Jump to content

one piece

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by one piece

  1. hi sorry, i think i have posted up the wrong extra.txt... will post it again.
  2. hi here is the extra.txt report. OTL Extras logfile created on: 2/21/2011 8:59:26 AM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = \\HR_JENNIFERPC\sebas An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free 7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 91.78 Gb Free Space | 61.58% Space Free | Partition Type: NTFS Drive F: | 465.76 Gb Total Space | 342.95 Gb Free Space | 73.63% Space Free | Partition Type: NTFS Drive K: | 465.76 Gb Total Space | 74.94 Gb Free Space | 16.09% Space Free | Partition Type: NTFS Computer Name: KHQ_SEBAS_TAN | User Name: sebastian.tan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin "{045BCAD4-3EBF-4D4E-8166-6B735F5AA298}" = Baan IV BW "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1 "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29342492-9F4F-4089-866A-10D801B610FD}" = Cisco Configuration Professional "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011 "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669A37FF-A446-46F9-8AAE-EEC1988A2ADF}" = Autodesk Design Review Firefox Add-on v1.1 "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011 "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models "{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran
  3. hi, if everything ok with this system, can i post the other system also having the same problem?
  4. hi, please ignore the last reply... i able to install it already. after install and run a full scan, everything seen ok. Thank u very much.
  5. Hi, do you know why i can't reinstall my AVG 9.0 back to the system after i uninstall it?
  6. Hi Elise, here are the OTL log. OTL logfile created on: 2/21/2011 8:52:22 AM - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\jennifer\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 479.00 Mb Total Physical Memory | 166.00 Mb Available Physical Memory | 35.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): C:\pagefile.sys 720 1440 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 18.09 Gb Free Space | 46.32% Space Free | Partition Type: NTFS Drive E: | 37.26 Gb Total Space | 37.17 Gb Free Space | 99.76% Space Free | Partition Type: NTFS Drive N: | 104.13 Gb Total Space | 102.87 Gb Free Space | 98.79% Space Free | Partition Type: NTFS Computer Name: HR_JENNIFERPC | User Name: jennifer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days < End of report >
  7. I'll rerun the OLT on monday n the system seen ok, but I have to reinstall the AVG after I rerun the OLT n confirm everything is ok. Very thank for ur time, me will post the result after scan. Thank again.
  8. Hi, Here the new report. Thank you. All processes killed ========== OTL ========== C:\Documents and Settings\jennifer\Application Data\QMgyCYm.js moved successfully. C:\Documents and Settings\jennifer\Application Data\uaKqKJ8F.js moved successfully. C:\Documents and Settings\jennifer\Application Data\l8ksxNVU.js moved successfully. C:\Documents and Settings\jennifer\Application Data\uJmFU.js moved successfully. C:\Documents and Settings\jennifer\Application Data\yMmIn1Ajmv.js moved successfully. File C:\Documents and Settings\jennifer\Application Data\k86WBD6.exe not found. C:\Documents and Settings\jennifer\Application Data\nfj4YP0mkl.js moved successfully. C:\Documents and Settings\jennifer\Application Data\eQ3Yk5jvIp.js moved successfully. C:\Documents and Settings\jennifer\Application Data\LQ9hut0.js moved successfully. C:\Documents and Settings\jennifer\Application Data\dqlpC.js moved successfully. C:\Documents and Settings\jennifer\Application Data\L4jGlO0T.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Fw8u5fLT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\kDn6KNEw.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aVFPPdMf.js moved successfully. C:\Documents and Settings\jennifer\Application Data\vP17ox.js moved successfully. C:\Documents and Settings\jennifer\Application Data\MGsiyT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\rVtB7b6QX.js moved successfully. C:\Documents and Settings\jennifer\Application Data\MirBRaAu9.js moved successfully. C:\Documents and Settings\jennifer\Application Data\sAmVWp1A.js moved successfully. C:\Documents and Settings\jennifer\Application Data\oI9B2TjcGr.js moved successfully. C:\Documents and Settings\jennifer\Application Data\wJdzydsu23.js moved successfully. C:\Documents and Settings\jennifer\Application Data\zVxzGBLQNS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\kFk03uckS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\DVzuv.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cKxDJ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\iLVIEvxl.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Mlso9W.js moved successfully. C:\Documents and Settings\jennifer\Application Data\XOz56gf.js moved successfully. C:\Documents and Settings\jennifer\Application Data\SBLgBqy.js moved successfully. C:\Documents and Settings\jennifer\Application Data\QP9y6Fqar.js moved successfully. C:\Documents and Settings\jennifer\Application Data\EYX5cTF.js moved successfully. C:\Documents and Settings\jennifer\Application Data\NcYwzSxd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\L5vIXnffOp.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aa8ZHgcc.js moved successfully. C:\Documents and Settings\jennifer\Application Data\adjnhYF.js moved successfully. C:\Documents and Settings\jennifer\Application Data\AA6TO6hY.js moved successfully. C:\Documents and Settings\jennifer\Application Data\TysQ1.js moved successfully. C:\Documents and Settings\jennifer\Application Data\jhsQNUUwRt.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aN5wq0aF3.js moved successfully. C:\Documents and Settings\jennifer\Application Data\SFRqsvPJyJ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\tYwjN.js moved successfully. C:\Documents and Settings\jennifer\Application Data\n3U4zt.js moved successfully. C:\Documents and Settings\jennifer\Application Data\oOnOO.js moved successfully. C:\Documents and Settings\jennifer\Application Data\HIU0j.js moved successfully. C:\Documents and Settings\jennifer\Application Data\pWctj.js moved successfully. C:\Documents and Settings\jennifer\Application Data\hxNlC6HcXJ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\vlNjgwjcd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\pcGDKuvnCu.js moved successfully. C:\Documents and Settings\jennifer\Application Data\RhtyN9.js moved successfully. File C:\Documents and Settings\jennifer\Application Data\e1HoHbiVbx.exe not found. C:\Documents and Settings\jennifer\Application Data\fnt7rfd0h4.js moved successfully. C:\Documents and Settings\jennifer\Application Data\dX1paD0.js moved successfully. C:\Documents and Settings\jennifer\Application Data\ulxu2ny2.js moved successfully. C:\Documents and Settings\jennifer\Application Data\K5GWfWI9fT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\wGPcL.js moved successfully. C:\Documents and Settings\jennifer\Application Data\PtoReJT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\zBvobmeSPo.js moved successfully. C:\Documents and Settings\jennifer\Application Data\jLySP7SHR.