Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer getting sluggish. [Solved]

Started by misshot , Mar 16 2010 08:31 PM

  • This topic is locked This topic is locked

#16
SweetTech
Posted 25 March 2010 - 05:09 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
When you get a chance please post the Kaspersky Online Scanner log, a new OTL Custom scan, and an update on how your computer is running.

Thanks,
ST.
  • 0

Advertisements

#17
misshot
Posted 26 March 2010 - 12:38 AM

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, March 26, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, March 25, 2010 20:07:58
Records in database: 3870627
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 127086
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:59:40

No threats found. Scanned area is clean.

Selected area has been scanned.


OTL Result:

1) OTL.txt

OTL logfile created on: 26/03/2010 2:08:38 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.51 Gb Total Space | 69.91 Gb Free Space | 49.40% Space Free | Partition Type: NTFS
Drive D: | 7.54 Gb Total Space | 2.41 Gb Free Space | 31.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQC700
Current User Name: Jc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Jc\AppData\Local\temp\jkos-Jc\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk, Inc.)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...O&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://bws.singnet.c...g?locale=en_us"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: {AA052FD6-366A-4771-A591-0D8DC551585D}:1.1.17
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.6.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.17
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:3.6.10021200
FF - prefs.js..extensions.enabledItems: {e1c8879e-9db4-4adf-92d2-d4856bd434ef}:1.1.9.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 09:30:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/23 15:29:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 12:47:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/04 22:46:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/11/06 22:17:31 | 000,000,000 | ---D | M]

