Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect virus [Closed]

Started by Tharwa2 , Apr 01 2009 11:44 AM

  • This topic is locked This topic is locked

#1
Tharwa2
Posted 01 April 2009 - 11:44 AM

Tharwa2

    New Member

  • Member
  • Pip
  • 9 posts
I have what seems to be a Google redirect virus.

Symptoms appear to be:
- redirecting google search result clicks to various ad sites
- preventing the downloading or updating of various AV tools
- preventing access to windows updates
- shutting down of browsers (and possibly windows explorer)

I have run the preparatory processes on the Malware and Spyware Cleaning guide, except for:
- Rooter.exe - I cannot download it, just get a message that bandwidth exceeded
- Windows updates - blocked

Avast has found nothing.

Malwarebytes found two problems with notifications in Windows Security Centre, and fixed them.

My OTList2 log:

OTListIt logfile created on: 2/04/2009 4:21:50 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Linda Jeffery\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.54% Memory free
2.58 Gb Paging File | 1.95 Gb Available in Paging File | 75.80% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.88 Gb Total Space | 6.98 Gb Free Space | 10.44% Space Free | Partition Type: NTFS
Drive D: | 6.64 Gb Total Space | 0.69 Gb Free Space | 10.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDATRADING
Current User Name: Linda Jeffery
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe (SafeNet)
PRC - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe (SafeNet)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\AhsayOBM\aua\bin\AuaObm.exe ()
PRC - C:\Program Files\AhsayOBM\bin\Scheduler.exe ()
PRC - C:\Program Files\AhsayOBM\aua\jvm\bin\AuaObmJW.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AhsayOBM\jvm\bin\SchedulerOBM.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe ()
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Systems)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
PRC - C:\Program Files\AhsayOBM\bin\SystemTray.exe ()
PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\setup\avast.setup ()
PRC - C:\Documents and Settings\Linda Jeffery\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Adobe Version Cue CS2 [Auto | Running]) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
SRV - (AdobeVersionCue [On_Demand | Stopped]) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe (Adobe Sytems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (IPSECMON [Auto | Running]) -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe (SafeNet)
SRV - (IreIKE [Auto | Running]) -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe (SafeNet)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (OBAutoUpdate [Auto | Running]) -- C:\Program Files\AhsayOBM\aua\bin\AuaObm.exe ()
SRV - (OBScheduler [Auto | Running]) -- C:\Program Files\AhsayOBM\bin\Scheduler.exe ()
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\hpzipm12.dll (Hewlett-Packard)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (USBDeviceService [Auto | Running]) -- C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe ()

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Cisco Systems, Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (btaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CoachAud [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachAud.sys (FotoNation Inc.)
DRV - (CoachUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachUsb.sys (FotoNation Inc.)
DRV - (CoachVid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachVid.sys (FotoNation Inc.)
DRV - (Crypto [Auto | Running]) -- C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DniVap [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vap.sys (Deterministic Networks Inc.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (hwdatacard [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IPSECDRV [System | Running]) -- C:\WINDOWS\system32\Drivers\IPSECDRV.sys (SafeNet)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Mvc25U870_VID_1262&PID_25FD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Mvc25U870.sys (Micro Vision Co.,Ltd)
DRV - (NETw4x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsu [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (w39n51 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Confluence"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [2009/01/12 23:37:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/02 02:55:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/02/22 23:55:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA SUNBIRD\COMPONENTS [2009/02/22 23:55:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA SUNBIRD\PLUGINS

