one piece
Members-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by one piece
-
hi here is the extra.txt report. OTL Extras logfile created on: 2/21/2011 8:59:26 AM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = \\HR_JENNIFERPC\sebas An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free 7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 91.78 Gb Free Space | 61.58% Space Free | Partition Type: NTFS Drive F: | 465.76 Gb Total Space | 342.95 Gb Free Space | 73.63% Space Free | Partition Type: NTFS Drive K: | 465.76 Gb Total Space | 74.94 Gb Free Space | 16.09% Space Free | Partition Type: NTFS Computer Name: KHQ_SEBAS_TAN | User Name: sebastian.tan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin "{045BCAD4-3EBF-4D4E-8166-6B735F5AA298}" = Baan IV BW "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1 "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29342492-9F4F-4089-866A-10D801B610FD}" = Cisco Configuration Professional "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011 "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669A37FF-A446-46F9-8AAE-EEC1988A2ADF}" = Autodesk Design Review Firefox Add-on v1.1 "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011 "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models "{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran
-
Hi Elise, here are the OTL log. OTL logfile created on: 2/21/2011 8:52:22 AM - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\jennifer\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 479.00 Mb Total Physical Memory | 166.00 Mb Available Physical Memory | 35.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): C:\pagefile.sys 720 1440 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 18.09 Gb Free Space | 46.32% Space Free | Partition Type: NTFS Drive E: | 37.26 Gb Total Space | 37.17 Gb Free Space | 99.76% Space Free | Partition Type: NTFS Drive N: | 104.13 Gb Total Space | 102.87 Gb Free Space | 98.79% Space Free | Partition Type: NTFS Computer Name: HR_JENNIFERPC | User Name: jennifer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days < End of report >
-
Hi, Here the new report. Thank you. All processes killed ========== OTL ========== C:\Documents and Settings\jennifer\Application Data\QMgyCYm.js moved successfully. C:\Documents and Settings\jennifer\Application Data\uaKqKJ8F.js moved successfully. C:\Documents and Settings\jennifer\Application Data\l8ksxNVU.js moved successfully. C:\Documents and Settings\jennifer\Application Data\uJmFU.js moved successfully. C:\Documents and Settings\jennifer\Application Data\yMmIn1Ajmv.js moved successfully. File C:\Documents and Settings\jennifer\Application Data\k86WBD6.exe not found. C:\Documents and Settings\jennifer\Application Data\nfj4YP0mkl.js moved successfully. C:\Documents and Settings\jennifer\Application Data\eQ3Yk5jvIp.js moved successfully. C:\Documents and Settings\jennifer\Application Data\LQ9hut0.js moved successfully. C:\Documents and Settings\jennifer\Application Data\dqlpC.js moved successfully. C:\Documents and Settings\jennifer\Application Data\L4jGlO0T.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Fw8u5fLT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\kDn6KNEw.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aVFPPdMf.js moved successfully. C:\Documents and Settings\jennifer\Application Data\vP17ox.js moved successfully. C:\Documents and Settings\jennifer\Application Data\MGsiyT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\rVtB7b6QX.js moved successfully. C:\Documents and Settings\jennifer\Application Data\MirBRaAu9.js moved successfully. C:\Documents and Settings\jennifer\Application Data\sAmVWp1A.js moved successfully. C:\Documents and Settings\jennifer\Application Data\oI9B2TjcGr.js moved successfully. C:\Documents and Settings\jennifer\Application Data\wJdzydsu23.js moved successfully. C:\Documents and Settings\jennifer\Application Data\zVxzGBLQNS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\kFk03uckS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\DVzuv.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cKxDJ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\iLVIEvxl.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Mlso9W.js moved successfully. C:\Documents and Settings\jennifer\Application Data\XOz56gf.js moved successfully. C:\Documents and Settings\jennifer\Application Data\SBLgBqy.js moved successfully. C:\Documents and Settings\jennifer\Application Data\QP9y6Fqar.js moved successfully. C:\Documents and Settings\jennifer\Application Data\EYX5cTF.js moved successfully. C:\Documents and Settings\jennifer\Application Data\NcYwzSxd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\L5vIXnffOp.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aa8ZHgcc.js moved successfully. C:\Documents and Settings\jennifer\Application Data\adjnhYF.js moved successfully. C:\Documents and Settings\jennifer\Application Data\AA6TO6hY.js moved successfully. C:\Documents and Settings\jennifer\Application Data\TysQ1.js moved successfully. C:\Documents and Settings\jennifer\Application Data\jhsQNUUwRt.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aN5wq0aF3.js moved successfully. C:\Documents and Settings\jennifer\Application Data\SFRqsvPJyJ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\tYwjN.js moved successfully. C:\Documents and Settings\jennifer\Application Data\n3U4zt.js moved successfully. C:\Documents and Settings\jennifer\Application Data\oOnOO.js moved successfully. C:\Documents and Settings\jennifer\Application Data\HIU0j.js moved successfully. C:\Documents and Settings\jennifer\Application Data\pWctj.js moved successfully. C:\Documents and Settings\jennifer\Application Data\hxNlC6HcXJ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\vlNjgwjcd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\pcGDKuvnCu.js moved successfully. C:\Documents and Settings\jennifer\Application Data\RhtyN9.js moved successfully. File C:\Documents and Settings\jennifer\Application Data\e1HoHbiVbx.exe not found. C:\Documents and Settings\jennifer\Application Data\fnt7rfd0h4.js moved successfully. C:\Documents and Settings\jennifer\Application Data\dX1paD0.js moved successfully. C:\Documents and Settings\jennifer\Application Data\ulxu2ny2.js moved successfully. C:\Documents and Settings\jennifer\Application Data\K5GWfWI9fT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\wGPcL.js moved successfully. C:\Documents and Settings\jennifer\Application Data\PtoReJT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\zBvobmeSPo.js moved successfully. C:\Documents and Settings\jennifer\Application Data\jLySP7SHR.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Qtx0YP.js moved successfully. C:\Documents and Settings\jennifer\Application Data\UA9ZkLQvne.js moved successfully. C:\Documents and Settings\jennifer\Application Data\BOlIMZ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\i7cyMmS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\UZxCmPqec4.