[2009/12/27 17:16:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\mozilla\Extensions
[2009/12/27 17:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/24 15:39:32 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions
[2010/03/01 22:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/03/16 09:37:11 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/03/12 10:50:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/12/02 23:57:37 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/03/22 10:46:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/20 14:39:04 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010/03/18 19:41:06 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2010/01/21 13:35:44 | 000,000,000 | ---D | M] (Calculator) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}
[2010/02/10 09:47:21 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/01/08 22:08:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/02 21:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/01/30 04:03:42 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/25 17:21:49 | 000,000,000 | ---D | M] (text/plain) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{e1c8879e-9db4-4adf-92d2-d4856bd434ef}
[2010/03/24 12:47:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/18 19:41:18 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2010/03/07 19:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\[email protected]
[2009/11/06 22:29:37 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\FasterFox_Lite@BigRedBrent
[2009/11/06 22:29:38 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\[email protected]
[2009/11/06 22:29:38 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\[email protected]
[2009/11/10 09:57:22 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\[email protected]
[2010/03/18 19:41:05 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\[email protected]
[2009/11/20 14:39:04 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\[email protected]
[2009/12/01 15:28:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 09:05:13 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/03/12 00:15:10 | 000,984,789 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 wgc1.acecounter.com
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 29139 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: enets.sg ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: iras.gov.sg ([mytax] https in Trusted sites)
O15 - HKCU\..Trusted Domains: iras.gov.sg ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKCU\..Trusted Domains: psi.gov.sg ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: singpass.gov.sg ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: singpass-services.gov.sg ([www] https in Trusted sites)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Users\Jc\Desktop\Angelynn Tan\05.01.09\DSC04945.JPG
O24 - Desktop BackupWallPaper: C:\Users\Jc\Desktop\Angelynn Tan\05.01.09\DSC04945.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 23:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 10:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/24 12:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/03/24 12:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/03/24 12:24:01 | 001,773,568 | ---- | C] (CPUID) -- C:\Users\Jc\Desktop\cpuz.exe
[2010/03/24 10:27:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/24 10:26:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/24 10:13:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/24 10:13:43 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/24 09:59:53 | 000,000,000 | ---D | C] -- C:\Users\Jc\AppData\Local\temp
[2010/03/24 09:50:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/24 09:50:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/24 09:50:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/24 09:48:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/18 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Jc\AppData\Roaming\Malwarebytes
[2010/03/18 18:43:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/18 18:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/18 18:43:20 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/18 18:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/11 14:47:22 | 000,000,000 | ---D | C] -- C:\Users\Jc\Documents\AutoCAD Sheet Sets
[2010/03/10 21:25:26 | 000,000,000 | ---D | C] -- C:\Users\Jc\Desktop\kpop
[2010/03/08 17:14:27 | 000,000,000 | ---D | C] -- C:\Users\Jc\Desktop\Construction Loan
[2010/02/25 00:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jc\Desktop\*.tmp files -> C:\Users\Jc\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/26 14:11:11 | 008,912,896 | -HS- | M] () -- C:\Users\Jc\NTUSER.DAT
[2010/03/26 09:46:12 | 057,758,320 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/26 09:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/24 10:23:29 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/24 10:14:29 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 10:14:29 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 10:07:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/24 10:07:00 | 1602,760,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/23 17:28:01 | 000,082,919 | ---- | M] () -- C:\Users\Jc\Desktop\NOC A1451-00041-2009.pdf
[2010/03/22 10:24:22 | 003,195,138 | -H-- | M] () -- C:\Users\Jc\AppData\Local\IconCache.db
[2010/03/17 15:24:59 | 000,042,496 | ---- | M] () -- C:\Users\Jc\Desktop\SD-FORM E ApplForm TempToilet.doc
[2010/03/16 18:05:11 | 002,063,641 | ---- | M] () -- C:\Users\Jc\Desktop\01 238VTL-Key and Location Plan.pdf
[2010/03/15 23:03:56 | 000,007,600 | ---- | M] () -- C:\Users\Jc\AppData\Local\resmon.resmoncfg
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/12 17:43:21 | 000,116,224 | ---- | M] () -- C:\Users\Jc\Desktop\Copy of Wk Programme.xls
[2010/03/12 14:37:40 | 000,401,974 | ---- | M] () -- C:\Users\Jc\Desktop\PL Changes - ECR09_A-_SP.dwg
[2010/03/12 13:45:52 | 000,366,629 | ---- | M] () -- C:\Users\Jc\Desktop\1st sty - New PL (A3).pdf
[2010/03/12 00:15:10 | 000,984,789 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/11 17:10:46 | 000,017,408 | ---- | M] () -- C:\Users\Jc\Desktop\Workers List.xls
[2010/03/10 21:08:54 | 000,684,666 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/10 21:08:54 | 000,598,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/10 21:08:54 | 000,100,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/05 17:01:10 | 007,844,317 | ---- | M] () -- C:\Users\Jc\Desktop\Technical Requirement - Household Shelter.pdf
[2010/03/02 20:37:24 | 000,368,879 | RHS- | M] () -- C:\QZDKY
[2010/03/02 20:37:24 | 000,000,020 | RHS- | M] () -- C:\winx.ld
[2010/03/01 22:44:33 | 000,984,406 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100312-001510.backup
[2010/03/01 15:59:22 | 000,029,696 | ---- | M] () -- C:\Users\Jc\Desktop\Worker Employment Status.doc
[2010/02/26 17:14:06 | 000,000,000 | ---- | M] () -- C:\Windows\mtstack16.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jc\Desktop\*.tmp files -> C:\Users\Jc\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/24 09:50:36 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/24 09:50:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/24 09:50:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/24 09:50:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/24 09:50:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/23 17:28:01 | 000,082,919 | ---- | C] () -- C:\Users\Jc\Desktop\NOC A1451-00041-2009.pdf
[2010/03/17 13:44:56 | 000,042,496 | ---- | C] () -- C:\Users\Jc\Desktop\SD-FORM E ApplForm TempToilet.doc
[2010/03/16 18:05:15 | 002,063,641 | ---- | C] () -- C:\Users\Jc\Desktop\01 238VTL-Key and Location Plan.pdf
[2010/03/12 13:38:57 | 000,366,629 | ---- | C] () -- C:\Users\Jc\Desktop\1st sty - New PL (A3).pdf
[2010/03/12 13:17:08 | 000,401,974 | ---- | C] () -- C:\Users\Jc\Desktop\PL Changes - ECR09_A-_SP.dwg
[2010/03/11 16:54:44 | 000,017,408 | ---- | C] () -- C:\Users\Jc\Desktop\Workers List.xls
[2010/03/10 14:37:07 | 000,116,224 | ---- | C] () -- C:\Users\Jc\Desktop\Copy of Wk Programme.xls
[2010/03/05 17:09:01 | 007,844,317 | ---- | C] () -- C:\Users\Jc\Desktop\Technical Requirement - Household Shelter.pdf
[2010/03/02 20:37:24 | 000,368,879 | RHS- | C] () -- C:\QZDKY
[2010/03/02 20:37:24 | 000,000,020 | RHS- | C] () -- C:\winx.ld
[2010/03/01 15:56:09 | 000,029,696 | ---- | C] () -- C:\Users\Jc\Desktop\Worker Employment Status.doc
[2010/02/26 17:14:06 | 000,000,000 | ---- | C] () -- C:\Windows\mtstack16.INI
[2010/02/16 14:03:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/01/11 12:09:43 | 000,000,375 | ---- | C] () -- C:\Windows\SSCE.INI
[2009/12/28 12:17:12 | 000,000,063 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/12/28 12:17:12 | 000,000,040 | ---- | C] () -- C:\Windows\opt_2460.ini
[2009/12/27 17:20:25 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/11/09 01:13:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/07 00:37:47 | 000,007,600 | ---- | C] () -- C:\Users\Jc\AppData\Local\resmon.resmoncfg
[2009/11/06 22:58:33 | 000,000,566 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/14 17:19:27 | 000,000,426 | ---- | C] () -- C:\Windows\brwmark.ini
[2009/08/14 17:19:27 | 000,000,052 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/29 13:41:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/10/20 12:50:02 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/10/20 12:36:33 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLcNL.DLL
[2008/09/02 13:25:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1554.dll
[2008/05/26 10:57:55 | 000,000,045 | ---- | C] () -- C:\Windows\MYOB.INI
[2008/05/26 10:57:54 | 000,000,204 | ---- | C] () -- C:\Windows\MYOBP.INI
[2008/05/26 10:57:16 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2008/05/26 10:57:14 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2008/04/18 18:28:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2008/03/19 14:58:18 | 000,122,880 | ---- | C] () -- C:\Windows\System32\use4b.dll
[2008/03/19 14:58:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\_isusr2k.dll
[2008/02/28 12:50:02 | 000,000,000 | ---- | C] () -- C:\Users\Jc\AppData\Roaming\wklnhst.dat
[2008/02/25 14:21:00 | 000,027,043 | ---- | C] () -- C:\Users\Jc\AppData\Roaming\UserTile.png
[2008/02/25 14:01:35 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2008/01/11 14:20:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 09:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/05/31 19:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/05/31 18:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2005/02/06 04:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll

========== LOP Check ==========

[2010/01/06 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Autodesk
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Canon
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Datalayer
[2009/12/27 17:20:07 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\FlashGet
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Forge of Games
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Foxit
[2010/01/07 10:49:44 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Foxit Software
[2009/11/07 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Leadertech
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\muvee Technologies
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\NewSoft
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Nokia
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Nokia Multimedia Player
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Oberon Media
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PC Suite
[2008/02/25 14:21:00 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PeerNetworking
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PlayFirst
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Publish Providers
[2009/11/06 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Sony
[2010/01/04 10:47:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SystemRequirementsLab
[2009/11/06 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Template
[2009/12/27 17:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Thunderbird
[2009/12/02 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Uniblue
[2009/11/06 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\uTorrent
[2010/03/03 17:37:18 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/03/22 08:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\HDD\iastor.sys
[2007/03/22 08:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/03/22 08:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_854e9851bc5e0ffb\iaStor.sys
[2007/03/22 08:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_3926b8183d8240e3\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 09:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >



I followed your instruction but no extra.txt was created this time.
  • 0

#18
SweetTech
Posted 26 March 2010 - 08:39 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
How is your computer currently running?
  • 0

#19
misshot
Posted 27 March 2010 - 01:02 AM

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Seems to be slightly better but it still freeze for a few sec once in awhile.

Did any malware infected my comp? If not, i'm wondering could it be my spec that is causing those freezes?
  • 0

#20
misshot
Posted 27 March 2010 - 01:04 AM

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Seems to be slightly better but it still freeze for a few sec once in awhile.

Did any malware infected my comp? If not, i'm wondering could it be my spec that is causing those freezes?
  • 0

#21
SweetTech
Posted 27 March 2010 - 11:08 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Yes, your computer did show some signs of an infection being present on your machine.


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
DRV - (catchme) -- File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cf - No CLSID value found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jc\Desktop\*.tmp files -> C:\Users\Jc\Desktop\*.tmp -> ]
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
:Commands
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

NEXT:



Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


NEXT



Clean Java Cache & Temporary Files
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

NEXT



Update FireFox
While in Firefox go to the Help menu.
Locate Check for Updates.
Allow Firefox to install the latest update. Which is 3.6.2



NEXT:



OTL Clean-Up
Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

NEXT:



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:
Posted Image
Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
  • 0

#22
misshot
Posted 27 March 2010 - 01:31 PM

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thank you for the help these few days. The tips given here certainly will help in preventing my comp from being targeted again.
I have feel that the laptop is indeed faster now.

Below are the log from OTL.

----

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall Adobe Download Manager not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cf\ deleted successfully.
File Protocol\Handler\cf - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Jc\Desktop\~WRL2948.tmp deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jc
->Temp folder emptied: 119220708 bytes
->Temporary Internet Files folder emptied: 10573817 bytes
->Java cache emptied: 53929864 bytes
->FireFox cache emptied: 51342297 bytes
->Flash cache emptied: 2277 bytes

User: Public
->Temp folder emptied: 0 bytes

User: QuickLaunch

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8874 bytes
RecycleBin emptied: 91322 bytes

Total Files Cleaned = 224.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jc
->Flash cache emptied: 0 bytes

User: Public

User: QuickLaunch

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03282010_030742

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Thank you.
  • 0

#23
SweetTech
Posted 27 March 2010 - 01:34 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
That log looks good. If you haven't already done so please proceed with the rest of the instructions in my last post. :)
  • 0

#24
misshot
Posted 27 March 2010 - 01:53 PM

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Had followed your instructions and everything seems to be going well. :)
  • 0

#25
SweetTech
Posted 27 March 2010 - 02:01 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Can we consider this topic resolved? If so, I'll go ahead and close it up. :)

Thanks,
SweetTech.
  • 0

Advertisements

#26
misshot
Posted 28 March 2010 - 05:48 AM

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Yes, it is resolved.

Case closed and thank you for the help.
  • 0

#27
SweetTech
Posted 28 March 2010 - 08:16 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP