- c:\program files\mbam-setup.exe
2008-10-27 01:49:15 7824960 -c--a-w- c:\program files\picasa3-setup.exe
2008-09-23 06:09:33 35960912 -c--a-w- c:\program files\Nokia_PC_Suite_rel_7_0_8_2_eng_web.exe
2008-09-03 14:30:40 1707190 -c--a-w- c:\program files\noki-v1.7-setup.exe
2008-05-25 08:31:24 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2008-02-25 04:12:14 224264 -c--a-w- c:\program files\YouTubeUploaderSetup.exe
2007-11-13 04:43:36 3201772 -c--a-w- c:\program files\InstallAX.exe
2007-05-20 11:55:35 475790 -c--a-w- c:\program files\Autoruns.zip
2007-04-12 16:00:25 132847 -c--a-w- c:\program files\customess1[1].0-rc2(www.mess.be).zip
2006-10-02 08:42:07 10904644 -c--a-w- c:\program files\tws40_install.exe
2006-08-23 03:35:56 905728 -c--a-w- c:\program files\iview398.exe
2006-08-01 03:43:37 15272744 -c--a-w- c:\program files\Install_Messenger_nous.exe
2001-11-05 00:41:20 101 -c--a-w- c:\program files\Setup.ini
2001-11-05 00:39:52 75181 -c--a-w- c:\program files\DATA2.CAB
2001-11-05 00:39:52 431605 -c--a-w- c:\program files\DATA1.CAB
2001-11-05 00:39:52 417 -c--a-w- c:\program files\LAYOUT.BIN
2001-11-05 00:39:52 11149 -c--a-w- c:\program files\DATA1.HDR
2001-10-19 00:38:38 129990 -c--a-w- c:\program files\Setup.inx
2009-11-11 08:46:28 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-09-23 08:39:41 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 13:47:02.62 ===============



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 PM

Posted 29 March 2010 - 01:55 AM

Hi samoyed,


Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum, welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today. Due to the warning from the developer of comboFix, this tool should not run by oneself for being unsupervised.

Sometimes, it will result into an unbootable machine. Since you have run it, may I see the log in C:\combofix.txt if it's still available.

Step1
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Click the "Quick Scan" button.
  5. Two reports will open, OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  6. Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.ComboFix log
2.OTListIt.txt and Extra.txt

Please detail the problems you're still experiencing now.

#5 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 29 March 2010 - 06:54 AM

Hi pls see logs. Thanks.



OTL logfile created on: 29/03/2010 9:43:19 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Adelene\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

510.00 Mb Total Physical Memory | 176.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.28 Gb Total Space | 5.79 Gb Free Space | 15.53% Space Free | Partition Type: NTFS
Drive D: | 37.25 Gb Total Space | 26.48 Gb Free Space | 71.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D490A4A453
Current User Name: Adelene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/29 21:42:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
PRC - [2010/03/27 18:51:22 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\mozilla firefox\firefox.exe
PRC - [2010/03/14 15:37:11 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/14 15:37:06 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/14 15:36:53 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/14 15:34:06 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/14 15:33:54 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/16 17:05:38 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/10/16 16:55:42 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/19 21:21:00 | 000,040,960 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\s3hotkey.exe


========== Modules (SafeList) ==========

MOD - [2010/03/29 21:42:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/14 15:36:53 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 17:05:38 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/08/27 08:45:22 | 000,032,768 | ---- | M] (Softex Inc.) [Disabled | Stopped] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2005/04/06 18:03:28 | 000,110,592 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004/01/06 00:27:12 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/10/28 17:36:12 | 000,094,255 | R--- | M] (iVasion, a Routerware Company) [Disabled | Stopped] -- C:\Program Files\WinPoET Broadband Connection\WROS.exe -- (WinPPPoverEthernet)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-ap.fujitsu.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-ap.fujitsu.com/

IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2|http://www.backtothebible.org/index.php/devotions/authors/lessons_on_living_kroll.html|http://www.bom.gov.au/cgi-bin/wrap_fwo.pl?IDQ10090.html|http://www.yourtv.com.au/|http://www.pennytel.com/au/index.jsp|http://motormouth.com.au/pricesearch.aspx?Region=Brisbane"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/02 05:51:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\mozilla firefox\components [2010/03/27 18:51:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\mozilla firefox\plugins [2010/03/27 18:51:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/02 05:51:34 | 000,000,000 | ---D | M]

[2010/03/06 15:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Extensions
[2010/03/29 20:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Firefox\Profiles\x6w3nqzc.default\extensions
[2010/03/21 11:53:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adelene\Application Data\Mozilla\Firefox\Profiles\x6w3nqzc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/06 15:06:38 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/02/21 20:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/01/06 19:46:30 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [S3Hotkey] C:\WINDOWS\System32\s3hotkey.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\Adelene\Start Menu\Programs\Startup\AutorunsDisabled [2009/11/27 13:55:57 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1153894173578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://interactivebrokers.webex.com/client...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll File not found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Adelene\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adelene\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/01 05:42:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2027938200-1536541407-2194037050-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 14 Days ==========