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Qtx0YP.js moved successfully. C:\Documents and Settings\jennifer\Application Data\UA9ZkLQvne.js moved successfully. C:\Documents and Settings\jennifer\Application Data\BOlIMZ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\i7cyMmS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\UZxCmPqec4.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cci3v.js moved successfully. C:\Documents and Settings\jennifer\Application Data\RlDa1y.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cTcFw.js moved successfully. File C:\Documents and Settings\jennifer\Application Data\l8OIQOWX.exe not found. C:\Documents and Settings\jennifer\Application Data\pBLIsG.js moved successfully. C:\Documents and Settings\jennifer\Application Data\m77TPKLWV2.js moved successfully. C:\Documents and Settings\jennifer\Application Data\hqsuQsTW.js moved successfully. C:\Documents and Settings\jennifer\Application Data\rQBUs05k9C.js moved successfully. C:\Documents and Settings\jennifer\Application Data\EkStXwp.js moved successfully. C:\Documents and Settings\jennifer\Application Data\KWic67AxHc.js moved successfully. C:\Documents and Settings\jennifer\Application Data\vm1XI4LPOG.js moved successfully. C:\Documents and Settings\jennifer\Application Data\NoAb98.js moved successfully. C:\Documents and Settings\jennifer\Application Data\ja4hI.js moved successfully. C:\Documents and Settings\jennifer\Application Data\edzEK.js moved successfully. C:\Documents and Settings\jennifer\Application Data\RfonCJDcd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\MluLQ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\f8YzxuYu.js moved successfully. C:\Documents and Settings\jennifer\Application Data\FBsx44qm.js moved successfully. C:\Documents and Settings\jennifer\Application Data\zHBeQc.js moved successfully. C:\Documents and Settings\jennifer\Application Data\WfPiBn.js moved successfully. C:\Documents and Settings\jennifer\Application Data\XU7tMC.js moved successfully. C:\Documents and Settings\jennifer\Application Data\ylgYS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\AlYXgNF.js moved successfully. C:\Documents and Settings\jennifer\Application Data\yJfThAo9.js moved successfully. C:\Documents and Settings\jennifer\Application Data\PlVN0.js moved successfully. C:\Documents and Settings\jennifer\Application Data\O5XIESTZb.js moved successfully. C:\Documents and Settings\jennifer\Application Data\IPtdk4W9o.js moved successfully. C:\Documents and Settings\jennifer\Application Data\hPx0uxSIvw.js moved successfully. C:\Documents and Settings\jennifer\Application Data\OJjhh.js moved successfully. C:\Documents and Settings\jennifer\Application Data\VrIGCyknF.js moved successfully. C:\Documents and Settings\jennifer\Application Data\TYi6EvxH.js moved successfully. C:\Documents and Settings\jennifer\Application Data\r9jAojDg.js moved successfully. C:\Documents and Settings\jennifer\Application Data\F1p1F.js moved successfully. File C:\Documents and Settings\jennifer\Application Data\vDaoaPQ5.exe not found. C:\Documents and Settings\jennifer\Application Data\YT8Afga.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Yg9mFx.js moved successfully. C:\Documents and Settings\jennifer\Application Data\eetXq.js moved successfully. C:\Documents and Settings\jennifer\Application Data\dklthdf.js moved successfully. C:\Documents and Settings\jennifer\Application Data\YmT2mcD.js moved successfully. C:\Documents and Settings\jennifer\Application Data\VP14IaQaZ.js moved successfully. C:\Documents and Settings\jennifer\Application Data\W6QRwZ71V.js moved successfully. C:\Documents and Settings\jennifer\Application Data\Is8MIUz.js moved successfully. C:\Documents and Settings\jennifer\Application Data\pgFbrOf1a.js moved successfully. C:\Documents and Settings\jennifer\Application Data\8781.bat moved successfully. C:\Documents and Settings\jennifer\Application Data\B5aS17a.js moved successfully. C:\Documents and Settings\jennifer\Application Data\WZNKQb.js moved successfully. C:\Documents and Settings\jennifer\Application Data\W8zmaLWujd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\IOzhAD.js moved successfully. C:\Documents and Settings\jennifer\Application Data\bHKpmQT1.js moved successfully. C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js moved successfully. C:\Documents and Settings\jennifer\Application Data\I5np9x.js moved successfully. C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js moved successfully. C:\Documents and Settings\jennifer\Application Data\7076.bat moved successfully. C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js moved successfully. C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js moved successfully. C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\IFJMllI.js moved successfully. C:\Documents and Settings\jennifer\Application Data\3712.bat moved successfully. C:\Documents and Settings\jennifer\Application Data\gA73H9.js moved successfully. C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js moved successfully. C:\Documents and Settings\jennifer\Application Data\iRNv1.js moved successfully. C:\Documents and Settings\jennifer\Application Data\boY58.js moved successfully. C:\Documents and Settings\jennifer\Application Data\bF1BS.js moved successfully. C:\Documents and Settings\jennifer\Application Data\9736.bat moved successfully. C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aiyqb.js moved successfully. C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js moved successfully. C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js moved successfully. C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js moved successfully. C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js moved successfully. C:\Documents and Settings\jennifer\Application Data\UVaTfT.js moved successfully. C:\Documents and Settings\jennifer\Application Data\OpVuQE.js moved successfully. C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js moved successfully. C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js moved successfully. C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js moved successfully. C:\Documents and Settings\jennifer\Application Data\CCA3G.js moved successfully. C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js moved successfully. C:\Documents and Settings\jennifer\Application Data\RrfVr.js moved successfully. C:\Documents and Settings\jennifer\Application Data\aZGEAC.js moved successfully. C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Administrator.HR_JENNIFERPC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: jennifer ->Temp folder emptied: 150719 bytes ->Temporary Internet Files folder emptied: 1269013 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3501050 bytes ->Flash cache emptied: 0 bytes User: jenniferold ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5.00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02182011_180500 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  9. hi, my user when out of office now, i'll run it when she is back. thank for your time.