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cci3v.js moved successfully. C:\Documents and Settings\jennifer\Application Data\RlDa1y.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cTcFw.js moved successfully. File C:\Documents and Settings\jennifer\Application Data\l8OIQOWX.exe not found. C:\Documents and Settings\jennifer\Application Data\pBLIsG.js moved successfully. C:\Documents and Settings\jennifer\Application Data\m77TPKLWV2.js moved successfully. C:\Documents and Settings\jennifer\Application Data\hqsuQsTW.js moved successfully. C:\Documents and Settings\jennifer\Application Data\rQBUs05k9C.js moved successfully. C:\Documents and Settings\jennifer\Application Data\EkStXwp.js moved successfully. C:\Documents and Settings\jennifer\Application Data\KWic67AxHc.js moved successfully. C:\Documents and Settings\jennifer\Application Data\vm1XI4LPOG.js moved successfully. C:\Documents and Settings\jennifer\Application Data\NoAb98.js moved successfully. C:\Documents and Settings\jennifer\Application Data\ja4hI.js moved successfully. C:\Documents and Settings\jennifer\Application Data\edzEK.js moved successfully. C:\Documents and Settings\jennifer\Application Data\RfonCJDcd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\MluLQ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\f8YzxuYu.js moved successfully. C:\Documents and Settings\jennifer\Application Data\FBsx44qm.js moved successfully. C:\Documents and Settings\jennifer\Application Data\zHBeQc.js moved successfully. C:\Documents and Settings\jennifer\Application Data\WfPiBn.js moved successfully. C:\Documents and Settings\jennifer\Application Data\XU7tMC.js moved successfully. C:\Documents and Settings\jennifer\Application Data\ylgYS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\AlYXgNF.js moved successfully. C:\Documents and Settings\jennifer\Application Data\yJfThAo9.js moved successfully. C:\Documents and Settings\jennifer\Application Data\PlVN0.js moved successfully. C:\Documents and Settings\jennifer\Application Data\O5XIESTZb.js moved successfully. C:\Documents and Settings\jennifer\Application Data\IPtdk4W9o.js moved successfully. C:\Documents and Settings\jennifer\Application Data\hPx0uxSIvw.js moved successfully. C:\Documents and Settings\jennifer\Application Data\OJjhh.js moved successfully. C:\Documents and Settings\jennifer\Application Data\VrIGCyknF.js moved successfully. C:\Documents and Settings\jennifer\Application Data\TYi6EvxH.js moved successfully. C:\Documents and Settings\jennifer\Application Data\r9jAojDg.js moved successfully. C:\Documents and Settings\jennifer\Application Data\F1p1F.js moved successfully. File C:\Documents and Settings\jennifer\Application Data\vDaoaPQ5.exe not found. C:\Documents and Settings\jennifer\Application Data\YT8Afga.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Yg9mFx.js moved successfully. C:\Documents and Settings\jennifer\Application Data\eetXq.js moved successfully. C:\Documents and Settings\jennifer\Application Data\dklthdf.js moved successfully. C:\Documents and Settings\jennifer\Application Data\YmT2mcD.js moved successfully. C:\Documents and Settings\jennifer\Application Data\VP14IaQaZ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\W6QRwZ71V.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Is8MIUz.js moved successfully. C:\Documents and Settings\jennifer\Application Data\pgFbrOf1a.js moved successfully. C:\Documents and Settings\jennifer\Application Data\8781.bat moved successfully. C:\Documents and Settings\jennifer\Application Data\B5aS17a.js moved successfully. C:\Documents and Settings\jennifer\Application Data\WZNKQb.js moved successfully. C:\Documents and Settings\jennifer\Application Data\W8zmaLWujd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\IOzhAD.js moved successfully. C:\Documents and Settings\jennifer\Application Data\bHKpmQT1.js moved successfully. C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js moved successfully. C:\Documents and Settings\jennifer\Application Data\I5np9x.js moved successfully. C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\7076.bat moved successfully. C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js moved successfully. C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js moved successfully. C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\IFJMllI.js moved successfully. C:\Documents and Settings\jennifer\Application Data\3712.bat moved successfully. C:\Documents and Settings\jennifer\Application Data\gA73H9.js moved successfully. C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js moved successfully. C:\Documents and Settings\jennifer\Application Data\iRNv1.js moved successfully. C:\Documents and Settings\jennifer\Application Data\boY58.js moved successfully. C:\Documents and Settings\jennifer\Application Data\bF1BS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\9736.bat moved successfully. C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aiyqb.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js moved successfully. C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js moved successfully. C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js moved successfully. C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js moved successfully. C:\Documents and Settings\jennifer\Application Data\UVaTfT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\OpVuQE.js moved successfully. C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js moved successfully. C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js moved successfully. C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js moved successfully. C:\Documents and Settings\jennifer\Application Data\CCA3G.js moved successfully. C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js moved successfully. C:\Documents and Settings\jennifer\Application Data\RrfVr.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aZGEAC.js moved successfully. C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Administrator.HR_JENNIFERPC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: jennifer ->Temp folder emptied: 150719 bytes ->Temporary Internet Files folder emptied: 1269013 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3501050 bytes ->Flash cache emptied: 0 bytes User: jenniferold ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5.00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02182011_180500 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
-
Hi, I'm still able to access to internet. Here's the report. Error: Unable to interpret <[2011/02/09 19:06:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js> in the current context! Error: Unable to interpret <[2011/02/09 18:33:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\I5np9x.js> in the current context! Error: Unable to interpret <[2011/02/09 18:15:23 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js> in the current context! Error: Unable to interpret <[2011/02/09 18:10:52 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\7076.bat> in the current context! Error: Unable to interpret <[2011/02/09 18:10:23 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js> in the current context! Error: Unable to interpret <[2011/02/09 17:54:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js> in the current context! Error: Unable to interpret <[2011/02/09 17:45:23 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js> in the current context! Error: Unable to interpret <[2011/02/09 17:21:25 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js> in the current context! Error: Unable to interpret <[2011/02/09 14:18:48 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IFJMllI.js> in the current context! Error: Unable to interpret <[2011/02/09 13:47:09 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\3712.bat> in the current context! Error: Unable to interpret <[2011/02/09 13:46:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\gA73H9.js> in the current context! Error: Unable to interpret <[2011/02/09 13:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js> in the current context! Error: Unable to interpret <[2011/02/09 13:07:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iRNv1.js> in the current context! Error: Unable to interpret <[2011/02/09 12:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\boY58.js> in the current context! Error: Unable to interpret <[2011/02/09 12:42:41 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bF1BS.js> in the current context! Error: Unable to interpret <[2011/02/09 12:13:11 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\9736.bat> in the current context! Error: Unable to interpret <[2011/02/09 12:12:41 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js> in the current context! Error: Unable to interpret <[2011/02/09 12:02:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aiyqb.js> in the current context! Error: Unable to interpret <[2011/02/09 10:05:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js> in the current context! Error: Unable to interpret <[2011/02/09 09:31:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js> in the current context! Error: Unable to interpret <[2011/02/09 08:59:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js> in the current context! Error: Unable to interpret <[2011/02/09 08:25:05 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js> in the current context! Error: Unable to interpret <[2011/02/09 07:53:05 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UVaTfT.js> in the current context! Error: Unable to interpret <[2011/02/09 07:48:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OpVuQE.js> in the current context! Error: Unable to interpret <[2011/02/09 07:28:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js> in the current context! Error: Unable to interpret <[2011/02/09 07:21:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js> in the current context! Error: Unable to interpret <[2011/02/08 19:09:42 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js> in the current context! Error: Unable to interpret <[2011/02/08 19:00:37 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\CCA3G.js> in the current context! Error: Unable to interpret <[2011/02/08 17:34:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js> in the current context! Error: Unable to interpret <[2011/02/08 17:04:57 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RrfVr.js> in the current context! Error: Unable to interpret <[2011/02/08 17:00:00 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aZGEAC.js> in the current context! Error: Unable to interpret <[2011/02/08 16:30:33 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 54846 bytes ->FireFox cache emptied: 32169421 bytes ->Flash cache emptied: 511 bytes User: Administrator.HR_JENNIFERPC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: jennifer ->Temp folder emptied: 236933 bytes ->Temporary Internet Files folder emptied: 1435118 bytes ->Java cache emptied: 42037 bytes ->FireFox cache emptied: 46685106 bytes ->Flash cache emptied: 994 bytes User: jenniferold ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 106938 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 273378063 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 340.00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02182011_083548 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
-
hi, sorry for the delay... here are the log file But it unable to install the Recovery Console after I click ok. ComboFix 11-02-16.01 - jennifer 02/17/2011 9:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.232 [GMT 8:00] Running from: c:\documents and settings\jennifer\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\13A.tmp C:\1C6.tmp c:\documents and settings\jennifer\Application Data\e1HoHbiVbx.exe c:\documents and settings\jennifer\Application Data\l8OIQOWX.exe c:\documents and settings\jennifer\Application Data\vDaoaPQ5.exe c:\documents and settings\jennifer\Start Menu\Programs\Startup\Startup.js . ((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 ))))))))))))))))))))))))))))))) . 2011-02-10 03:40 . 2011-02-10 03:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-02-10 03:40 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-10 03:40 . 2011-02-10 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-10 03:40 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-10 03:39 . 2006-06-19 04:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-02-10 03:39 . 2006-05-25 06:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-02-10 03:39 . 2005-08-25 16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\program files\Trojan Remover 2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software 2011-02-09 08:29 . 2011-02-09 08:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar 2011-02-09 08:28 . 2011-02-09 08:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-02-09 08:19 . 2011-02-09 08:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-02-09 06:21 . 2011-02-09 09:16 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2011-02-09 06:13 . 2011-02-09 09:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-02-09 06:13 . 2011-02-09 06:13 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-02-09 06:12 . 2011-02-09 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-02-09 01:59 . 2011-02-10 03:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-09 01:59 . 2011-02-10 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-02-08 07:34 . 