[2010/03/29 21:42:34 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
[2010/03/16 19:49:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/03/16 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/03/14 12:58:40 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx.exe
[2010/03/06 14:58:13 | 008,327,264 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.exe
[2010/02/27 15:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/27 15:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/27 15:44:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/27 15:44:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/27 15:18:51 | 097,229,360 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_all_90_730a1834.exe
[2009/11/29 21:33:03 | 014,580,488 | ---- | C] (Australian Taxation Office ) -- C:\Program Files\CSIinstall.exe
[2009/11/26 17:06:54 | 032,441,648 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2009/11/26 16:44:57 | 001,644,712 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\flashplayer_9_ax_debug.exe
[2009/11/26 15:48:41 | 000,716,320 | ---- | C] (Secunia) -- C:\Program Files\PSISetup.exe
[2009/08/01 11:37:53 | 014,100,376 | ---- | C] ( ) -- C:\Program Files\klcodec495f.exe
[2009/07/01 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/20 10:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/02/24 10:55:02 | 001,707,190 | ---- | C] (hz ) -- C:\Program Files\noki-v1.7-setup.exe
[2009/02/22 10:46:03 | 000,547,472 | ---- | C] (Google Inc.) -- C:\Program Files\GearsSetup.exe
[2009/01/12 11:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2009/01/12 11:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2009/01/11 14:43:08 | 005,969,801 | ---- | C] (DVD Video Soft Limited. ) -- C:\Program Files\Free3GPVideoConverter.exe
[2009/01/10 19:02:45 | 001,851,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2008/12/05 12:50:18 | 002,538,616 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2008/10/27 11:47:06 | 007,824,960 | ---- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe
[2008/05/25 18:31:45 | 002,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[2008/02/25 14:12:23 | 000,224,264 | ---- | C] (Google Inc.) -- C:\Program Files\YouTubeUploaderSetup.exe
[2008/02/09 23:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/01 13:43:23 | 015,272,744 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger_nous.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/29 21:42:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adelene\Desktop\OTL.exe
[2010/03/29 21:17:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2027938200-1536541407-2194037050-1007UA.job
[2010/03/29 20:30:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/29 20:25:39 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/29 20:25:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 20:25:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/28 23:00:31 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Adelene\ntuser.dat
[2010/03/28 23:00:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Adelene\ntuser.ini
[2010/03/28 20:33:34 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Raywhite Kenmore.doc
[2010/03/28 20:33:21 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Raywhite Bellbowrie.doc
[2010/03/28 20:32:50 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Brisbane West Real Estate.doc
[2010/03/28 16:24:56 | 058,027,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/28 14:48:37 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Defogger.exe
[2010/03/27 19:58:52 | 000,095,912 | ---- | M] () -- C:\Documents and Settings\Adelene\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/27 12:21:00 | 002,157,311 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Asset Accounting through Project System.zip
[2010/03/27 12:20:34 | 003,641,950 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\AR+AP+GL.zip
[2010/03/27 12:17:03 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2027938200-1536541407-2194037050-1007Core.job
[2010/03/24 23:29:01 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\Energy1.xls
[2010/03/24 22:44:24 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\gmer.zip
[2010/03/24 22:43:05 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Adelene\Desktop\dds.scr
[2010/03/17 19:15:40 | 000,494,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 19:15:40 | 000,437,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 19:15:40 | 000,068,922 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/17 18:31:34 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/28 20:30:20 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Brisbane West Real Estate.doc
[2010/03/28 20:23:53 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Raywhite Kenmore.doc
[2010/03/28 20:23:41 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Raywhite Bellbowrie.doc
[2010/03/28 14:48:35 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Defogger.exe
[2010/03/27 12:20:50 | 002,157,311 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\Asset Accounting through Project System.zip
[2010/03/27 12:20:15 | 003,641,950 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\AR+AP+GL.zip
[2010/03/24 22:55:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\gmer.exe
[2010/03/24 22:44:22 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\gmer.zip
[2010/03/24 22:43:02 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Adelene\Desktop\dds.scr
[2010/03/08 20:30:26 | 033,644,792 | ---- | C] () -- C:\Program Files\5ue68r32.exe
[2010/02/27 22:51:40 | 006,582,600 | ---- | C] () -- C:\Program Files\bitcomet_setup.exe
[2010/02/25 17:46:30 | 005,030,616 | ---- | C] () -- C:\Program Files\Paint.NET.3.5.4.Install.exe
[2009/11/26 16:48:22 | 001,206,366 | ---- | C] () -- C:\Program Files\wrar371.exe
[2009/11/26 16:27:18 | 014,452,040 | ---- | C] () -- C:\Program Files\winzip140.exe
[2009/08/01 12:33:21 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/01 12:33:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/01 12:33:16 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/01 12:33:15 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/01 12:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/01 12:33:11 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/01 12:33:11 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/10 14:44:21 | 000,015,293 | ---- | C] () -- C:\Documents and Settings\Adelene\Application Data\NMM-MetaData.db
[2009/03/21 11:49:09 | 001,053,744 | ---- | C] () -- C:\Program Files\revosetup.exe
[2009/02/24 21:23:45 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\keyfile3.drm
[2009/02/17 16:18:10 | 000,000,436 | ---- | C] () -- C:\WINDOWS\cedocida.ini
[2009/02/12 12:40:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\cedocida.dll
[2009/02/03 10:15:26 | 005,966,368 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/01/13 20:06:15 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/13 20:06:15 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/13 20:06:15 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/13 20:06:15 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/13 20:06:15 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/13 20:06:15 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/22 14:43:08 | 000,267,152 | ---- | C] () -- C:\Program Files\zaSetup_en.exe
[2008/09/23 16:46:41 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2008/09/23 15:59:11 | 035,960,912 | ---- | C] () -- C:\Program Files\Nokia_PC_Suite_rel_7_0_8_2_eng_web.exe
[2008/07/21 16:24:45 | 000,001,850 | ---- | C] () -- C:\WINDOWS\System32\MSMINI.DLL
[2008/02/28 15:26:59 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2007/11/15 18:58:47 | 000,065,604 | R--- | C] () -- C:\WINDOWS\System32\drivers\WrKPoETNic2000.sys
[2007/11/13 14:44:59 | 000,245,760 | ---- | C] () -- C:\WINDOWS\ddedll.dll
[2007/11/13 14:42:32 | 003,201,772 | ---- | C] () -- C:\Program Files\InstallAX.exe
[2007/10/25 10:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/19 12:59:52 | 002,788,800 | ---- | C] () -- C:\Program Files\FCSetup.exe
[2007/08/06 12:45:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2007/08/06 12:36:21 | 000,001,946 | R--- | C] () -- C:\WINDOWS\System32\D064UFW.INI
[2007/05/20 21:55:28 | 000,475,790 | ---- | C] () -- C:\Program Files\Autoruns.zip
[2007/04/13 02:00:21 | 000,132,847 | ---- | C] () -- C:\Program Files\customess1[1].0-rc2(www.mess.be).zip
[2006/12/30 14:34:13 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/12/30 09:25:44 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\fusioncache.dat
[2006/10/17 02:46:04 | 000,000,091 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/08 21:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NokiaContentCopier.INI
[2006/10/02 18:42:51 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2006/09/27 21:46:24 | 000,199,680 | ---- | C] () -- C:\Documents and Settings\Adelene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/13 16:26:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/08 10:33:20 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/09/08 10:31:27 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2006/09/08 10:27:13 | 000,001,430 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2006/09/08 10:27:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/09/08 10:27:13 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2006/08/29 11:46:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/23 13:35:49 | 000,905,728 | ---- | C] () -- C:\Program Files\iview398.exe
[2006/08/11 23:48:04 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/08/11 21:08:31 | 000,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll
[2006/08/11 21:08:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2006/08/11 20:31:39 | 010,904,644 | ---- | C] () -- C:\Program Files\tws40_install.exe
[2006/07/27 16:48:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/26 21:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/07/26 16:15:19 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/07/26 16:15:19 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/07/26 00:35:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/07 02:13:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/07 01:43:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2006/01/07 01:35:20 | 002,406,912 | ---- | C] () -- C:\WINDOWS\System32\s3gcil_clb.dll
[2005/10/08 13:50:29 | 000,000,379 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/08 13:46:49 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/10/08 13:39:53 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2005/10/01 10:13:22 | 000,002,869 | ---- | C] () -- C:\WINDOWS\System32\FJSaver.ini
[2005/08/24 19:57:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/19 23:58:39 | 000,000,720 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/05/16 09:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 23:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2001/11/05 10:41:20 | 000,000,101 | ---- | C] () -- C:\Program Files\Setup.ini
[2001/11/05 10:39:52 | 000,431,605 | ---- | C] () -- C:\Program Files\DATA1.CAB
[2001/11/05 10:39:52 | 000,075,181 | ---- | C] () -- C:\Program Files\DATA2.CAB
[2001/11/05 10:39:52 | 000,011,149 | ---- | C] () -- C:\Program Files\DATA1.HDR
[2001/11/05 10:39:52 | 000,000,417 | ---- | C] () -- C:\Program Files\LAYOUT.BIN
[2001/10/19 10:38:38 | 000,129,990 | ---- | C] () -- C:\Program Files\Setup.inx