[2009/04/02 02:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions
[2009/02/04 18:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/11/03 22:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/02/04 18:52:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2009/02/23 11:27:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/23 11:27:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2008/02/19 12:06:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions\[email protected]
[2008/08/21 17:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions\[email protected]
[2009/02/23 11:27:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions\[email protected]
[2008/07/14 12:23:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Firefox\Profiles\jxslctez.default\extensions\[email protected]
[2008/09/19 15:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Linda Jeffery\Application Data\mozilla\Sunbird\Profiles\afdjqi94.default\extensions
[2007/12/20 14:08:09 | 00,001,476 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Application Data\Mozilla\FireFox\Profiles\jxslctez.default\searchplugins\confluence.xml
[2007/12/20 14:07:54 | 00,001,484 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Application Data\Mozilla\FireFox\Profiles\jxslctez.default\searchplugins\jira.xml
[2009/04/02 03:40:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/02 02:54:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/15 13:09:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/06/11 11:35:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/03/28 10:12:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2008/12/19 14:44:05 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/19 14:44:05 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/19 14:44:05 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/19 14:44:06 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/19 14:44:06 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/06/15 21:24:15 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/06 16:44:17 | 00,002,206 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/06/15 21:24:15 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2006/06/01 10:17:38 | 00,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/06/15 21:24:15 | 00,001,077 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2007/01/18 09:05:32 | 00,002,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/12 01:39:34 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Systems)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [OBSystemTray] "C:\Program Files\AhsayOBM\bin\SystemTray.exe" ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Documents and Settings\Linda Jeffery\Start Menu\Programs\Startup\Dora Fairytale Adventures Registration.lnk = E:\ATR1.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: cmss-systems.com ([svn.dev] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1149317752314 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1202943098734 (MUWebControl Class)
O16 - DPF: {77EA215F-E276-4050-A196-8E12D4378BA3} http://demos.netcat....rdToHTMLLib.cab (ncWordToHTML Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O33 - MountPoints2\{037f2eb1-0f99-11dd-a79a-00164124792d}\Shell - "" = AutoRun
O33 - MountPoints2\{037f2eb1-0f99-11dd-a79a-00164124792d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{037f2eb1-0f99-11dd-a79a-00164124792d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3cb2ee21-8b5f-11dd-a7f7-00164124792d}\Shell\AutoRun\command - "" = F:\Launch.exe -- File not found
O33 - MountPoints2\{59679a88-1ca6-11dd-a79c-00164124792d}\Shell - "" = AutoRun
O33 - MountPoints2\{59679a88-1ca6-11dd-a79c-00164124792d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59679a88-1ca6-11dd-a79c-00164124792d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{95ec440e-1d5c-11dd-a79d-00164124792d}\Shell - "" = AutoRun
O33 - MountPoints2\{95ec440e-1d5c-11dd-a79d-00164124792d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95ec440e-1d5c-11dd-a79d-00164124792d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/04/02 04:20:40 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Step Six.doc
[2009/04/02 04:19:04 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda Jeffery\Desktop\OTListIt2.exe
[2009/04/02 03:59:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/02 03:59:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/02 03:57:59 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Linda Jeffery\Desktop\erunt_setup.exe
[2009/04/02 03:56:59 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\SysRestorePoint_v13.zip
[2009/04/02 03:15:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Linda Jeffery\Application Data\Malwarebytes
[2009/04/02 03:15:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/02 03:15:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/02 03:15:23 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/02 03:15:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/02 03:15:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/02 03:12:49 | 00,060,277 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\Malwarebytes_Anti-Malware_d5756.html
[2009/04/02 03:12:31 | 02,906,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Linda Jeffery\Desktop\mbam-setup.exe
[2009/04/02 02:33:27 | 03,062,142 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ComboFix.exe
[2009/04/02 02:31:47 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\GooredFix.exe
[2009/04/01 09:14:55 | 13,505,835 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\video.flv
[2009/03/31 13:40:58 | 00,098,304 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Reseller_Prospect_Labels.doc
[2009/03/31 09:30:26 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/03/31 09:30:26 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/03/31 09:30:26 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/31 09:30:25 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/03/31 09:30:25 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/03/31 09:30:24 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/03/31 09:30:24 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/03/31 09:30:24 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/03/31 09:30:24 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/03/31 09:30:11 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/03/31 09:30:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/03/31 09:30:08 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/03/29 16:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/29 16:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/26 16:25:55 | 00,268,256 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\Alert Threshold Analysis Tool_User_Input.xlsm
[2009/03/26 16:13:59 | 01,444,831 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\TortoiseSVN-1.6.0.15855-win32-svn-1.6.0.msi
[2009/03/26 10:50:49 | 00,145,920 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\MarginallyLegal.doc
[2009/03/25 15:38:54 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\HijackThis.lnk
[2009/03/25 15:38:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/25 12:48:23 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Linda Jeffery\Desktop\HJTInstall.exe
[2009/03/24 16:15:36 | 00,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2009/03/23 16:40:07 | 00,010,367 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\e-PayDay® FREEPAY Registration.rtf
[2009/03/23 16:15:13 | 00,262,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDATGRD.OCX
[2009/03/23 16:15:12 | 00,205,848 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2009/03/23 16:15:10 | 00,040,960 | ---- | C] (ASP Microcomputers) -- C:\WINDOWS\System32\ZIPNet.dll
[2009/03/23 16:15:06 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2009/03/23 16:14:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\CRYSTAL
[2009/03/23 16:14:55 | 01,471,232 | ---- | C] (Crystal Computer Services, Inc.) -- C:\WINDOWS\System\CRPE.DLL
[2009/03/23 16:14:55 | 00,093,200 | ---- | C] (Crystal Computer Services, Inc.) -- C:\WINDOWS\System\CRYSTAL.VBX
[2009/03/23 16:13:52 | 00,008,240 | ---- | C] () -- C:\WINDOWS\System\Dzprog.exe
[2009/03/23 16:13:50 | 00,091,072 | ---- | C] () -- C:\WINDOWS\System\SS3D2.VBX
[2009/03/23 16:13:47 | 00,995,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSAJT200.DLL
[2009/03/23 16:13:47 | 00,518,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MAPI.DLL
[2009/03/23 16:13:47 | 00,398,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VBRUN300.DLL
[2009/03/23 16:13:47 | 00,235,264 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA2.VBX
[2009/03/23 16:13:47 | 00,117,312 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\WINDOWS\System\CSTEXT.VBX
[2009/03/23 16:13:47 | 00,095,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VBDB300.DLL
[2009/03/23 16:13:47 | 00,094,480 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\MHRUN400.DLL
[2009/03/23 16:13:47 | 00,092,176 | ---- | C] (VideoSoft) -- C:\WINDOWS\System\VSVBX.VBX
[2009/03/23 16:13:47 | 00,086,240 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\MHTAB.VBX
[2009/03/23 16:13:47 | 00,075,136 | ---- | C] (VideoSoft) -- C:\WINDOWS\System\VSVIEW.VBX
[2009/03/23 16:13:47 | 00,066,752 | ---- | C] (Inner Media, Inc., Hollis NH USA) -- C:\WINDOWS\System\DZIP.DLL
[2009/03/23 16:13:47 | 00,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\THREED.VBX
[2009/03/23 16:13:47 | 00,058,880 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\MHGCAL.VBX
[2009/03/23 16:13:47 | 00,058,384 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\WINDOWS\System\CSDIALOG.VBX
[2009/03/23 16:13:47 | 00,057,984 | ---- | C] (Crescent dividion of Progress Software Corporation) -- C:\WINDOWS\System\QPRO200.DLL
[2009/03/23 16:13:47 | 00,054,432 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\WINDOWS\System\CSCMD.VBX
[2009/03/23 16:13:47 | 00,047,776 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA1.VBX
[2009/03/23 16:13:47 | 00,046,992 | ---- | C] (Inner Media, Inc., Hollis NH USA) -- C:\WINDOWS\System\DUNZIP.DLL
[2009/03/23 16:13:47 | 00,046,896 | ---- | C] (Crescent Division of Progress Software Corporation.) -- C:\WINDOWS\System\CSSPIN.VBX
[2009/03/23 16:13:47 | 00,040,112 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\WINDOWS\System\CSCOMBO.VBX
[2009/03/23 16:13:47 | 00,038,624 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\MHGOBD.VBX
[2009/03/23 16:13:47 | 00,036,352 | ---- | C] (Cresent Software, Inc.) -- C:\WINDOWS\System\CSFORM.VBX
[2009/03/23 16:13:47 | 00,032,000 | ---- | C] (Cresent Software, Inc.) -- C:\WINDOWS\System\CSPICT.VBX
[2009/03/23 16:13:47 | 00,031,744 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System\MSAFINX.DLL
[2009/03/23 16:13:47 | 00,025,648 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\KEYSTAT.VBX
[2009/03/23 16:13:47 | 00,024,400 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System\VBUNZ.VBX
[2009/03/23 16:13:47 | 00,023,728 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System\VBZIP.VBX
[2009/03/23 16:13:47 | 00,021,536 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\MHAN200.VBX
[2009/03/23 16:13:47 | 00,021,120 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\MHGLBL.VBX
[2009/03/23 16:13:47 | 00,020,928 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\MHTIP.VBX
[2009/03/23 16:13:47 | 00,019,008 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\MHMQ200.VBX
[2009/03/23 16:13:47 | 00,018,976 | ---- | C] (MicroHelp Inc.) -- C:\WINDOWS\System\MHGTXT.VBX
[2009/03/23 16:13:47 | 00,017,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSAJT112.DLL
[2009/03/23 16:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\e-PayDay
[2009/03/23 13:39:58 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/03/23 11:27:56 | 01,264,089 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\99cows.pdf
[2009/03/23 11:15:21 | 00,024,160 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\Complementaryfiles.zip
[2009/03/23 11:14:46 | 00,688,787 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\iNETDocs-Documentation.pdf
[2009/03/23 11:14:31 | 00,426,480 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\iNETDocs1.5.zip
[2009/03/21 16:14:55 | 00,160,931 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ZuckerWiki_1.0.zip
[2009/03/21 13:34:12 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ginny leads.doc
[2009/03/21 13:33:57 | 00,166,400 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\Copy of names_mailout4.xls
[2009/03/19 23:53:09 | 00,626,175 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\CE_User_List_Manual.docx
[2009/03/19 22:17:06 | 00,862,720 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\amf_flags.xls
[2009/03/18 12:15:04 | 00,017,714 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\acrobat_icon.png
[2009/03/18 12:14:17 | 00,001,889 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\acrobat_logo.jpg
[2009/03/18 11:56:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/03/17 22:42:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Linda Jeffery\Desktop\demo
[2009/03/17 21:36:23 | 97,376,751 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\demo.zip
[2009/03/17 21:32:29 | 06,660,096 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ppt_spbe_english.ppt
[2009/03/17 10:02:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\amf flags spreadsheet
[2009/03/16 17:42:57 | 00,000,043 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ATT29425.gif
[2009/03/16 17:42:43 | 00,000,048 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ATT29424.gif
[2009/03/16 09:02:17 | 00,059,850 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\showBackupReportFull.htm
[2009/03/14 22:23:56 | 24,453,120 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\shift-happens-23665.ppt
[2009/03/14 17:23:38 | 00,222,510 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\12_Data_Backup_Secrets_SME.pdf
[2009/03/12 17:17:14 | 00,021,752 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\Desktop\S60SpotOn_0.07.SISX
[2009/03/12 15:52:00 | 00,645,511 | ---- | C] (Jay Elaraj ) -- C:\Documents and Settings\Linda Jeffery\Desktop\ts2.5_setup.exe
[2009/03/12 13:44:39 | 00,268,762 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\hoyts.pdf
[2009/03/12 12:26:08 | 00,457,405 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\declaration_solid.pdf
[2009/03/11 07:48:08 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Operational Plans March 2009.doc
[2009/03/10 11:17:56 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Questions and Comments on WO tender brief.doc
[2009/03/09 11:00:40 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Bushfire Val's Line of command.doc
[2009/03/05 12:22:43 | 00,296,448 | ---- | C] () -- C:\Documents and Settings\Linda Jeffery\My Documents\USE.doc