  10. Hi, I'm still able to access to internet. Here's the report. Error: Unable to interpret <[2011/02/09 19:06:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js> in the current context! Error: Unable to interpret <[2011/02/09 18:33:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\I5np9x.js> in the current context! Error: Unable to interpret <[2011/02/09 18:15:23 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js> in the current context! Error: Unable to interpret <[2011/02/09 18:10:52 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\7076.bat> in the current context! Error: Unable to interpret <[2011/02/09 18:10:23 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js> in the current context! Error: Unable to interpret <[2011/02/09 17:54:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js> in the current context! Error: Unable to interpret <[2011/02/09 17:45:23 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js> in the current context! Error: Unable to interpret <[2011/02/09 17:21:25 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js> in the current context! Error: Unable to interpret <[2011/02/09 14:18:48 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IFJMllI.js> in the current context! Error: Unable to interpret <[2011/02/09 13:47:09 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\3712.bat> in the current context! Error: Unable to interpret <[2011/02/09 13:46:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\gA73H9.js> in the current context! Error: Unable to interpret <[2011/02/09 13:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js> in the current context! Error: Unable to interpret <[2011/02/09 13:07:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iRNv1.js> in the current context! Error: Unable to interpret <[2011/02/09 12:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\boY58.js> in the current context! Error: Unable to interpret <[2011/02/09 12:42:41 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bF1BS.js> in the current context! Error: Unable to interpret <[2011/02/09 12:13:11 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\9736.bat> in the current context! Error: Unable to interpret <[2011/02/09 12:12:41 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js> in the current context! Error: Unable to interpret <[2011/02/09 12:02:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aiyqb.js> in the current context! Error: Unable to interpret <[2011/02/09 10:05:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js> in the current context! Error: Unable to interpret <[2011/02/09 09:31:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js> in the current context! Error: Unable to interpret <[2011/02/09 08:59:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js> in the current context! Error: Unable to interpret <[2011/02/09 08:25:05 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js> in the current context! Error: Unable to interpret <[2011/02/09 07:53:05 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UVaTfT.js> in the current context! Error: Unable to interpret <[2011/02/09 07:48:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OpVuQE.js> in the current context! Error: Unable to interpret <[2011/02/09 07:28:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js> in the current context! Error: Unable to interpret <[2011/02/09 07:21:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js> in the current context! Error: Unable to interpret <[2011/02/08 19:09:42 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js> in the current context! Error: Unable to interpret <[2011/02/08 19:00:37 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\CCA3G.js> in the current context! Error: Unable to interpret <[2011/02/08 17:34:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js> in the current context! Error: Unable to interpret <[2011/02/08 17:04:57 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RrfVr.js> in the current context! Error: Unable to interpret <[2011/02/08 17:00:00 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aZGEAC.js> in the current context! Error: Unable to interpret <[2011/02/08 16:30:33 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 54846 bytes ->FireFox cache emptied: 32169421 bytes ->Flash cache emptied: 511 bytes User: Administrator.HR_JENNIFERPC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: jennifer ->Temp folder emptied: 236933 bytes ->Temporary Internet Files folder emptied: 1435118 bytes ->Java cache emptied: 42037 bytes ->FireFox cache emptied: 46685106 bytes ->Flash cache emptied: 994 bytes User: jenniferold ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 106938 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 273378063 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 340.00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02182011_083548 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  11. hi, sorry for the delay... here are the log file But it unable to install the Recovery Console after I click ok. ComboFix 11-02-16.01 - jennifer 02/17/2011 9:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.232 [GMT 8:00] Running from: c:\documents and settings\jennifer\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\13A.tmp C:\1C6.tmp c:\documents and settings\jennifer\Application Data\e1HoHbiVbx.exe c:\documents and settings\jennifer\Application Data\l8OIQOWX.exe c:\documents and settings\jennifer\Application Data\vDaoaPQ5.exe c:\documents and settings\jennifer\Start Menu\Programs\Startup\Startup.js . ((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 ))))))))))))))))))))))))))))))) . 2011-02-10 03:40 . 2011-02-10 03:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-02-10 03:40 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-10 03:40 . 2011-02-10 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-10 03:40 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-10 03:39 . 2006-06-19 04:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-02-10 03:39 . 2006-05-25 06:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-02-10 03:39 . 2005-08-25 16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\program files\Trojan Remover 2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software 2011-02-09 08:29 . 2011-02-09 08:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar 2011-02-09 08:28 . 2011-02-09 08:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-02-09 08:19 . 2011-02-09 08:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-02-09 06:21 . 2011-02-09 09:16 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2011-02-09 06:13 . 2011-02-09 09:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-02-09 06:13 . 2011-02-09 06:13 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-02-09 06:12 . 2011-02-09 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-02-09 01:59 . 2011-02-10 03:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-09 01:59 . 2011-02-10 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-02-08 07:34 . 2011-02-08 09:11 -------- d-----w- c:\documents and settings\jennifer 2011-02-08 07:26 . 2011-02-08 07:27 -------- d-----w- c:\documents and settings\Administrator.HR_JENNIFERPC 2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-07 53248] "VTTrayp"="VTtrayp.exe" [2005-03-11 147456] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-02-17 492840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\jennifer\Start Menu\Programs\Startup\ SkypeMate.lnk - c:\program files\SkypeMate\SkypeMate.exe [2005-11-7 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2010-9-24 131584] Paymaster for Windows Shortcut Bar.lnk - c:\hrmwin\TBJ01000.exe [2010-4-21 49152] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?] . . ------- Supplementary Scan ------- . Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - ProfilePath - c:\documents and settings\jennifer\Application Data\Mozilla\Firefox\Profiles\p5lqnxp4.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - Notify-avgrsstarter - avgrsstx.dll AddRemove-BW - c:\baan\UNINST\Setup.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-17 09:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2011-02-17 09:10:29 ComboFix-quarantined-files.txt 2011-02-17 01:10 Pre-Run: 19,671,425,024 bytes free Post-Run: 19,662,286,848 bytes free - - End Of File - - 8006877EC2FF0498B46F4CC9F3CAA9F9
  12. Hi Elise, due to the long reports and cause me unable to post up, so I'll zip up the 3 reports here and attach here. Thank you. hope to hear you soon. Reports.zip
  13. hi Elise, here are the OTL.txt OTL logfile created on: 2/14/2011 10:25:12 AM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\jennifer\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 479.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 14.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free Paging file location(s): C:\pagefile.sys 720 1440 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 18.02 Gb Free Space | 46.12% Space Free | Partition Type: NTFS Drive E: | 37.26 Gb Total Space | 37.17 Gb Free Space | 99.76% Space Free | Partition Type: NTFS Drive N: | 104.13 Gb Total Space | 102.88 Gb Free Space | 98.80% Space Free | Partition Type: NTFS Computer Name: HR_JENNIFERPC | User Name: jennifer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/14 10:24:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe PRC - [2011/02/14 06:29:34 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe PRC - [2011/02/14 06:29:34 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe PRC - [2010/11/25 14:02:02 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/11/25 14:01:58 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/10/20 18:33:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/09/21 13:29:49 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/06/22 12:46:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/06/22 12:46:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/06/22 12:46:26 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/06/22 12:46:25 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/11/07 15:22:54 | 000,225,280 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.exe PRC - [2005/06/20 21:42:20 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005/03/11 10:33:28 | 000,147,456 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe PRC - [2005/03/07 20:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe PRC - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ========== Modules (SafeList) ========== MOD - [2011/02/14 10:24:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/06/22 12:46:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe) SRV - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV - [2010/06/22 12:46:44 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/06/22 12:46:28 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/06/01 12:38:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/03/31 09:52:57 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2008/04/14 02:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2005/06/20 22:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1〈=en-sg IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF AA 76 1C 70 C7 CB 01 [binary data] IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/25 14:03:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/27 13:50:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/03 12:36:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 18:33:48 | 000,000,000 | ---D | M] [2011/02/10 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer\Application Data\Mozilla\Extensions [2011/02/10 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer\Application Data\Mozilla\Firefox\Profiles\p5lqnxp4.default\extensions [2011/02/08 08:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/03/30 07:29:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/07/28 07:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/25 14:03:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX [2010/10/27 13:50:21 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED [2009/02/24 15:51:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2008/10/04 20:24:00 | 003,695,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll O1 HOSTS File: ([2011/02/09 10:02:20 | 000,429,726 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14795 more lines... O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Paymaster for Windows Shortcut Bar.lnk = C:\HRMWIN\TBJ01000.exe (Asian Computer Services Pte Ltd) O4 - Startup: C:\Documents and Settings\jennifer\Start Menu\Programs\Startup\SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe () O4 - Startup: C:\Documents and Settings\jennifer\Start Menu\Programs\Startup\Startup.js () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145857178484 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.166.40 165.21.83.