========== LOP Check ==========

[2006/12/15 06:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Azureus
[2008/09/23 15:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\DataLayer
[2009/10/31 00:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\DTLink Software
[2007/10/15 19:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Grisoft
[2007/03/12 16:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\InterVideo
[2010/03/02 19:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Nokia
[2009/09/23 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\PC Suite
[2009/01/14 10:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Ulead Systems
[2007/01/12 14:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\Viewpoint
[2009/06/27 10:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adelene\Application Data\VSRevoGroup
[2010/02/27 16:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/27 15:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/10/08 21:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/06/14 15:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/02/06 13:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/01/13 20:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2006/08/04 19:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2010/03/02 04:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2008/09/27 17:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/12/18 14:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/13 20:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/01/12 14:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/06 17:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/11/29 21:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C0DBD62-F011-4A41-B11D-BE5CFA6DEDD7}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >



OTL Extras logfile created on: 29/03/2010 9:43:19 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Adelene\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

510.00 Mb Total Physical Memory | 176.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.28 Gb Total Space | 5.79 Gb Free Space | 15.53% Space Free | Partition Type: NTFS
Drive D: | 37.25 Gb Total Space | 26.48 Gb Free Space | 71.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D490A4A453
Current User Name: Adelene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\mozilla firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"15164:TCP" = 15164:TCP:*:Enabled:BitComet 15164 TCP
"15164:UDP" = 15164:UDP:*:Enabled:BitComet 15164 UDP
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"18558:TCP" = 18558:TCP:*:Enabled:BitComet 18558 TCP
"18558:UDP" = 18558:UDP:*:Enabled:BitComet 18558 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (Palm, Inc.)
"C:\Program Files\NextUp-Acapela\bin\acatel_srv.exe" = C:\Program Files\NextUp-Acapela\bin\acatel_srv.exe:*:Disabled:Acapela Telecom HQ TTS Server -- (Acapela Group)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Disabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F403DD9-5A80-46DC-AAEC-9C743121E8B8}" = LifeBook Application Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{3703B471-08F1-40F6-9DBF-DACFE74DBFCC}" = Fujitsu Display Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BB2AA79-6623-48F4-B288-0CE1C88D40D6}" = O2Micro Flash Memory Card Windows Driver
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{511ECAD8-3F08-4A16-A808-E20E5C44D93B}" = NextUp-Acapela Brightspeech Heather22 US English Voice
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B67E57-9AD1-4CA4-AF18-E73712E7D2E9}" = Pennytel
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{763E8D6C-0098-4FF4-801A-3F311D2D9D80}" = Apple Mobile Device Support
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{799EFFD9-5A62-49D1-A6EA-AF058C5209EB}" = NextUp-ScanSoft Jennifer US English Voice
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{805BDB3F-6803-45F7-B959-4FE5B921BC55}" = Fujitsu Hotkey Utility
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8539FF43-C430-4BBF-A600-73081D9D9214}" = ImageMixer
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFE0FD61-98C7-4CEE-9E59-149D861A361B}" = NextUp-Acapela Elan Aaron22 US English Voice
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D1C6BA81-14FF-4331-8350-350D159A50F4}" = Fingerprint Sensor Minimum Install
"{D48CCDB0-5EAB-4ED9-8D3E-8653EFFBFB84}" = Fujitsu System Extension Utility
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}" = Update Navi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC502085-5F63-41A2-A290-41F9F9574270}" = Broadcom Gigabit Ethernet
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9126934-A42B-4C3F-9FA6-3B308D739375}" = Palm Desktop
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe GoLive CS2 English" = Adobe GoLive CS2 English
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CANONBJ_Deinstall_CNMS100S.CPD" = Canon S100SP
"cedocida" = Cedocida DV Codec
"Common-Use Signing Interface" = Common-Use Signing Interface
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3703B471-08F1-40F6-9DBF-DACFE74DBFCC}" = Fujitsu Display Manager
"InstallShield_{3BB2AA79-6623-48F4-B288-0CE1C88D40D6}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LoqTTS-Kenneth_is1" = Loquendo TTS: Kenneth (American English)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006a" = MSN Money Investment Toolbox
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Noki_is1" = Noki v1.7
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"PC-Doctor 5 for Windows" = Fujitsu Hardware Diagnostics Tool
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.83
"S3 Graphics Chrome Family WinXP/2K Display" = S3 Graphics Chrome Family WinXP/2K Display Driver and Utilities
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TextAloud MP3_is1" = TextAloud
"Trader Workstation 4.0" = Trader Workstation 4.0
"TWS Interoperability Components" = TWS Interoperability Components
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"YInstHelper" = Yahoo! Install Manager
"ZHCIELangPack" = Chinese (Simplified) Language Support
"ZHTIELangPack" = Chinese (Traditional) Language Support
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2027938200-1536541407-2194037050-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/03/2010 11:04:22 PM | Computer Name = YOUR-D490A4A453 | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft .NET Framework 2.0 -- Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb/ar...s/q312/5/00.asp

Error - 14/03/2010 1:31:59 AM | Computer Name = YOUR-D490A4A453 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Paint.NET\PaintDotNet.Core.dll . Error code
= 0x80070002

Error - 14/03/2010 1:34:23 AM | Computer Name = YOUR-D490A4A453 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: PaintDotNet.Core, Version=3.54.3708.31976, Culture=neutral,
PublicKeyToken=null . Error code = 0x80070002

Error - 14/03/2010 1:37:57 AM | Computer Name = YOUR-D490A4A453 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: PaintDotNet.Core, Version=3.54.3708.31976, Culture=neutral,
PublicKeyToken=null . Error code = 0x80070002