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/02 04:20:40 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Step Six.doc
[2009/04/02 04:19:09 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Jeffery\Desktop\OTListIt2.exe
[2009/04/02 03:58:46 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Linda Jeffery\Desktop\erunt_setup.exe
[2009/04/02 03:56:50 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\SysRestorePoint_v13.zip
[2009/04/02 03:41:05 | 00,481,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/02 03:41:05 | 00,409,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/02 03:41:05 | 00,064,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/02 03:36:40 | 00,001,748 | -HS- | M] () -- C:\hpqp.ini
[2009/04/02 03:36:38 | 00,000,040 | ---- | M] () -- C:\XP_TV.ini
[2009/04/02 03:36:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/02 03:36:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/02 03:15:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/02 03:14:37 | 02,906,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Linda Jeffery\Desktop\mbam-setup.exe
[2009/04/02 03:12:54 | 00,060,277 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\Malwarebytes_Anti-Malware_d5756.html
[2009/04/02 02:37:14 | 03,062,142 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ComboFix.exe
[2009/04/02 02:31:51 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\GooredFix.exe
[2009/04/01 09:18:14 | 13,505,835 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\video.flv
[2009/04/01 01:50:50 | 00,082,944 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 13:40:58 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Reseller_Prospect_Labels.doc
[2009/03/31 09:30:26 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/31 09:30:24 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/29 13:23:28 | 03,180,054 | -H-- | M] () -- C:\Documents and Settings\Linda Jeffery\Local Settings\Application Data\IconCache.db
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/26 16:25:44 | 00,268,256 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\Alert Threshold Analysis Tool_User_Input.xlsm
[2009/03/26 16:19:44 | 01,444,831 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\TortoiseSVN-1.6.0.15855-win32-svn-1.6.0.msi
[2009/03/26 10:50:49 | 00,145,920 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\MarginallyLegal.doc
[2009/03/25 17:25:44 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/25 15:38:54 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\HijackThis.lnk
[2009/03/25 12:48:27 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Linda Jeffery\Desktop\HJTInstall.exe
[2009/03/25 11:51:32 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/03/24 16:26:56 | 00,000,041 | ---- | M] () -- C:\WINDOWS\crw.ini
[2009/03/23 16:40:07 | 00,010,367 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\e-PayDay® FREEPAY Registration.rtf
[2009/03/23 16:15:13 | 00,001,087 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/23 13:39:58 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/03/23 11:27:56 | 01,264,089 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\99cows.pdf
[2009/03/23 11:15:31 | 00,024,160 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\Complementaryfiles.zip
[2009/03/23 11:15:07 | 00,688,787 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\iNETDocs-Documentation.pdf
[2009/03/23 11:14:55 | 00,426,480 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\iNETDocs1.5.zip
[2009/03/22 20:41:39 | 00,001,834 | -H-- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Default.rdp
[2009/03/21 16:15:03 | 00,160,931 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ZuckerWiki_1.0.zip
[2009/03/21 13:34:10 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ginny leads.doc
[2009/03/21 13:33:56 | 00,166,400 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\Copy of names_mailout4.xls
[2009/03/19 23:53:02 | 00,626,175 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\CE_User_List_Manual.docx
[2009/03/19 22:17:14 | 00,862,720 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\amf_flags.xls
[2009/03/18 15:57:07 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/18 12:15:06 | 00,017,714 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\acrobat_icon.png
[2009/03/18 12:14:20 | 00,001,889 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\acrobat_logo.jpg
[2009/03/18 11:56:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/17 22:27:55 | 97,376,751 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\demo.zip
[2009/03/17 21:35:44 | 06,660,096 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ppt_spbe_english.ppt
[2009/03/16 17:42:55 | 00,000,043 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ATT29425.gif
[2009/03/16 17:42:41 | 00,000,048 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\ATT29424.gif
[2009/03/16 09:02:26 | 00,059,850 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\showBackupReportFull.htm
[2009/03/14 22:33:35 | 24,453,120 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\shift-happens-23665.ppt
[2009/03/14 17:23:43 | 00,222,510 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\12_Data_Backup_Secrets_SME.pdf
[2009/03/12 17:17:13 | 00,021,752 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\Desktop\S60SpotOn_0.07.SISX
[2009/03/12 15:52:11 | 00,645,511 | ---- | M] (Jay Elaraj ) -- C:\Documents and Settings\Linda Jeffery\Desktop\ts2.5_setup.exe
[2009/03/12 13:44:44 | 00,268,762 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\hoyts.pdf
[2009/03/12 12:40:47 | 00,457,405 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\declaration_solid.pdf
[2009/03/12 10:53:50 | 00,384,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 10:05:39 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Operational Plans March 2009.doc
[2009/03/12 07:44:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 16:13:01 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Bushfire Val's Line of command.doc
[2009/03/10 12:50:22 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\Questions and Comments on WO tender brief.doc
[2009/03/05 12:22:43 | 00,296,448 | ---- | M] () -- C:\Documents and Settings\Linda Jeffery\My Documents\USE.doc
< End of report >