2011-02-08 09:11 -------- d-----w- c:\documents and settings\jennifer 2011-02-08 07:26 . 2011-02-08 07:27 -------- d-----w- c:\documents and settings\Administrator.HR_JENNIFERPC 2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-07 53248] "VTTrayp"="VTtrayp.exe" [2005-03-11 147456] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-02-17 492840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\jennifer\Start Menu\Programs\Startup\ SkypeMate.lnk - c:\program files\SkypeMate\SkypeMate.exe [2005-11-7 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2010-9-24 131584] Paymaster for Windows Shortcut Bar.lnk - c:\hrmwin\TBJ01000.exe [2010-4-21 49152] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?] . . ------- Supplementary Scan ------- . Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - ProfilePath - c:\documents and settings\jennifer\Application Data\Mozilla\Firefox\Profiles\p5lqnxp4.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - Notify-avgrsstarter - avgrsstx.dll AddRemove-BW - c:\baan\UNINST\Setup.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-17 09:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2011-02-17 09:10:29 ComboFix-quarantined-files.txt 2011-02-17 01:10 Pre-Run: 19,671,425,024 bytes free Post-Run: 19,662,286,848 bytes free - - End Of File - - 8006877EC2FF0498B46F4CC9F3CAA9F9
-
hi Elise, here are the OTL.txt OTL logfile created on: 2/14/2011 10:25:12 AM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\jennifer\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 479.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 14.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free Paging file location(s): C:\pagefile.sys 720 1440 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 18.02 Gb Free Space | 46.12% Space Free | Partition Type: NTFS Drive E: | 37.26 Gb Total Space | 37.17 Gb Free Space | 99.76% Space Free | Partition Type: NTFS Drive N: | 104.13 Gb Total Space | 102.88 Gb Free Space | 98.80% Space Free | Partition Type: NTFS Computer Name: HR_JENNIFERPC | User Name: jennifer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/14 10:24:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe PRC - [2011/02/14 06:29:34 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe PRC - [2011/02/14 06:29:34 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe PRC - [2010/11/25 14:02:02 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/11/25 14:01:58 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/10/20 18:33:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/09/21 13:29:49 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/06/22 12:46:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/06/22 12:46:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/06/22 12:46:26 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/06/22 12:46:25 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/11/07 15:22:54 | 000,225,280 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.exe PRC - [2005/06/20 21:42:20 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005/03/11 10:33:28 | 000,147,456 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe PRC - [2005/03/07 20:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe PRC - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ========== Modules (SafeList) ========== MOD - [2011/02/14 10:24:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/06/22 12:46:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe) SRV - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV - [2010/06/22 12:46:44 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/06/22 12:46:28 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/06/01 12:38:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/03/31 09:52:57 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2008/04/14 02:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2005/06/20 22:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1〈=en-sg IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF AA 76 1C 70 C7 CB 01 [binary data] IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/25 14:03:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/27 13:50:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/03 12:36:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 18:33:48 | 000,000,000 | ---D | M] [2011/02/10 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer\Application Data\Mozilla\Extensions [2011/02/10 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer\Application Data\Mozilla\Firefox\Profiles\p5lqnxp4.default\extensions [2011/02/08 08:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/03/30 07:29:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/07/28 07:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/25 14:03:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX [2010/10/27 13:50:21 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED [2009/02/24 15:51:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2008/10/04 20:24:00 | 003,695,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll O1 HOSTS File: ([2011/02/09 10:02:20 | 000,429,726 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14795 more lines... O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Paymaster for Windows Shortcut Bar.lnk = C:\HRMWIN\TBJ01000.exe (Asian Computer Services Pte Ltd) O4 - Startup: C:\Documents and Settings\jennifer\Start Menu\Programs\Startup\SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe () O4 - Startup: C:\Documents and Settings\jennifer\Start Menu\Programs\Startup\Startup.js () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145857178484 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.166.40 165.21.83.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kinergy.com.sg O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/08 16:10:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/14 10:24:14 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe [2011/02/13 13:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Help [2011/02/13 13:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Help [2011/02/11 15:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\AVG9 [2011/02/11 15:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Application Data\Brother [2011/02/11 09:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\sebas [2011/02/10 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Simply Super Software [2011/02/10 11:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Simply Super Software [2011/02/10 11:40:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/02/10 11:40:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/02/10 11:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/10 11:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover [2011/02/10 11:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2011/02/10 11:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software [2011/02/10 10:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\AVG Security Toolbar [2011/02/10 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Mozilla [2011/02/10 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Mozilla [2011/02/09 17:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\WinRAR [2011/02/09 14:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2011/02/09 14:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5 [2011/02/09 14:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2011/02/09 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Macromedia [2011/02/09 12:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Adobe [2011/02/09 09:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/02/09 09:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2011/02/08 17:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Malwarebytes [2011/02/08 17:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Adobe [2011/02/08 17:11:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\IECompatCache [2011/02/08 17:11:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\PrivacIE [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\WinRAR [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\SkypeMate [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\IRAS [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Citrix [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Cirtrix 2000 [2011/02/08 16:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Advertisement [2011/02/08 16:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Annex C [2011/02/08 16:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Character Reference [2011/02/08 16:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Confirmation [2011/02/08 16:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Contract of Service [2011/02/08 16:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\CV K&S [2011/02/08 16:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Downloads [2011/02/08 16:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Demystify Supply Chain Mgt_files [2011/02/08 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Foreign Worker Address System_files [2011/02/08 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\event catering_files [2011/02/08 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\ESOS LETTERS 270410 [2011/02/08 15:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Good Quotations by Famous people_files [2011/02/08 15:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Go for Growth_files [2011/02/08 15:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Job Journal [2011/02/08 15:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\JV [2011/02/08 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\mail [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\NJStar Document [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder (2) [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder (15) [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder (14) [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\My Skype Pictures [2011/02/08 15:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Offer Letter - Ex [2011/02/08 15:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Offer Letter - Nex [2011/02/08 15:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Offer Letter - Op [2011/02/08 15:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\photo [2011/02/08 15:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\SDL [2011/02/08 15:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\testimonial moo.doc_files [2011/02/08 15:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Stanford Global Supply Chain Forum_files [2011/02/08 15:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\The 7 Principles of...._files [2011/02/08 15:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\The Brave New World of Supply Chain Mgt_files [2011/02/08 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Title Page Primer on Performance Measurement_files [2011/02/08 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Title Page Benchmarking Report on Functional Process Improvement, A_files [2011/02/08 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\The Path to Supply Chain Leadership_files [2011/02/08 15:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Tong Hua - payslip [2011/02/08 15:46:04 | 001,120,119 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\Training objectives overview (2006).exe [2011/02/08 15:45:50 | 000,792,952 | ---- | C] (eFax.com) -- C:\Documents and Settings\jennifer\My Documents\Supply Chain Connection.exe [2011/02/08 15:45:18 | 000,987,136 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\SAFlashPlayer.exe [2011/02/08 15:43:50 | 042,668,537 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\kinhq2006070809.exe [2011/02/08 15:42:27 | 009,287,351 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\EB 200609.exe [2011/02/08 15:41:26 | 009,287,351 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200609.exe [2011/02/08 15:41:24 | 002,056,727 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200212.exe_ [2011/02/08 15:41:23 | 002,140,982 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200211.exe_ [2011/02/08 15:41:21 | 002,140,982 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200211.exe [2011/02/08 15:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Sun [2011/02/08 15:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\DATALIB-JEN060610 D [2011/02/08 15:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\HRMWIN b4 update sept 10 CPF [2011/02/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\Unused Desktop Shortcuts [2011/02/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\PROGLIB b4 update lv 101110 [2011/02/08 15:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Identities [2011/02/08 15:35:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\My Documents\My Pictures [2011/02/08 15:35:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\My Documents\My Music [2011/02/08 15:35:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\IETldCache [2011/02/08 15:34:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jennifer\Application Data\Microsoft [2011/02/08 15:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer\SendTo [2011/02/08 15:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer\Recent [2011/02/08 15:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer\Application Data [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Startup [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Start Menu [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\My Documents [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Favorites [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Accessories [2011/02/08 15:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\Cookies [2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\Templates [2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\PrintHood [2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\NetHood [2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\Local Settings [2011/02/08 15:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Microsoft [2011/02/08 15:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop [1999/12/07 07:31:22 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\jennifer\My Documents\*.tmp files -> C:\Documents and Settings\jennifer\My Documents\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/02/14 10:26:25 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\jennifer\Desktop\RKUnhookerLE.EXE [2011/02/14 10:25:03 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QMgyCYm.js [2011/02/14 10:24:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe [2011/02/14 09:55:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\uaKqKJ8F.js [2011/02/14 09:41:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\l8ksxNVU.js [2011/02/14 09:28:01 | 071,143,366 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/02/14 09:27:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\uJmFU.js [2011/02/14 09:02:03 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\yMmIn1Ajmv.js [2011/02/14 08:46:14 | 000,227,840 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\k86WBD6.exe [2011/02/14 08:46:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nfj4YP0mkl.js [2011/02/14 08:34:01 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\eQ3Yk5jvIp.js [2011/02/14 08:25:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LQ9hut0.js [2011/02/14 07:58:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dqlpC.js [2011/02/14 07:44:01 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\L4jGlO0T.js [2011/02/14 07:13:02 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Fw8u5fLT.js [2011/02/14 06:39:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\kDn6KNEw.js [2011/02/14 06:32:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aVFPPdMf.js [2011/02/14 06:29:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/02/13 17:13:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vP17ox.js [2011/02/13 16:53:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MGsiyT.js [2011/02/13 16:46:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\rVtB7b6QX.js [2011/02/13 16:27:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MirBRaAu9.js [2011/02/13 15:56:09 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\sAmVWp1A.js [2011/02/13 15:31:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\oI9B2TjcGr.js [2011/02/13 15:20:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\wJdzydsu23.js [2011/02/13 15:09:09 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zVxzGBLQNS.js [2011/02/13 14:47:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\kFk03uckS.js [2011/02/13 14:21:10 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\DVzuv.js [2011/02/13 13:50:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cKxDJ.js [2011/02/13 13:33:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iLVIEvxl.js [2011/02/13 13:10:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Mlso9W.js [2011/02/13 12:57:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\XOz56gf.js [2011/02/13 12:45:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2011/02/13 12:25:10 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\SBLgBqy.js [2011/02/13 12:03:21 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QP9y6Fqar.js [2011/02/13 11:55:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\EYX5cTF.js [2011/02/13 11:54:10 | 000,013,686 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/02/11 17:33:47 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\NcYwzSxd.js [2011/02/11 17:14:47 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\L5vIXnffOp.js [2011/02/11 17:07:47 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aa8ZHgcc.js [2011/02/11 16:36:48 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\adjnhYF.js [2011/02/11 16:27:47 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AA6TO6hY.js [2011/02/11 15:57:50 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\TysQ1.js [2011/02/11 15:24:53 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\jhsQNUUwRt.js [2011/02/11 15:21:59 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\letter of certification to RI - Liu Ying 0211.doc [2011/02/11 15:00:41 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\LETTER OF CERTIfication Lim Say Kai 0211.doc [2011/02/11 14:55:59 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aN5wq0aF3.js [2011/02/11 14:39:59 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\SFRqsvPJyJ.js [2011/02/11 14:35:00 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\tYwjN.js [2011/02/11 14:29:01 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\n3U4zt.js [2011/02/11 14:15:15 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\oOnOO.js [2011/02/11 14:04:15 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\HIU0j.js [2011/02/11 13:47:15 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pWctj.js [2011/02/11 13:14:14 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hxNlC6HcXJ.js [2011/02/11 13:02:15 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vlNjgwjcd.js [2011/02/11 12:30:15 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pcGDKuvnCu.js [2011/02/11 12:18:16 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RhtyN9.js [2011/02/11 12:11:53 | 000,109,232 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\e1HoHbiVbx.exe [2011/02/11 12:11:20 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\fnt7rfd0h4.js [2011/02/11 11:53:14 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dX1paD0.js [2011/02/11 11:22:14 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ulxu2ny2.js [2011/02/11 11:13:56 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Recommendation for Peggy 0211.doc [2011/02/11 11:13:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\K5GWfWI9fT.js [2011/02/11 11:03:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\wGPcL.js [2011/02/11 10:47:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\PtoReJT.js [2011/02/11 10:34:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zBvobmeSPo.js [2011/02/11 10:26:15 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\jLySP7SHR.js [2011/02/11 10:14:14 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Qtx0YP.js [2011/02/11 10:01:17 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UA9ZkLQvne.js [2011/02/11 09:52:14 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\BOlIMZ.js [2011/02/11 09:35:44 