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kinergy.com.sg O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/08 16:10:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/14 10:24:14 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe [2011/02/13 13:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Help [2011/02/13 13:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Help [2011/02/11 15:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\AVG9 [2011/02/11 15:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Application Data\Brother [2011/02/11 09:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\sebas [2011/02/10 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Simply Super Software [2011/02/10 11:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Simply Super Software [2011/02/10 11:40:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/02/10 11:40:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/02/10 11:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/10 11:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover [2011/02/10 11:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2011/02/10 11:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software [2011/02/10 10:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\AVG Security Toolbar [2011/02/10 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Mozilla [2011/02/10 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Mozilla [2011/02/09 17:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\WinRAR [2011/02/09 14:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2011/02/09 14:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5 [2011/02/09 14:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2011/02/09 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Macromedia [2011/02/09 12:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Adobe [2011/02/09 09:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/02/09 09:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2011/02/08 17:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Malwarebytes [2011/02/08 17:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Adobe [2011/02/08 17:11:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\IECompatCache [2011/02/08 17:11:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\PrivacIE [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\WinRAR [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\SkypeMate [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\IRAS [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Citrix [2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Cirtrix 2000 [2011/02/08 16:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Advertisement [2011/02/08 16:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Annex C [2011/02/08 16:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Character Reference [2011/02/08 16:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Confirmation [2011/02/08 16:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Contract of Service [2011/02/08 16:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\CV K&S [2011/02/08 16:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Downloads [2011/02/08 16:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Demystify Supply Chain Mgt_files [2011/02/08 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Foreign Worker Address System_files [2011/02/08 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\event catering_files [2011/02/08 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\ESOS LETTERS 270410 [2011/02/08 15:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Good Quotations by Famous people_files [2011/02/08 15:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Go for Growth_files [2011/02/08 15:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Job Journal [2011/02/08 15:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\JV [2011/02/08 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\mail [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\NJStar Document [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder (2) [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder (15) [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder (14) [2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\My Skype Pictures [2011/02/08 15:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Offer Letter - Ex [2011/02/08 15:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Offer Letter - Nex [2011/02/08 15:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Offer Letter - Op [2011/02/08 15:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\photo [2011/02/08 15:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\SDL [2011/02/08 15:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\testimonial moo.doc_files [2011/02/08 15:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Stanford Global Supply Chain Forum_files [2011/02/08 15:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\The 7 Principles of...._files [2011/02/08 15:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\The Brave New World of Supply Chain Mgt_files [2011/02/08 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Title Page Primer on Performance Measurement_files [2011/02/08 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Title Page Benchmarking Report on Functional Process Improvement, A_files [2011/02/08 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\The Path to Supply Chain Leadership_files [2011/02/08 15:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Tong Hua - payslip [2011/02/08 15:46:04 | 001,120,119 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\Training objectives overview (2006).exe [2011/02/08 15:45:50 | 000,792,952 | ---- | C] (eFax.com) -- C:\Documents and Settings\jennifer\My Documents\Supply Chain Connection.exe [2011/02/08 15:45:18 | 000,987,136 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\SAFlashPlayer.exe [2011/02/08 15:43:50 | 042,668,537 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\kinhq2006070809.exe [2011/02/08 15:42:27 | 009,287,351 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\EB 200609.exe [2011/02/08 15:41:26 | 009,287,351 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200609.exe [2011/02/08 15:41:24 | 002,056,727 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200212.exe_ [2011/02/08 15:41:23 | 002,140,982 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200211.exe_ [2011/02/08 15:41:21 | 002,140,982 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200211.exe [2011/02/08 15:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Sun [2011/02/08 15:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\DATALIB-JEN060610 D [2011/02/08 15:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\HRMWIN b4 update sept 10 CPF [2011/02/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\Unused Desktop Shortcuts [2011/02/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\PROGLIB b4 update lv 101110 [2011/02/08 15:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Identities [2011/02/08 15:35:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\My Documents\My Pictures [2011/02/08 15:35:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\My Documents\My Music [2011/02/08 15:35:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\IETldCache [2011/02/08 15:34:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jennifer\Application Data\Microsoft [2011/02/08 15:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer\SendTo [2011/02/08 15:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer\Recent [2011/02/08 15:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer\Application Data [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Startup [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Start Menu [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\My Documents [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Favorites [2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Accessories [2011/02/08 15:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\Cookies [2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\Templates [2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\PrintHood [2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\NetHood [2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\Local Settings [2011/02/08 15:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Microsoft [2011/02/08 15:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop [1999/12/07 07:31:22 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\jennifer\My Documents\*.tmp files -> C:\Documents and Settings\jennifer\My Documents\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/02/14 10:26:25 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\jennifer\Desktop\RKUnhookerLE.EXE [2011/02/14 10:25:03 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QMgyCYm.js [2011/02/14 10:24:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe [2011/02/14 09:55:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\uaKqKJ8F.js [2011/02/14 09:41:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\l8ksxNVU.js [2011/02/14 09:28:01 | 071,143,366 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/02/14 09:27:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\uJmFU.js [2011/02/14 09:02:03 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\yMmIn1Ajmv.js [2011/02/14 08:46:14 | 000,227,840 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\k86WBD6.exe [2011/02/14 08:46:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nfj4YP0mkl.js [2011/02/14 08:34:01 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\eQ3Yk5jvIp.js [2011/02/14 08:25:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LQ9hut0.js [2011/02/14 07:58:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dqlpC.js [2011/02/14 07:44:01 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\L4jGlO0T.js [2011/02/14 07:13:02 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Fw8u5fLT.js [2011/02/14 06:39:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\kDn6KNEw.js [2011/02/14 06:32:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aVFPPdMf.js [2011/02/14 06:29:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/02/13 17:13:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vP17ox.js [2011/02/13 16:53:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MGsiyT.js [2011/02/13 16:46:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\rVtB7b6QX.js [2011/02/13 16:27:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MirBRaAu9.js [2011/02/13 15:56:09 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\sAmVWp1A.js [2011/02/13 15:31:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\oI9B2TjcGr.js [2011/02/13 15:20:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\wJdzydsu23.js [2011/02/13 15:09:09 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zVxzGBLQNS.js [2011/02/13 14:47:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\kFk03uckS.js [2011/02/13 14:21:10 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\DVzuv.js [2011/02/13 13:50:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cKxDJ.js [2011/02/13 13:33:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iLVIEvxl.js [2011/02/13 13:10:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Mlso9W.js [2011/02/13 12:57:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\XOz56gf.js [2011/02/13 12:45:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2011/02/13 12:25:10 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\SBLgBqy.js [2011/02/13 12:03:21 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QP9y6Fqar.js [2011/02/13 11:55:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\EYX5cTF.js [2011/02/13 11:54:10 | 000,013,686 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/02/11 17:33:47 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\NcYwzSxd.js [2011/02/11 17:14:47 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\L5vIXnffOp.js [2011/02/11 17:07:47 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aa8ZHgcc.js [2011/02/11 16:36:48 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\adjnhYF.js [2011/02/11 16:27:47 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AA6TO6hY.js [2011/02/11 15:57:50 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\TysQ1.js [2011/02/11 15:24:53 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\jhsQNUUwRt.js [2011/02/11 15:21:59 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\letter of certification to RI - Liu Ying 0211.doc [2011/02/11 15:00:41 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\LETTER OF CERTIfication Lim Say Kai 0211.doc [2011/02/11 14:55:59 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aN5wq0aF3.js [2011/02/11 14:39:59 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\SFRqsvPJyJ.js [2011/02/11 14:35:00 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\tYwjN.js [2011/02/11 14:29:01 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\n3U4zt.js [2011/02/11 14:15:15 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\oOnOO.js [2011/02/11 14:04:15 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\HIU0j.js [2011/02/11 13:47:15 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pWctj.js [2011/02/11 13:14:14 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hxNlC6HcXJ.js [2011/02/11 13:02:15 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vlNjgwjcd.js [2011/02/11 12:30:15 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pcGDKuvnCu.js [2011/02/11 12:18:16 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RhtyN9.js [2011/02/11 12:11:53 | 000,109,232 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\e1HoHbiVbx.exe [2011/02/11 12:11:20 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\fnt7rfd0h4.js [2011/02/11 11:53:14 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dX1paD0.js [2011/02/11 11:22:14 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ulxu2ny2.js [2011/02/11 11:13:56 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Recommendation for Peggy 0211.doc [2011/02/11 11:13:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\K5GWfWI9fT.js [2011/02/11 11:03:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\wGPcL.js [2011/02/11 10:47:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\PtoReJT.js [2011/02/11 10:34:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zBvobmeSPo.js [2011/02/11 10:26:15 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\jLySP7SHR.js [2011/02/11 10:14:14 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Qtx0YP.js [2011/02/11 10:01:17 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UA9ZkLQvne.js [2011/02/11 09:52:14 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\BOlIMZ.js [2011/02/11 09:35:44 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\jennifer\Desktop\dds.scr [2011/02/11 09:29:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\i7cyMmS.js [2011/02/11 09:16:15 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UZxCmPqec4.js [2011/02/11 08:59:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cci3v.js [2011/02/11 08:31:16 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RlDa1y.js [2011/02/11 07:58:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cTcFw.js [2011/02/11 07:31:26 | 000,079,114 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\l8OIQOWX.exe [2011/02/11 07:31:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pBLIsG.js [2011/02/11 06:58:19 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\m77TPKLWV2.js [2011/02/11 06:56:47 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/02/10 20:06:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/02/10 19:36:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hqsuQsTW.js [2011/02/10 19:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\rQBUs05k9C.js [2011/02/10 18:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\EkStXwp.js [2011/02/10 18:52:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\KWic67AxHc.js [2011/02/10 18:39:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vm1XI4LPOG.js [2011/02/10 18:05:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\NoAb98.js [2011/02/10 17:52:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ja4hI.js [2011/02/10 17:20:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\edzEK.js [2011/02/10 17:11:40 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RfonCJDcd.js [2011/02/10 16:47:40 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MluLQ.js [2011/02/10 16:25:55 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal 0111.xls [2011/02/10 16:25:23 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal0111.xls [2011/02/10 16:15:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\f8YzxuYu.js [2011/02/10 16:09:40 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\FBsx44qm.js [2011/02/10 15:59:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zHBeQc.js [2011/02/10 15:45:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\WfPiBn.js [2011/02/10 15:22:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\XU7tMC.js [2011/02/10 14:48:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ylgYS.js [2011/02/10 14:22:41 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AlYXgNF.js [2011/02/10 13:51:40 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\yJfThAo9.js [2011/02/10 13:30:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\PlVN0.js [2011/02/10 13:20:49 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O5XIESTZb.js [2011/02/10 12:58:28 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IPtdk4W9o.js [2011/02/10 12:37:36 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hPx0uxSIvw.js [2011/02/10 12:32:00 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OJjhh.js [2011/02/10 12:21:32 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\VrIGCyknF.js [2011/02/10 12:11:31 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\TYi6EvxH.js [2011/02/10 12:05:30 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r9jAojDg.js [2011/02/10 11:43:28 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\F1p1F.js [2011/02/10 11:40:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/10 11:39:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk [2011/02/10 11:09:27 | 000,087,328 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vDaoaPQ5.exe [2011/02/10 11:09:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\YT8Afga.js [2011/02/10 10:47:04 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Yg9mFx.js [2011/02/10 10:31:05 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\eetXq.js [2011/02/10 10:16:04 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dklthdf.js [2011/02/10 09:48:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\YmT2mcD.js [2011/02/10 09:29:06 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\VP14IaQaZ.js [2011/02/10 09:15:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\W6QRwZ71V.js [2011/02/10 09:04:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Is8MIUz.js [2011/02/10 08:43:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pgFbrOf1a.js [2011/02/10 08:20:27 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\8781.bat [2011/02/10 08:20:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\B5aS17a.js [2011/02/10 07:55:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\WZNKQb.js [2011/02/10 07:46:07 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\W8zmaLWujd.js [2011/02/10 07:15:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IOzhAD.js [2011/02/09 19:33:23 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bHKpmQT1.js [2011/02/09 19:06:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js [2011/02/09 18:33:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\I5np9x.js [2011/02/09 18:15:23 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js [2011/02/09 18:10:52 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\7076.bat [2011/02/09 18:10:23 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js [2011/02/09 17:54:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js [2011/02/09 17:45:23 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js [2011/02/09 17:26:46 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011/02/09 17:21:25 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js [2011/02/09 14:18:48 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IFJMllI.js [2011/02/09 13:47:09 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\3712.bat [2011/02/09 13:46:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\gA73H9.js [2011/02/09 13:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js [2011/02/09 13:07:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iRNv1.js [2011/02/09 12:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\boY58.js [2011/02/09 12:42:41 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bF1BS.js [2011/02/09 12:13:11 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\9736.bat [2011/02/09 12:12:41 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js [2011/02/09 12:02:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aiyqb.js [2011/02/09 10:05:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js [2011/02/09 10:02:20 | 000,429,726 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/02/09 09:31:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js [2011/02/09 08:59:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js [2011/02/09 08:25:05 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js [2011/02/09 07:53:05 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UVaTfT.js [2011/02/09 07:48:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OpVuQE.js [2011/02/09 07:28:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js [2011/02/09 07:21:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js [2011/02/08 19:09:42 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js [2011/02/08 19:00:37 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\CCA3G.js [2011/02/08 17:34:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js [2011/02/08 17:04:57 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RrfVr.js [2011/02/08 17:00:00 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aZGEAC.js [2011/02/08 16:30:33 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js [2011/02/08 16:02:53 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk [2011/02/08 16:02:29 | 000,000,886 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2011/02/08 15:35:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/02/08 15:35:20 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/02/08 15:21:07 | 000,036,316 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\dll [2011/02/08 15:20:47 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\jennifer\Start Menu\Programs\Startup\Startup.js [2011/02/08 15:20:24 | 000,041,984 | ---- | M] () -- C:\WINDOWS\System32\document.doc [2011/01/28 15:16:41 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\MOM LETTER EXTENSION DP ALDRIN 0111.doc [2011/01/28 12:21:17 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\AIA GHS LISTING 311210w.xls [2011/01/27 18:09:42 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Tax-CAR BENEFITS-2011 w.xls [2011/01/27 15:42:49 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\cpf 05, 06 to 10 schedule.xls [2011/01/27 12:29:27 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\MOM LETTER RENEW PP SPass 0111.doc [2011/01/26 20:33:05 | 000,039,988 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\CS Workshop Report 2011.pdf [2011/01/26 17:53:05 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\cpf 05, 06 & 07 schedule.xls [2011/01/26 14:56:40 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\DD Salary Cost Jan - Dec 2010.xls [2011/01/26 14:54:48 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\DD Salary Cost Jan - Dec 2010w.xls [2011/01/26 09:58:46 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\CNY 2011 CHART FOR TE.xls [2011/01/26 09:38:10 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\KHQ Sec KNT 2011.xls [2011/01/26 08:38:47 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\CNY 2011 SCHEDULE FOR TE.xls [2011/01/25 18:14:18 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\LABELS.xls [2011/01/25 14:30:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Letter of resignation 0111 wxs.doc [2011/01/25 08:40:05 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Certificate of resignation 0111 WXushan.doc [2011/01/25 08:35:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\testimonial wangxushan 0111.doc [2011/01/24 14:09:22 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\hdb Shirley poh 240111.doc [2011/01/20 12:06:44 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Dr leave for yr 2010.xls [2011/01/20 09:51:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Text Snr Design Engineer 200111.doc [2011/01/20 09:47:34 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Ad Text 200111.doc [2011/01/19 17:04:37 | 000,234,523 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\IPA Gu Lin.pdf [2011/01/19 16:53:37 | 000,007,121 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\IPA Gu Lin.mht [2011/01/19 16:48:35 | 000,065,942 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\SB Ack Gu Lin.pdf [2011/01/19 16:20:27 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\BONUS 10 4 OTHER STAFF.xls [2011/01/19 11:52:22 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Bonus1210 wo sal.xls [2011/01/19 11:07:38 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Bonus1211 wo salary.xls [2011/01/19 11:05:04 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal0111 wo bonus.xls [2011/01/19 10:42:25 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal0111A.xls [2011/01/18 21:59:11 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\JV Others for Dec 10 pg 2.xls [2011/01/18 21:44:08 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Reconciliation Dec 10.xls [2011/01/18 17:13:00 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Bonus1210.xls [2011/01/18 16:21:18 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Career Pg 180111.doc [2011/01/18 15:07:56 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Career page 0111.doc [2011/01/18 08:34:02 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\VC Salary Jan - Dec 2010.xls [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\jennifer\My Documents\*.tmp files -> C:\Documents and Settings\jennifer\My Documents\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ==========
  14. Hi, thank for your reply. now i'll download and run the OLT and post the txt file. thx again.
  15. I only post 1 of the system DDS. After this cure, I'll need your help again in another system. Thank you.
  16. Hi, I'm having a problem with the virus above inside my 2 systems. The virus keep coming back after I scan with AVG n Malwarebytes anti-virus. May i know how to cure it? Thank you. Regards, Sebastian Here are the DDS txt: DDS (Ver_10-12-12.02) - NTFSx86 Run by jennifer at 9:35:57.35 on Fri 02/11/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.150 [GMT 8:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\tbh\monitor\bin\tbhMonitor.exe c:\Program Files\tbh\base\bin\tbhDaemon.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\tbh\base\bin\tbhSystray.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SkypeMate\SkypeMate.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\jennifer\Desktop\dds.scr C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe ============== Pseudo HJT Report =============== mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\jennifer\startm~1\programs\startup\skypem~1.lnk - c:\program files\skypemate\SkypeMate.exe StartupFolder: c:\documents and settings\jennifer\start menu\programs\startup\Startup.js StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paymas~1.lnk - c:\hrmwin\TBJ01000.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145857178484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jennifer\applic~1\mozilla\firefox\profiles\p5lqnxp4.default\ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-7-14 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-14 216400] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-14 29584] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-14 243024] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136] R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448] =============== Created Last 30 ================ ==================== Find3M ==================== 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll ============= FINISH: 9:37:47.48 =============== Please let me know if i need to upload the Attach.txt.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.