My Extras.txt report:

OTListIt Extras logfile created on: 2/04/2009 4:21:50 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Linda Jeffery\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.54% Memory free
2.58 Gb Paging File | 1.95 Gb Available in Paging File | 75.80% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.88 Gb Total Space | 6.98 Gb Free Space | 10.44% Space Free | Partition Type: NTFS
Drive D: | 6.64 Gb Total Space | 0.69 Gb Free Space | 10.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDATRADING
Current User Name: Linda Jeffery
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke (SafeNet)
C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog (SafeNet)
C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp (SafeNet)
C:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager (SafeNet)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 (Adobe Systems Incorporated)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla ()
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke (SafeNet)
C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog (SafeNet)
C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp (SafeNet)
C:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager (SafeNet)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0A399F13-2F24-4318-B632-D27B7FCCB43A}" = TortoiseSVN 1.5.6.14908 (32 bit)
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0FD23E02-2BFB-4BEC-8823-FE984F83F161}" = VMware Server Console
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19B90AF8-4F07-4FAC-AFD0-A6415F3ADE06}" = Simply Budgets 1st Steps
"{19C3EBF9-7639-42E9-B060-5871DE5C09A7}" = Reading & Phonics
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{25AA6102-EA34-4045-BF7B-EEB3162AD006}" = 101 Kid's Brainy Games
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2F931B84-0CEE-11D1-AA7D-0080AD1AC47A}" = NetScreen-Remote
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{307FBAE3-388E-40B7-BBC2-CF06FBB517E3}" = Maths Quest
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{329A3C81-7884-4A64-B8F6-078795C31506}" = Citrix Endpoint Analysis Client
"{34AC1011-B8EB-4A08-8166-E88619C9DF6C}" = iSpy Console
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 B3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{58C62A8E-E628-4822-A0F2-BBE10329D53F}" = HP User Guides 0009
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{59367F7E-D7C1-4629-8AEC-71AA24A68F31}" = Nokia Software Updater
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69880C00-08DD-4385-B752-9C62656F6D1E}" = Microsoft SQL Server 2005 Backward compatibility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110002467}" = Inspector-Parker
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110074983}" = BeTrapped!
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110075733}" = Chainz
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110099903}" = Magic Inlay
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11015843}" = Ricochet Lost Worlds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110166840}" = Ballistik
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110176513}" = Feeding Frenzy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110194827}" = Jewel Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110250590}" = A Series of Unfortunate Events
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110261550}" = Shape Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110268640}" = Links® Course Challenge – Chateau Whistler
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11028247}" = Cubis Gold 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110294723}" = Mah Jong Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110313550}" = Jigsaw 365
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110325350}" = Mah Jong Medley
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110353813}" = Magic Ball 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110371640}" = Poker Superstars
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110375480}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110379827}" = Wonderland - Secret Worlds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11042853}" = Tumblebugs
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86B8537C-6644-4007-9B7A-C83445213A0B}" = ComponentOne Doc-To-Help
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{913B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A0D14CE3-52F4-415C-9454-C8991722A723}" = Disney Flix 3.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6888DCB-945D-4462-A9BC-F499A0233C14}" = Exploring Our Solar System
"{A6D23784-2091-11D4-9BEB-00104B198B0D}" = Oz - TMA
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A96D35D6-EC2D-481C-80AF-E98861A41085}" = Garfield G2 Maths
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AD298C10-EED0-4075-A9F1-4C8C93ACBD08}" = Dora Fairytale Adventure
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AEC01EFA-2C3B-40F1-8F5B-AA49D2490979}" = KISS Wave MP3 Editor v14.2
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B69C374D-5E7B-4D0D-9DD9-C8B5FDB17811}" = Literacy Quest
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C798FFFD-48E2-425B-AF2C-61686BB982AF}" = ODF Add-in for Microsoft Word
"{C8A8AC11-53BE-47D3-AC09-9E8B7D0D206F}" = abc's & 123's
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F2C820FD-A3AA-4C07-814D-B7F38DDAE1C6}" = DataDirector 2
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"75FFA390FABE1F136DFF357E465361D41DEF5AFA" = Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (11/30/2005 1.0.1.1)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AhsayOBM_is1" = AhsayOBM
"avast!" = avast! Antivirus
"Barbie™ as The Princess and the Pauper" = Barbie™ as The Princess and the Pauper
"Barbie™ Beauty Boutique™ CD-ROM" = Barbie™ Beauty Boutique™ CD-ROM
"Barbie™ Fashion Show™ CD-ROM" = Barbie™ Fashion Show™ CD-ROM
"Barbie™ Mermaid Adventure™ CD-ROM" = Barbie™ Mermaid Adventure™ CD-ROM
"Big Reading Adventure" = Big Reading Adventure
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 10.2
"BRAINtastic1.0 standard" = BRAINtastic
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CamStudio" = CamStudio
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_qta30a0k" = HDAUDIO Soft Data Fax Modem with SmartCP
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 2.2
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.0
"FolderScavenger" = FolderScavenger 1.0.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free Video Zilla_is1" = Free Video Zilla
"getPlus®_ocx" = getPlus®_ocx
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"Indeo® Software" = Indeo® Software
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InterActual Player" = InterActual Player
"JumpStart Advanced Preschool" = JumpStart Advanced Preschool
"JumpStart Animal Adventures" = JumpStart Animal Adventures
"JumpStart Art for Fun" = JumpStart Art for Fun
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Standard)
"LastPass" = LastPass (uninstall only)
"LEARN & GROW SERIES 1" = LEARN & GROW SERIES 1
"MailWasher Free_is1" = MailWasher Free
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mozilla Sunbird (0.8)" = Mozilla Sunbird (0.8)
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"Nokia PC Suite" = Nokia PC Suite
"Numbers Up!2 Baggin' the Dragon V1.2Aust V1.2" = Numbers Up!2 Baggin' the Dragon V1.2
"Optus Wireless Broadband" = Optus Wireless Broadband
"PDF Password Remover v3.0_is1" = PDF Password Remover v3.0
"PHONICS FOR BEGINNERS" = PHONICS FOR BEGINNERS
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Space_is1" = Space 1.4.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TLPS" = e-PayDay® FREEPAY®
"TMS32.exe" = Treasure MathStorm!
"TMTWIN32.exe" = Treasure Mountain!
"Uninstall_is1" = Uninstall 1.0.0.1
"VoiceExplorer2005® " = VoiceExplorer2005®
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.40-2
"Winnie the Pooh Toddler" = Disney's Winnie the Pooh Toddler
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"b996e812c4b1deb0" = ROUTE 66 Sync
"Compliance Explorer" = Compliance Explorer
"MetaStock 9.0" = MetaStock 9.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/03/2009 8:20:07 PM | Computer Name = LINDATRADING | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 30/03/2009 11:53:11 PM | Computer Name = LINDATRADING | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Project Professional 2003 - Update 'Project
2003 Service Pack 3 (SP3): PROJECTSP3' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 31/03/2009 12:38:13 AM | Computer Name = LINDATRADING | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Project Professional 2003 - Update 'Project
2003 Service Pack 3 (SP3): PROJECTSP3' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 31/03/2009 5:50:38 PM | Computer Name = LINDATRADING | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Project Professional 2003 - Update 'Project
2003 Service Pack 3 (SP3): PROJECTSP3' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 31/03/2009 10:51:54 PM | Computer Name = LINDATRADING | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 1/04/2009 2:27:39 AM | Computer Name = LINDATRADING | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/04/2009 12:00:55 PM | Computer Name = LINDATRADING | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Project Professional 2003 - Update 'Project
2003 Service Pack 3 (SP3): PROJECTSP3' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 1/04/2009 12:44:09 PM | Computer Name = LINDATRADING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10021e39.