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\jennifer\Desktop\dds.scr [2011/02/11 09:29:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\i7cyMmS.js [2011/02/11 09:16:15 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UZxCmPqec4.js [2011/02/11 08:59:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cci3v.js [2011/02/11 08:31:16 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RlDa1y.js [2011/02/11 07:58:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cTcFw.js [2011/02/11 07:31:26 | 000,079,114 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\l8OIQOWX.exe [2011/02/11 07:31:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pBLIsG.js [2011/02/11 06:58:19 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\m77TPKLWV2.js [2011/02/11 06:56:47 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/02/10 20:06:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/02/10 19:36:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hqsuQsTW.js [2011/02/10 19:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\rQBUs05k9C.js [2011/02/10 18:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\EkStXwp.js [2011/02/10 18:52:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\KWic67AxHc.js [2011/02/10 18:39:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vm1XI4LPOG.js [2011/02/10 18:05:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\NoAb98.js [2011/02/10 17:52:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ja4hI.js [2011/02/10 17:20:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\edzEK.js [2011/02/10 17:11:40 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RfonCJDcd.js [2011/02/10 16:47:40 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MluLQ.js [2011/02/10 16:25:55 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal 0111.xls [2011/02/10 16:25:23 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal0111.xls [2011/02/10 16:15:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\f8YzxuYu.js [2011/02/10 16:09:40 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\FBsx44qm.js [2011/02/10 15:59:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zHBeQc.js [2011/02/10 15:45:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\WfPiBn.js [2011/02/10 15:22:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\XU7tMC.js [2011/02/10 14:48:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ylgYS.js [2011/02/10 14:22:41 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AlYXgNF.js [2011/02/10 13:51:40 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\yJfThAo9.js [2011/02/10 13:30:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\PlVN0.js [2011/02/10 13:20:49 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O5XIESTZb.js [2011/02/10 12:58:28 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IPtdk4W9o.js [2011/02/10 12:37:36 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hPx0uxSIvw.js [2011/02/10 12:32:00 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OJjhh.js [2011/02/10 12:21:32 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\VrIGCyknF.js [2011/02/10 12:11:31 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\TYi6EvxH.js [2011/02/10 12:05:30 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r9jAojDg.js [2011/02/10 11:43:28 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\F1p1F.js [2011/02/10 11:40:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/10 11:39:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk [2011/02/10 11:09:27 | 000,087,328 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vDaoaPQ5.exe [2011/02/10 11:09:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\YT8Afga.js [2011/02/10 10:47:04 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Yg9mFx.js [2011/02/10 10:31:05 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\eetXq.js [2011/02/10 10:16:04 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dklthdf.js [2011/02/10 09:48:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\YmT2mcD.js [2011/02/10 09:29:06 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\VP14IaQaZ.js [2011/02/10 09:15:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\W6QRwZ71V.js [2011/02/10 09:04:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Is8MIUz.js [2011/02/10 08:43:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pgFbrOf1a.js [2011/02/10 08:20:27 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\8781.bat [2011/02/10 08:20:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\B5aS17a.js [2011/02/10 07:55:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\WZNKQb.js [2011/02/10 07:46:07 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\W8zmaLWujd.js [2011/02/10 07:15:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IOzhAD.js [2011/02/09 19:33:23 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bHKpmQT1.js [2011/02/09 19:06:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js [2011/02/09 18:33:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\I5np9x.js [2011/02/09 18:15:23 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js [2011/02/09 18:10:52 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\7076.bat [2011/02/09 18:10:23 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js [2011/02/09 17:54:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js [2011/02/09 17:45:23 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js [2011/02/09 17:26:46 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011/02/09 17:21:25 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js [2011/02/09 14:18:48 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IFJMllI.js [2011/02/09 13:47:09 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\3712.bat [2011/02/09 13:46:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\gA73H9.js [2011/02/09 13:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js [2011/02/09 13:07:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iRNv1.js [2011/02/09 12:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\boY58.js [2011/02/09 12:42:41 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bF1BS.js [2011/02/09 12:13:11 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\9736.bat [2011/02/09 12:12:41 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js [2011/02/09 12:02:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aiyqb.js [2011/02/09 10:05:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js [2011/02/09 10:02:20 | 000,429,726 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/02/09 09:31:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js [2011/02/09 08:59:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js [2011/02/09 08:25:05 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js [2011/02/09 07:53:05 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UVaTfT.js [2011/02/09 07:48:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OpVuQE.js [2011/02/09 07:28:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js [2011/02/09 07:21:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js [2011/02/08 19:09:42 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js [2011/02/08 19:00:37 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\CCA3G.js [2011/02/08 17:34:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js [2011/02/08 17:04:57 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RrfVr.js [2011/02/08 17:00:00 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aZGEAC.js [2011/02/08 16:30:33 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js [2011/02/08 16:02:53 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk [2011/02/08 16:02:29 | 000,000,886 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2011/02/08 15:35:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/02/08 15:35:20 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/02/08 15:21:07 | 000,036,316 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\dll [2011/02/08 15:20:47 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\jennifer\Start Menu\Programs\Startup\Startup.js [2011/02/08 15:20:24 | 000,041,984 | ---- | M] () -- C:\WINDOWS\System32\document.doc [2011/01/28 15:16:41 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\MOM LETTER EXTENSION DP ALDRIN 0111.doc [2011/01/28 12:21:17 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\AIA GHS LISTING 311210w.xls [2011/01/27 18:09:42 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Tax-CAR BENEFITS-2011 w.xls [2011/01/27 15:42:49 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\cpf 05, 06 to 10 schedule.xls [2011/01/27 12:29:27 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\MOM LETTER RENEW PP SPass 0111.doc [2011/01/26 20:33:05 | 000,039,988 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\CS Workshop Report 2011.pdf [2011/01/26 17:53:05 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\cpf 05, 06 & 07 schedule.xls [2011/01/26 14:56:40 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\DD Salary Cost Jan - Dec 2010.xls [2011/01/26 14:54:48 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\DD Salary Cost Jan - Dec 2010w.xls [2011/01/26 09:58:46 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\CNY 2011 CHART FOR TE.xls [2011/01/26 09:38:10 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\KHQ Sec KNT 2011.xls [2011/01/26 08:38:47 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\CNY 2011 SCHEDULE FOR TE.xls [2011/01/25 18:14:18 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\LABELS.xls [2011/01/25 14:30:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Letter of resignation 0111 wxs.doc [2011/01/25 08:40:05 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Certificate of resignation 0111 WXushan.doc [2011/01/25 08:35:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\testimonial wangxushan 0111.doc [2011/01/24 14:09:22 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\hdb Shirley poh 240111.doc [2011/01/20 12:06:44 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Dr leave for yr 2010.xls [2011/01/20 09:51:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Text Snr Design Engineer 200111.doc [2011/01/20 09:47:34 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Ad Text 200111.doc [2011/01/19 17:04:37 | 000,234,523 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\IPA Gu Lin.pdf [2011/01/19 16:53:37 | 000,007,121 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\IPA Gu Lin.mht [2011/01/19 16:48:35 | 000,065,942 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\SB Ack Gu Lin.pdf [2011/01/19 16:20:27 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\BONUS 10 4 OTHER STAFF.xls [2011/01/19 11:52:22 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Bonus1210 wo sal.xls [2011/01/19 11:07:38 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Bonus1211 wo salary.xls [2011/01/19 11:05:04 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal0111 wo bonus.xls [2011/01/19 10:42:25 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal0111A.xls [2011/01/18 21:59:11 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\JV Others for Dec 10 pg 2.xls [2011/01/18 21:44:08 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Reconciliation Dec 10.xls [2011/01/18 17:13:00 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Bonus1210.xls [2011/01/18 16:21:18 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Career Pg 180111.doc [2011/01/18 15:07:56 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Career page 0111.doc [2011/01/18 08:34:02 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\VC Salary Jan - Dec 2010.xls [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\jennifer\My Documents\*.tmp files -> C:\Documents and Settings\jennifer\My Documents\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ==========
-
Hi, I'm having a problem with the virus above inside my 2 systems. The virus keep coming back after I scan with AVG n Malwarebytes anti-virus. May i know how to cure it? Thank you. Regards, Sebastian Here are the DDS txt: DDS (Ver_10-12-12.02) - NTFSx86 Run by jennifer at 9:35:57.35 on Fri 02/11/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.150 [GMT 8:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\tbh\monitor\bin\tbhMonitor.exe c:\Program Files\tbh\base\bin\tbhDaemon.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\tbh\base\bin\tbhSystray.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SkypeMate\SkypeMate.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\jennifer\Desktop\dds.scr C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe ============== Pseudo HJT Report =============== mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\jennifer\startm~1\programs\startup\skypem~1.lnk - c:\program files\skypemate\SkypeMate.exe StartupFolder: c:\documents and settings\jennifer\start menu\programs\startup\Startup.js StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paymas~1.lnk - c:\hrmwin\TBJ01000.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145857178484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jennifer\applic~1\mozilla\firefox\profiles\p5lqnxp4.default\ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-7-14 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-14 216400] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-14 29584] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-14 243024] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136] R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448] =============== Created Last 30 ================ ==================== Find3M ==================== 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll ============= FINISH: 9:37:47.48 =============== Please let me know if i need to upload the Attach.txt.