Error - 14/03/2010 1:40:04 AM | Computer Name = YOUR-D490A4A453 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: PaintDotNet.Core, Version=3.54.3708.31976, Culture=neutral,
PublicKeyToken=null . Error code = 0x80070002

Error - 14/03/2010 1:54:08 AM | Computer Name = YOUR-D490A4A453 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: Microsoft.Windows.Design.Developer, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Error - 14/03/2010 1:54:40 AM | Computer Name = YOUR-D490A4A453 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: Microsoft.Windows.Design.Interaction, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Error - 14/03/2010 1:55:14 AM | Computer Name = YOUR-D490A4A453 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: Microsoft.Windows.Design.Markup, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Error - 24/03/2010 2:34:27 PM | Computer Name = YOUR-D490A4A453 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x036884b1.

Error - 28/03/2010 6:40:21 AM | Computer Name = YOUR-D490A4A453 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module sftxtgp.dll, version 0.0.0.0, fault address 0x000684b1.

[ System Events ]
Error - 14/03/2010 1:11:47 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 14/03/2010 1:11:47 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 14/03/2010 1:11:47 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 14/03/2010 1:11:47 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 14/03/2010 1:11:48 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 14/03/2010 1:11:48 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 14/03/2010 1:11:48 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 14/03/2010 1:11:48 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 14/03/2010 1:11:48 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 14/03/2010 1:11:48 AM | Computer Name = YOUR-D490A4A453 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >



ComboFix 10-03-07.05 - Adelene 08/03/2010 19:39:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.510.217 [GMT 10:00]
Running from: c:\documents and settings\Adelene\Desktop\ComFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2027938200-1536541407-2194037050-1005
c:\recycler\S-1-5-21-437374946-3041200267-1413914931-1003
c:\windows\system32\reboot.txt

.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-07 11:30 . 2010-03-07 12:42 88 --sh--r- c:\documents and settings\All Users\Application Data\Protexis\1E0470B389.sys
2010-03-07 11:28 . 2010-03-07 12:49 3140 --sha-w- c:\documents and settings\All Users\Application Data\Protexis\KGyGaAvL.sys
2010-03-07 11:28 . 2010-03-07 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2010-03-07 11:28 . 2010-03-07 11:28 -------- d-----w- c:\documents and settings\Adelene\Application Data\Corel
2010-03-07 11:13 . 2010-03-07 18:11 196400 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-07 11:02 . 2010-03-07 11:02 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2010-03-07 10:58 . 2010-03-07 10:58 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2010-03-07 10:55 . 2010-03-07 10:55 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-03-07 10:49 . 2010-03-07 10:49 -------- d-----w- c:\program files\Microsoft SDKs
2010-03-07 10:49 . 2010-03-07 10:50 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-03-07 10:49 . 2010-03-07 10:49 -------- d-----w- c:\program files\Microsoft.NET
2010-03-07 10:48 . 2010-03-07 10:48 -------- d-----w- c:\program files\gs
2010-03-07 10:47 . 2010-03-07 10:47 -------- d-----w- c:\program files\Common Files\Corel
2010-03-07 10:46 . 2010-03-07 10:46 -------- d-----w- c:\program files\Common Files\Protexis
2010-03-07 10:46 . 2010-03-07 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-03-07 04:48 . 2010-03-07 08:32 -------- d-----w- c:\program files\CorelDRAW.Graphics.Suite.X5.v15.0.0.486-CORE
2010-03-07 04:07 . 2010-03-07 04:17 -------- d-----w- c:\program files\QuickMediaConverter
2010-03-07 03:04 . 2010-03-07 03:04 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BB.TMP
2010-03-06 04:58 . 2010-03-06 04:59 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2010-03-02 09:38 . 2010-03-02 09:38 -------- d-----w- c:\documents and settings\Adelene\Local Settings\Application Data\Nokia
2010-03-01 20:36 . 2010-03-01 20:36 -------- d-----w- c:\documents and settings\Adelene\Local Settings\Application Data\NokiaAccount
2010-03-01 19:51 . 2008-08-25 23:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-01 19:50 . 2010-03-01 19:50 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-01 18:58 . 2010-03-01 18:58 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-01 18:58 . 2010-03-01 18:58 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-01 18:58 . 2010-03-01 18:58 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-01 18:58 . 2010-03-01 18:58 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-01 18:58 . 2010-03-01 18:58 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-01 18:58 . 2010-03-01 18:58 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\pcswpc.exe
2010-03-01 18:57 . 2010-03-01 18:57 98302544 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Nokia_Ovi_Suite_PCS_Update.exe
2010-03-01 18:57 . 2010-03-01 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-02-27 12:51 . 2010-02-27 12:51 6582600 ----a-w- c:\program files\bitcomet_setup.exe
2010-02-27 08:35 . 2010-02-27 08:35 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup_AVG_RESTORED.exe
2010-02-27 08:34 . 2010-02-27 05:53 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-27 08:34 . 2010-02-27 05:53 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-27 05:55 . 2010-02-27 06:18 -------- d-----w- C:\$AVG
2010-02-27 05:53 . 2010-02-27 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-27 05:18 . 2010-02-27 05:24 97229360 ----a-w- c:\program files\avg_free_stf_all_90_730a1834.exe
2010-02-07 05:12 . 2010-02-07 05:13 -------- d-----w- c:\documents and settings\Adelene\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 11:28 . 2006-08-04 08:30 95912 -c--a-w- c:\documents and settings\Adelene\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-07 11:11 . 2010-01-02 14:25 -------- d-----w- c:\program files\BitComet
2010-03-07 11:02 . 2008-02-14 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-07 10:33 . 2009-01-13 10:00 -------- d-----w- c:\program files\Corel
2010-03-07 10:14 . 2009-11-20 23:30 -------- d-----w- c:\program files\MSBuild
2010-03-07 09:53 . 2005-10-08 03:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-07 09:53 . 2005-10-08 03:47 -------- d-----w- c:\program files\CyberLink
2010-03-07 09:47 . 2006-08-23 09:36 -------- d-----w- c:\program files\Common Files\Real
2010-03-06 07:32 . 2009-11-26 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-02 09:42 . 2006-11-22 03:22 -------- d-----w- c:\documents and settings\Adelene\Application Data\Nokia
2010-03-01 20:11 . 2009-10-11 03:16 117760 -c--a-w- c:\documents and settings\Adelene\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-01 19:55 . 2006-10-08 11:01 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-01 19:51 . 2008-09-23 06:48 -------- d-----w- c:\program files\Nokia
2010-02-28 07:32 . 2009-02-19 02:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-28 02:20 . 2008-12-05 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 02:17 . 2010-01-05 10:04 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-27 06:06 . 2009-06-12 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-27 05:55 . 2009-04-24 04:29 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-27 05:55 . 2009-04-24 04:29 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-27 05:55 . 2009-04-24 04:29 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-27 05:54 . 2009-04-24 04:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-27 05:53 . 2008-06-14 04:59 -------- d-----w- c:\program files\AVG
2010-02-16 10:10 . 2009-03-16 00:22 5026787 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-11 15:29 . 2010-02-16 10:10 2146304 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-02-07 14:38 . 2010-02-08 11:09 2144256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-02-06 03:14 . 2008-09-23 06:50 -------- d-----w- c:\program files\DIFX
2010-02-06 03:13 . 2010-02-06 03:13 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-06 03:04 . 2008-09-23 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-02-06 03:03 . 2010-02-06 03:03 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-06 03:03 . 2010-02-06 03:03 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-06 03:03 . 2010-02-06 03:03 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-06 03:03 . 2010-02-06 03:03 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-06 01:51 . 2010-02-06 03:04 34399664 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng.exe
2010-01-10 11:14 . 2010-01-12 09:14 681984 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-07 06:07 . 2008-12-05 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 06:07 . 2008-12-05 03:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 13:48 . 2010-01-06 09:06 2098176 -c--a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-03 11:42 . 2010-01-03 11:42 52224 -c--a-w- c:\documents and settings\Adelene\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-02 22:08 . 2010-01-03 07:57 2088448 -c--a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-31 16:50 . 2005-01-19 13:58 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 01:30 . 2008-09-23 06:48 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-23 08:27 . 2009-12-23 08:25 25352264 -c--a-w- c:\program files\Dr Web Cure it.exe
2009-12-21 19:14 . 2005-01-19 13:58 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2005-09-30 19:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2005-01-19 13:57 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2005-01-19 13:57 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-29 11:41 . 2009-11-29 11:33 14580488 -c--a-w- c:\program files\CSIinstall.exe
2009-11-26 07:06 . 2009-11-26 07:06 32441648 -c--a-w- c:\program files\QuickTimeInstaller.exe
2009-11-26 06:48 . 2009-11-26 06:48 1206366 -c--a-w- c:\program files\wrar371.exe
2009-11-26 06:45 . 2009-11-26 06:44 1644712 -c--a-w- c:\program files\flashplayer_9_ax_debug.exe
2009-11-26 06:27 . 2009-11-26 06:27 14452040 -c--a-w- c:\program files\winzip140.exe
2009-11-26 05:48 . 2009-11-26 05:48 716320 -c--a-w- c:\program files\PSISetup.exe
2009-11-19 13:46 . 2009-11-19 13:44 2959376 -c--a-w- c:\program files\dotnetfx35setup.exe
2009-08-01 01:48 . 2009-08-01 01:37 14100376 -c--a-w- c:\program files\klcodec495f.exe
2009-06-11 00:12 . 2009-06-11 00:11 3012768 -c--a-w- c:\program files\spywareblastersetup42.exe
2009-06-08 01:55 . 2009-06-08 01:54 860471 -c--a-w- c:\program files\FirefoxPreloaderSetup.exe
2009-03-27 01:12 . 2008-12-22 04:43 267152 -c--a-w- c:\program files\zaSetup_en.exe
2009-03-21 01:49 . 2009-03-21 01:49 1053744 -c--a-w- c:\program files\revosetup.exe
2009-02-22 00:50 . 2009-02-22 00:46 547472 -c--a-w- c:\program files\GearsSetup.exe
2009-02-03 00:19 . 2009-02-03 00:15 5966368 -c--a-w- c:\program files\SUPERAntiSpyware.exe
2009-02-01 00:52 . 2007-10-19 02:59 2788800 -c--a-w- c:\program files\FCSetup.exe
2009-01-11 04:46 . 2009-01-11 04:43 5969801 -c--a-w- c:\program files\Free3GPVideoConverter.exe
2009-01-10 09:02 . 2009-01-10 09:02 1851544 -c--a-w- c:\program files\install_flash_player.exe
2008-12-15 01:11 . 2008-12-15 01:11 50688 -c--a-w- c:\program files\ATF-Cleaner.exe
2008-12-13 00:14 . 2008-12-13 00:13 1529241 -c--a-w- c:\program files\SDFix.exe
2008-12-05 02:53 . 2008-12-05 02:50 2538616 -c--a-w- c:\program files\mbam-setup.exe
2008-10-27 01:49 . 2008-10-27 01:47 7824960 -c--a-w- c:\program files\picasa3-setup.exe
2008-09-23 06:09 . 2008-09-23 05:59 35960912 -c--a-w- c:\program files\Nokia_PC_Suite_rel_7_0_8_2_eng_web.exe
2008-09-03 14:30 . 2009-02-24 00:55 1707190 -c--a-w- c:\program files\noki-v1.7-setup.exe
2008-05-25 08:31 . 2008-05-25 08:31 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2008-02-25 04:12 . 2008-02-25 04:12 224264 -c--a-w- c:\program files\YouTubeUploaderSetup.exe
2007-11-13 04:43 . 2007-11-13 04:42 3201772 -c--a-w- c:\program files\InstallAX.exe
2007-11-09 06:56 . 2007-11-09 06:38 2221056 -c--a-w- c:\program files\Pennytel_Setup.msi
2007-05-20 11:55 . 2007-05-20 11:55 475790 -c--a-w- c:\program files\Autoruns.zip
2007-04-12 16:00 . 2007-04-12 16:00 132847 -c--a-w- c:\program files\customess1[1].0-rc2(www.mess.be).zip
2006-10-02 08:42 . 2006-08-11 10:31 10904644 -c--a-w- c:\program files\tws40_install.exe
2006-08-23 03:35 . 2006-08-23 03:35 905728 -c--a-w- c:\program files\iview398.exe
2006-08-01 03:43 . 2006-08-01 03:43 15272744 -c--a-w- c:\program files\Install_Messenger_nous.exe
2001-11-05 00:41 . 2001-11-05 00:41 101 -c--a-w- c:\program files\Setup.ini
2001-11-05 00:39 . 2001-11-05 00:39 75181 -c--a-w- c:\program files\DATA2.CAB
2001-11-05 00:39 . 2001-11-05 00:39 431605 -c--a-w- c:\program files\DATA1.CAB
2001-11-05 00:39 . 2001-11-05 00:39 417 -c--a-w- c:\program files\LAYOUT.BIN
2001-11-05 00:39 . 2001-11-05 00:39 11149 -c--a-w- c:\program files\DATA1.HDR
2001-10-19 00:38 . 2001-10-19 00:38 129990 -c--a-w- c:\program files\Setup.inx
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 03:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Adelene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-02 725082]
"S3Hotkey"="s3hotkey.exe" [2005-05-19 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 88201]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-16 1191936]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 14850560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]

c:\documents and settings\Adelene\Start Menu\Programs\Startup\AutorunsDisabled
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2006-10-2 194775]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-27 05:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\NextUp-Acapela\\bin\\acatel_srv.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15164:TCP"= 15164:TCP:BitComet 15164 TCP
"15164:UDP"= 15164:UDP:BitComet 15164 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"18558:TCP"= 18558:TCP:BitComet 18558 TCP
"18558:UDP"= 18558:UDP:BitComet 18558 UDP

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [8/10/2005 1:43 PM 7808]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [8/10/2005 1:39 PM 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [8/10/2005 1:39 PM 23168]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/04/2009 2:29 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/04/2009 2:29 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 4:17 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 4:17 PM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [27/02/2010 3:53 PM 285392]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [8/10/2005 1:38 PM 4864]
R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [7/01/2006 1:35 AM 667648]
R3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [15/11/2007 6:58 PM 65604]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [19/11/1999 11:20 AM 3872]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 10:20 PM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 4:17 PM 12872]
S4 gupdate1c99489d7662a4;Google Update Service (gupdate1c99489d7662a4);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2009 11:01 AM 133104]
S4 WrKPoET2000;WrKPoET2000;c:\program files\WinPoET Broadband Connection\WrKPoET2000.sys [15/11/2007 6:58 PM 53046]
.
Contents of the 'Scheduled Tasks' folder

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 01:00]