Error - 1/04/2009 12:44:37 PM | Computer Name = LINDATRADING | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10021e39.

Error - 1/04/2009 1:00:35 PM | Computer Name = LINDATRADING | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.

[ System Events ]
Error - 31/03/2009 12:42:55 AM | Computer Name = LINDATRADING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 31/03/2009 12:43:59 AM | Computer Name = LINDATRADING | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP eabfiltr eeCtrl Fips intelppm

Error - 31/03/2009 12:45:36 AM | Computer Name = LINDATRADING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 31/03/2009 12:45:59 AM | Computer Name = LINDATRADING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 31/03/2009 12:45:59 AM | Computer Name = LINDATRADING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 31/03/2009 2:21:15 AM | Computer Name = LINDATRADING | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 31/03/2009 5:49:21 PM | Computer Name = LINDATRADING | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 31/03/2009 5:51:18 PM | Computer Name = LINDATRADING | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Project 2003 Service Pack 3 (SP3).

Error - 31/03/2009 8:25:16 PM | Computer Name = LINDATRADING | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/04/2009 12:01:34 PM | Computer Name = LINDATRADING | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Project 2003 Service Pack 3 (SP3).


< End of report >

Help would be greatly appreciated as this is really starting to get me annoyed.

Thanks very much.
  • 0

Advertisements

#2
Jimmy2012
Posted 08 April 2009 - 12:20 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Tharwa2 and welcome to Geeks to go. :)
Sorry about the delay.



Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • 0

#3
Tharwa2
Posted 08 April 2009 - 06:10 PM

Tharwa2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
No worries Jimmy,

Thanks very much for helping me.

Combofix has been run. Log below.

ComboFix 09-04-04.01 - Linda Jeffery 2009-04-09 9:54:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1375 [GMT 10:00]
Running from: c:\documents and settings\Linda Jeffery\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-07 12:01 . 2009-04-07 12:39 <DIR> d-------- C:\Rooter$
2009-04-06 08:08 . 2009-04-06 08:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\AhsayOBM
2009-04-02 02:59 . 2009-04-02 02:59 <DIR> d-------- c:\program files\ERUNT
2009-04-02 02:15 . 2009-04-02 02:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 02:15 . 2009-04-02 02:15 <DIR> d-------- c:\documents and settings\Linda Jeffery\Application Data\Malwarebytes
2009-04-02 02:15 . 2009-04-02 02:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 02:15 . 2009-03-26 15:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 02:15 . 2009-03-26 15:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-31 08:30 . 2009-03-31 08:30 <DIR> d-------- c:\program files\Alwil Software
2009-03-29 15:24 . 2009-03-29 15:25 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-29 15:24 . 2009-03-29 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-25 14:38 . 2009-03-25 14:38 <DIR> d-------- c:\program files\Trend Micro
2009-03-24 15:15 . 2009-03-24 15:26 41 --a------ c:\windows\crw.ini
2009-03-23 15:15 . 2000-12-05 23:00 262,328 --a------ c:\windows\system32\MSDATGRD.OCX
2009-03-23 15:15 . 1998-06-26 19:22 205,848 --a------ c:\windows\system32\THREED32.OCX
2009-03-23 15:15 . 2000-05-21 23:00 115,920 --a------ c:\windows\system32\MSINET.OCX
2009-03-23 15:15 . 2000-03-27 12:31 40,960 --a------ c:\windows\system32\ZIPNet.dll
2009-03-23 15:14 . 2009-03-23 15:14 <DIR> d-------- c:\windows\CRYSTAL
2009-03-23 15:14 . 1995-09-19 23:00 1,471,232 --a------ c:\windows\system\CRPE.DLL
2009-03-23 15:14 . 1995-09-19 23:00 93,200 --a------ c:\windows\system\CRYSTAL.VBX
2009-03-23 15:13 . 2009-03-24 16:06 <DIR> d-------- c:\program files\e-PayDay
2009-03-23 15:03 . 2009-03-23 15:03 129,984 --a------ c:\windows\~GLC0000.TMP
2009-03-18 10:56 . 2009-03-18 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 02:56 --------- d-----w c:\documents and settings\Linda Jeffery\Application Data\MailWasherPro
2009-04-05 22:08 --------- d-----w c:\program files\AhsayOBM
2009-03-27 09:11 --------- d-----w c:\program files\Numbers Up!2 Baggin' the Dragon V1.2
2009-03-17 22:59 --------- d-----w c:\documents and settings\Linda Jeffery\Application Data\XnView
2009-03-12 04:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 03:59 --------- d-----w c:\program files\Common Files\Adobe
2009-02-18 04:47 --------- d-----w c:\documents and settings\Linda Jeffery\Application Data\FileZilla
2009-02-17 21:25 --------- d-----w c:\program files\Atari
2009-02-11 04:08 --------- d-----w c:\program files\NotepadPlus
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-08 13:25 737,280 ----a-w c:\windows\iun6002.exe
2008-12-19 03:44 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 03:44 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 03:44 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 03:44 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 03:44 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DetectorApp"="c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2005-10-28 679936]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"OBSystemTray"="c:\program files\AhsayOBM\bin\SystemTray.exe" [2008-09-12 368640]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-23 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"OBSystemTray"="c:\program files\AhsayOBM\bin\SystemTray.exe" [2008-09-12 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-10-02 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-02 110592]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-02 110592]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 577597]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
NetScreen-Remote.lnk - c:\program files\Juniper\NetScreen-Remote\SafeCfg.exe [2007-08-23 73780]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Free Video Zilla\\FVZilla.exe"=
"c:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"=
"c:\program files\Juniper\NetScreen-Remote\ViewLog.exe"= c:\program files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\Juniper\NetScreen-Remote\CmonApp.exe"= c:\program files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\Juniper\NetScreen-Remote\vpn.exe"= c:\program files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-31 114768]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2007-08-23 136760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-31 20560]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2007-08-23 536634]
R2 OBAutoUpdate;AutoUpdateAgent (AhsayOBM);c:\program files\AhsayOBM\aua\bin\AuaObm.exe [2007-11-30 66848]
R2 OBCDPService;Continuous Data Protection (Ahsay Online Backup Manager);c:\program files\AhsayOBM\bin\CDPService.exe [2009-04-06 262144]
R2 OBScheduler;Online Backup Scheduler (Ahsay Online Backup Manager);c:\program files\AhsayOBM\bin\Scheduler.exe [2007-11-30 77824]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2007-08-23 36188]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2009-01-04 45344]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-13 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-13 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{037f2eb1-0f99-11dd-a79a-00164124792d}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{037f2eb4-0f99-11dd-a79a-00164124792d}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cb2ee21-8b5f-11dd-a7f7-00164124792d}]
\Shell\AutoRun\command - F:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59679a88-1ca6-11dd-a79c-00164124792d}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95ec440e-1d5c-11dd-a79d-00164124792d}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q106&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: cmss-systems.com\svn.dev
DPF: {77EA215F-E276-4050-A196-8E12D4378BA3} - hxxp://demos.netcat.biz/CARPAWR/ncObjects/NE/Lib/activeX/ncWordToHTMLLib.cab
FF - ProfilePath - c:\documents and settings\Linda Jeffery\Application Data\Mozilla\Firefox\Profiles\jxslctez.default\
FF - prefs.js: browser.search.selectedEngine - Confluence
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\documents and settings\Linda Jeffery\Application Data\Mozilla\Firefox\Profiles\jxslctez.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 09:56:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????P??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1312)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-04-09 9:58:27
ComboFix-quarantined-files.txt 2009-04-08 23:57:46

Pre-Run: 6,970,048,512 bytes free
Post-Run: 7,226,052,608 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

235 --- E O F --- 2009-04-08 17:01:39
  • 0

#4
Jimmy2012
Posted 08 April 2009 - 10:40 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Tharwa2,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{037f2eb1-0f99-11dd-a79a-00164124792d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{037f2eb4-0f99-11dd-a79a-00164124792d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59679a88-1ca6-11dd-a79c-00164124792d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95ec440e-1d5c-11dd-a79d-00164124792d}]

SysRst::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following report into your next reply:
  • Combofix.txt .

  • 0

#5
Tharwa2
Posted 09 April 2009 - 02:04 AM

Tharwa2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks,

Thats done. Here is the ComboFix log:

ComboFix 09-04-04.01 - Linda Jeffery 2009-04-09 17:52:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1307 [GMT 10:00]
Running from: c:\documents and settings\Linda Jeffery\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Linda Jeffery\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090408-0] *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-09 13:07 . 2009-04-09 13:07 <DIR> d-------- c:\windows\LastGood
2009-04-07 12:01 . 2009-04-07 12:39 <DIR> d-------- C:\Rooter$
2009-04-06 08:08 . 2009-04-06 08:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\AhsayOBM
2009-04-02 02:59 . 2009-04-02 02:59 <DIR> d-------- c:\program files\ERUNT
2009-04-02 02:15 . 2009-04-02 02:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 02:15 . 2009-04-02 02:15 <DIR> d-------- c:\documents and settings\Linda Jeffery\Application Data\Malwarebytes
2009-04-02 02:15 . 2009-04-02 02:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 02:15 . 2009-03-26 15:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 02:15 . 2009-03-26 15:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-31 08:30 . 2009-03-31 08:30 <DIR> d-------- c:\program files\Alwil Software
2009-03-29 15:24 . 2009-03-29 15:25 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-29 15:24 . 2009-03-29 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-25 14:38 . 2009-03-25 14:38 <DIR> d-------- c:\program files\Trend Micro
2009-03-24 15:15 . 2009-03-24 15:26 41 --a------ c:\windows\crw.ini
2009-03-23 15:15 . 2000-12-05 23:00 262,328 --a------ c:\windows\system32\MSDATGRD.OCX
2009-03-23 15:15 . 1998-06-26 19:22 205,848 --a------ c:\windows\system32\THREED32.OCX
2009-03-23 15:15 . 2000-05-21 23:00 115,920 --a------ c:\windows\system32\MSINET.OCX
2009-03-23 15:15 . 2000-03-27 12:31 40,960 --a------ c:\windows\system32\ZIPNet.dll
2009-03-23 15:14 . 2009-03-23 15:14 <DIR> d-------- c:\windows\CRYSTAL
2009-03-23 15:14 . 1995-09-19 23:00 1,471,232 --a------ c:\windows\system\CRPE.DLL
2009-03-23 15:14 . 1995-09-19 23:00 93,200 --a------ c:\windows\system\CRYSTAL.VBX
2009-03-23 15:13 . 2009-03-24 16:06 <DIR> d-------- c:\program files\e-PayDay
2009-03-23 15:03 . 2009-03-23 15:03 129,984 --a------ c:\windows\~GLC0000.TMP
2009-03-18 10:56 . 2009-03-18 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 07:45 --------- d-----w c:\documents and settings\Linda Jeffery\Application Data\MailWasherPro
2009-04-05 22:08 --------- d-----w c:\program files\AhsayOBM
2009-03-27 09:11 --------- d-----w c:\program files\Numbers Up!2 Baggin' the Dragon V1.2
2009-03-17 22:59 --------- d-----w c:\documents and settings\Linda Jeffery\Application Data\XnView
2009-03-12 04:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 03:59 --------- d-----w c:\program files\Common Files\Adobe
2009-02-18 04:47 --------- d-----w c:\documents and settings\Linda Jeffery\Application Data\FileZilla
2009-02-17 21:25 --------- d-----w c:\program files\Atari
2009-02-11 04:08 --------- d-----w c:\program files\NotepadPlus
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2008-12-19 03:44 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 03:44 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 03:44 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 03:44 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 03:44 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-09_ 9.56.41.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-09 03:02:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_330.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\5dd39fc6fb7ee6864e8de54d385c\SP2GDR\netapi32.dll
2008-10-16 02:57 332800 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP542\A0194711.dll

c:\5dd39fc6fb7ee6864e8de54d385c\SP2QFE\netapi32.dll
2008-10-16 02:53 339456 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP542\A0194712.dll

c:\5dd39fc6fb7ee6864e8de54d385c\SP3GDR\netapi32.dll
2008-10-16 02:34 337408 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP542\A0194714.dll

c:\5dd39fc6fb7ee6864e8de54d385c\SP3QFE\netapi32.dll
2008-10-16 02:25 339456 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP542\A0194713.dll

c:\5dd39fc6fb7ee6864e8de54d385c\spmsg.dll
2007-11-30 21:18 17272 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP542\A0194710.dll

c:\5dd39fc6fb7ee6864e8de54d385c\spuninst.exe
2007-11-30 21:18 231288 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP542\A0194717.exe

c:\5dd39fc6fb7ee6864e8de54d385c\update\spcustom.dll
2007-11-30 21:18 26488 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP542\A0194709.dll

c:\5dd39fc6fb7ee6864e8de54d385c\update\update.exe
2007-11-30 21:18 755576 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP542\A0194718.exe

c:\5dd39fc6fb7ee6864e8de54d385c\update\updspapi.dll
2007-11-30 21:18 382840 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP542\A0194716.dll

c:\7063362433be5bfa6c\spmsg.dll
2008-03-21 12:57 14640 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189222.dll

c:\7063362433be5bfa6c\spmsg2k.dll
2005-06-28 09:20 13536 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189221.dll

c:\7063362433be5bfa6c\spmsgxp_2k3.dll
2008-03-21 12:57 14640 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189220.dll

c:\7063362433be5bfa6c\spuninst.exe
2008-03-21 12:57 221488 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189219.exe

c:\7063362433be5bfa6c\spupdsvc.exe
2008-03-21 12:57 23856 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189218.exe

c:\7063362433be5bfa6c\update\kmdfcustom.dll
2008-01-18 21:52 45568 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189214.dll

c:\7063362433be5bfa6c\update\update.exe
2008-03-21 12:57 743216 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189212.exe

c:\7063362433be5bfa6c\update\updspapi.dll
2008-03-21 12:57 379184 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189213.dll

c:\7063362433be5bfa6c\wdf01000.sys
2008-03-27 15:27 503008 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189217.sys

c:\7063362433be5bfa6c\wdfldr.sys
2008-03-27 15:27 35040 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP533\A0189216.sys

2000-08-31 08:00 3275 c:\combo-fix\Assoc.cmd
2000-08-31 08:00 3275 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229306.cmd

c:\combo-fix\Auto-RC.cmd
2000-08-31 08:00 3057 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229285.cmd
2000-08-31 08:00 3057 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP643\A0229459.cmd

2000-08-31 08:00 533 c:\combo-fix\av.cmd
2000-08-31 08:00 533 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229307.cmd

2000-08-31 08:00 962 c:\combo-fix\av.vbs
2000-08-31 08:00 962 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229308.vbs

c:\combo-fix\AWF.cmd
2000-08-31 08:00 609 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229301.cmd
2000-08-31 08:00 609 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP643\A0229479.cmd

2000-08-31 08:00 1853 c:\combo-fix\Boot-Rk.cmd
2000-08-31 08:00 1853 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229309.cmd

2000-08-31 08:00 7458 c:\combo-fix\Boot.bat
2000-08-31 08:00 7458 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229310.bat

c:\combo-fix\c.bat
2009-04-05 02:56 38074 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229297.bat
2009-04-05 02:56 38074 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP643\A0229471.bat