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 01:00]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027938200-1536541407-2194037050-1007Core.job
- c:\documents and settings\Adelene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-18 09:30]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027938200-1536541407-2194037050-1007UA.job
- c:\documents and settings\Adelene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-18 09:30]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Adelene\Application Data\Mozilla\Firefox\Profiles\x6w3nqzc.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2|http://www.backtothebible.org/index.php/devotions/authors/lessons_on_living_kroll.html|http://www.bom.gov.au/cgi-bin/wrap_fwo.pl?IDQ10090.html|http://www.yourtv.com.au/|http://www.pennytel.com/au/index.jsp|http://motormouth.com.au/pricesearch.aspx?Region=Brisbane
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Adelene\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IntelZeroConfig - c:\program files\Intel\Wireless\bin\ZCfgSvc.exe
Notify-AutorunsDisabled - c:\program files\SUPERAntiSpyware\SASWINLO.DLL avgrsstx.dll igfxdev.dll c:\program files\Softex\OmniPass\opxpgina.dll
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 19:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-08 19:56:29
ComboFix-quarantined-files.txt 2010-03-08 09:56

Pre-Run: 1,254,031,360 bytes free
Post-Run: 2,244,308,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D29E6B63729A96727747ACA9B8B5A1A2

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 PM

Posted 29 March 2010 - 09:47 AM

Hi samoyed,



Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup) Click on update tap and press Update Now button.

Follow the prompt, and install new version java. After that, please clear your java cache as instructed in this thread .


Step1

1.Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
2.Uncheck and delete everything you find in there. (except for "My current home page")
3.Remove the check mark from the the Lock Desktop Items box if it is checked>Click Apply and OK the button


Step2

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3

Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  1. Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  2. Click Accept button on the "Requirements and limitations".
  3. When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  4. It will be Downloading and installing the program and Updating the database.
  5. When Updating the database have finished, click on Settings.
  6. Make sure all boxes are checked. then click on the Save button.
  7. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  8. Once the scan is completed, Click on View Scan Report.
  9. You may see a list of infected items over there. Click on Save Report As.
  10. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  11. Please post the contents in your next reply.
  12. You can refer to this animation

Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.Kas Online Scan Report

Tell me if you have any remaining issues on you pc.


#7 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 31 March 2010 - 05:33 AM

Hi sundavis,

I have trouble with Kas Online Scanner.

It took 2 hours to update. I left it to scan overnight but woke up to find that it hang after scanning for 31mins.

Is there an alternative? Thanks

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 PM

Posted 31 March 2010 - 10:02 AM

Hi samoyed,


Ok! You may try the following instead. thumbup2.gif

Step1

Please run the ESET Online Scanner
Note: You will need to use Internet explorer for this scan
  1. Turn off the real time scanner of any existing antivirus program while performing the online scan
  2. Tick the box next to YES, I accept the Terms of Use.
  3. Click Start
  4. When asked, allow the activeX control to install
  5. Click Start
  6. Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  7. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  8. Click Scan
  9. Wait for the scan to finish
  10. Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt .
  11. Copy and paste that log as a reply to this topic and also let me know how things are now.

I will give you another one, just in case. wink.gif


Please go to F-Secure Online Scanner
  1. Follow the on screen prompts to download activeX. Once that has completed, you'll be presented with types of scans.
  2. Tick 'My Scan' and click 'Show Options'
  3. Under Select File Types, tick All File Types
  4. Under Select Folders for Scanning, tick 'Scan a Folder' and click Select
  5. Select the C:\ drive, otherwise it will scan all drives.
  6. Click OK
  7. Click Start
  8. After it has completed, save the log and copy/paste the results in your next reply.
  9. If you have problems to run F-Secure Online Scanner, You may refer to this thread


#9 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 02 April 2010 - 01:21 AM

Hello....Thanks!

here's the log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=bbe50eaa8e7b764b9060e86f6e0e2811
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-02 04:12:39
# local_time=2010-04-02 02:12:39 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 12485155 12485155 0 0
# compatibility_mode=1024 16777191 100 0 2084310 2084310 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 74 31216112 38486472 0 0
# scanned=77706
# found=0
# cleaned=0
# scan_time=12033

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 PM

Posted 02 April 2010 - 01:30 AM

Hi samoyed,



Well done. thumbup2.gif Your system appears to be clean now. thumbup.gif If you have no remaining issues on your pc. Let's do some tidy up and we can send you on your way.

Step1

Click START then RUN
Now copy/paste ComboFix /Uninstall in the runbox and click OK.
Note the space between the x and the /Uninstall, it needs to be there.



This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2

Start OTL from your desktop.
  1. Double click OTL and let it run
  2. Then Click the Cleanup button.
  3. You will get a prompt saying "Being Cleanup Process". Please select Yes.
  4. Restart your computer when prompted.


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  2. Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  3. Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!



#11 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 02 April 2010 - 07:00 AM

Thank You so much sundavis!

Question: What was I infected with?

Cheers

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 PM

Posted 03 April 2010 - 09:20 AM

It seemed the MBAM was doing a good job. All vundo Trojan is gone once and for all.

Since this issue appears resolved, this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users