2000-08-31 08:00 663 c:\combo-fix\Catch-sub.cmd
2000-08-31 08:00 663 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229311.cmd

2009-04-09 17:52 91 c:\combo-fix\CCS.bat
2009-04-09 09:37 91 {D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP641\A0229293.bat

C:\System Volume
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DetectorApp"="c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2005-10-28 679936]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"OBSystemTray"="c:\program files\AhsayOBM\bin\SystemTray.exe" [2008-09-12 368640]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-23 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"OBSystemTray"="c:\program files\AhsayOBM\bin\SystemTray.exe" [2008-09-12 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-10-02 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-02 110592]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-02 110592]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 577597]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
NetScreen-Remote.lnk - c:\program files\Juniper\NetScreen-Remote\SafeCfg.exe [2007-08-23 73780]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Free Video Zilla\\FVZilla.exe"=
"c:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"=
"c:\program files\Juniper\NetScreen-Remote\ViewLog.exe"= c:\program files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\Juniper\NetScreen-Remote\CmonApp.exe"= c:\program files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\Juniper\NetScreen-Remote\vpn.exe"= c:\program files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-31 114768]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2007-08-23 136760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-31 20560]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2007-08-23 536634]
R2 OBAutoUpdate;AutoUpdateAgent (AhsayOBM);c:\program files\AhsayOBM\aua\bin\AuaObm.exe [2007-11-30 66848]
R2 OBCDPService;Continuous Data Protection (Ahsay Online Backup Manager);c:\program files\AhsayOBM\bin\CDPService.exe [2009-04-06 262144]
R2 OBScheduler;Online Backup Scheduler (Ahsay Online Backup Manager);c:\program files\AhsayOBM\bin\Scheduler.exe [2007-11-30 77824]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2007-08-23 36188]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2009-01-04 45344]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-13 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-13 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cb2ee21-8b5f-11dd-a7f7-00164124792d}]
\Shell\AutoRun\command - F:\Launch.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q106&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: cmss-systems.com\svn.dev
DPF: {77EA215F-E276-4050-A196-8E12D4378BA3} - hxxp://demos.netcat.biz/CARPAWR/ncObjects/NE/Lib/activeX/ncWordToHTMLLib.cab
FF - ProfilePath - c:\documents and settings\Linda Jeffery\Application Data\Mozilla\Firefox\Profiles\jxslctez.default\
FF - prefs.js: browser.search.selectedEngine - Confluence
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\documents and settings\Linda Jeffery\Application Data\Mozilla\Firefox\Profiles\jxslctez.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 17:57:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????P??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1476)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-04-09 18:02:50
ComboFix-quarantined-files.txt 2009-04-09 08:02:47
ComboFix2.txt 2009-04-08 23:58:28

Pre-Run: 7,214,645,248 bytes free
Post-Run: 7,200,231,424 bytes free

282 --- E O F --- 2009-04-08 17:01:39
  • 0

#6
Jimmy2012
Posted 09 April 2009 - 11:10 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Tharwa2,

  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.








Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log
  • 0

#7
Tharwa2
Posted 10 April 2009 - 07:59 AM

Tharwa2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks,

I updated and ran MBAM, and the log is below. I could not get Kaspersky to work, it kept coming up with a java error.

Malwarebytes' Anti-Malware 1.36
Database version: 1959
Windows 5.1.2600 Service Pack 3

10/04/2009 9:58:35 AM
mbam-log-2009-04-10 (09-58-35).txt

Scan type: Quick Scan
Objects scanned: 76632
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Jimmy2012
Posted 10 April 2009 - 02:50 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Tharwa2,

Please try this.



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#9
Tharwa2
Posted 10 April 2009 - 11:08 PM

Tharwa2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OK, I used ESET Online Scanner, logfile as follows:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4000 (20090410)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=ab88cb74459d2d4bbf590d75ce6af73a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-11 01:48:42
# local_time=2009-04-11 11:48:42 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=5.1.2600 NT Service Pack 3
# scanned=924817
# found=2
# scan_time=7669
C:\Qoobox\Quarantine\C\WINDOWS\_fakrkns_.jir.zip a variant of Win32/Delf.OEX trojan (deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\_fakrkns_.jir.zip »ZIP »fakrkns.jir a variant of Win32/Delf.OEX trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
  • 0

#10
Jimmy2012
Posted 11 April 2009 - 10:43 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Tharwa2,

How is your computer running now?
  • 0

Advertisements

#11
Tharwa2
Posted 12 April 2009 - 05:27 AM

Tharwa2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It seems to be running fine. It is not having redirects and the browsers are definitely not crashing now - Thanks very much for the awesome help.

I do seem to be dropping off and reconnecting with my home wireless every hour or so - could that be related or a different issue?

I am running Avast and Spbot S&D now to try to prevent any further infections.

Tharwa2
  • 0

#12
Jimmy2012
Posted 12 April 2009 - 03:46 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Tharwa2,

I do seem to be dropping off and reconnecting with my home wireless every hour or so - could that be related or a different issue?

Could you please explain that better? What does it do when it disconnects, does it give you any errors?
  • 0

#13
Tharwa2
Posted 12 April 2009 - 08:03 PM

Tharwa2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I keep noticing that every now and then I get Page Not Found errors, then a minute later the wireless (using the Intel PROSet/Wireless connector) pops up a message that Wireless Networks have been found and are available, then it connects to my default network/profile.

I have switched on the logging for the next two hours to see what it says. I also ran the Intel diagnostics, and the results are attached.

oop - it just dropped off and back on exactly at 12.00...

Tharwa2

Attached Thumbnails

  • wireless_diagnostics.PNG

  • 0

#14
Jimmy2012
Posted 13 April 2009 - 11:01 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Tharwa2,
When did this problem start?

Also, do you have any other computers that use wireless? If so, do they have the same problem as this computer does?
  • 0

#15
Tharwa2
Posted 15 April 2009 - 05:23 PM

Tharwa2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
mmm, not sure when the problem started.

I will run diagnostics on the other pc using the wireless. I will also have a look at the WAP itself to see what its logs say - I am leaning toward that being the problem.

I also use a wireless broadband on my laptop, and it does not appear to have any dropout issues that I have noticed.

Tharwa2
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP