FIrefox Pop-up Virus ..... can't seem to get rid of.

[Maurice Naggar]

This topic was started by you on March 12. My initial response was on March 17. Let me express my frustration in your not following up daily on this issue. Going forward, you must respond much more promptly. as in right away.

Is this pc your system or is it owned by someone else?

Run a new OTL & HijackThis log using the "account-login" at issue. But all fixes need to be done using account with administrator rights.

[picghaw]

This topic was started by you on March 12. My initial response was on March 17. Let me express my frustration in your not following up daily on this issue. Going forward, you must respond much more promptly. as in right away.

Is this pc your system or is it owned by someone else?

Run a new OTL & HijackThis log using the "account-login" at issue. But all fixes need to be done using account with administrator rights.

I do want to first say that I appreciate your help, Thank you very much. This is my desktop but I have a sibling living with me that uses it more than I do as I have an old laptop that I use ...... during the little time that I spend on a computer due to my work schedule. I believe I gave you feedback in a timely manner that my schedule could allow except for the last post and I just explained that in the previous post ..... I believed everything was fine until I noticed otherwise last week or so. Again, I don't mean to frustrate you so I can attempt to at least drop in and let you know when I'll be available. Here are the logs for OTL and Hijack on the non-admin account. I will be unavailable for most of the today until about 8 pm, so I will address anything else you ask of me then. I have the same schedule tomorrow.

################## OTL ####################

OTL logfile created on: 5/30/2010 2:09:32 PM - Run 3

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\All Users\Documents

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 50.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.84 Gb Total Space | 22.24 Gb Free Space | 39.84% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SOULSISTAH

Current User Name: Limited

NOT logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 360 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/22 10:44:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.com

PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010/02/18 12:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2007/08/22 09:45:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/03/23 13:14:52 | 000,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe

PRC - [2007/03/06 19:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

PRC - [2007/03/02 16:56:52 | 000,077,824 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

PRC - [2007/01/29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2005/02/05 22:40:35 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2002/08/14 19:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe

PRC - [2002/04/10 16:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

PRC - [2002/02/15 11:31:42 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/05/22 10:44:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.com

MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2004/08/04 01:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx

========== Win32 Services (SafeList) ==========

========== Driver Services (SafeList) ==========

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.no_proxies_on: "http://localhost"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/22 10:28:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/22 05:41:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2006/08/15 21:18:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/05/22 05:41:53 | 000,000,000 | ---D | M]

[2009/04/01 02:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\Mozilla\Extensions

[2010/05/27 17:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\Mozilla\Firefox\Profiles\lwjwc26y.default\extensions

[2009/09/02 09:05:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Limited\Application Data\Mozilla\Firefox\Profiles\lwjwc26y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/29 12:37:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2010/05/04 14:31:04 | 000,607,013 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 ads.active.com

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 127.0.0.1 cms.ad2click.nl

O1 - Hosts: 127.0.0.1 ads.ad2games.com

O1 - Hosts: 127.0.0.1 content.ad20.net

O1 - Hosts: 16040 more lines...

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518040942.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)

O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [heguhidew] c:\DOCUME~1\ALLUSE~1\APPLIC~1\sajuyaya\sajuyaya.DLL File not found

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE (Ulead Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\Limited\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} http://download.mcafee.com/molbin/Shared/MGBrwFld.cab (BrowseFolderPopup Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} https://ehelp.nelnet.net/netagent/objects/custappx3.CAB (eAssist NetAgent Customer ActiveX Control version 3)

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen)

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab (McAfee.com Download+Installer Class)

O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d.../WebCleaner.cab (Malicious Software Removal Tool)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (McAfee.com Operating System Class)

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust.com/Support/PestScanner/pestscan.cab (PSFormX Control)

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab (McUpdatePortalFactory Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1129601807465 (MUWebControl Class)

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab (ZoneAxRcMgr Class)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab (MSN Games - Installer)

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://www.windowsecurity.com/trojanscan/axscan.cab (ASquaredScanForm Element)

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (DwnldGroupMgr Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab (McFreeScan Class)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O16 - DPF: ppctlcab http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Limited\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Limited\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{52664c08-1db1-11dc-afd0-0007e9d3ac51}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2010/05/30 13:54:10 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.com

[2010/05/26 08:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Application Data\Kodak

[2010/05/24 02:48:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Limited\PrivacIE

[2010/05/23 14:55:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Limited\IETldCache

[2010/05/23 07:24:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010/05/23 07:20:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2010/05/23 07:17:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/04/18 06:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Local Settings\Application Data\Apple Computer

[2010/04/18 06:11:42 | 097,525,032 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\All Users\Documents\iTunesSetup.exe

[2010/04/14 02:48:37 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys

[2010/04/14 02:48:16 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys

[2010/04/14 02:48:16 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys

[2010/04/14 02:48:16 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys

[2010/04/14 02:48:16 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys

[2010/04/14 02:48:16 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys

[2010/04/14 02:48:16 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys

[2010/03/29 12:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Desktop\Unused Desktop Shortcuts

[2010/03/22 07:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro

[2010/03/20 13:07:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/03/20 11:39:07 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/03/20 11:37:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/03/20 11:37:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/03/20 11:37:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/03/20 11:37:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/03/20 11:37:21 | 000,000,000 | ---D | C] -- C:\ComboFix

[2010/03/20 11:14:13 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/03/20 10:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\My Documents\Downloads

[2010/03/19 14:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2010/03/19 12:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/03/19 09:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW

[2010/03/19 09:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK

[2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR

[2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE

[2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR

[2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL

[2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO

[2010/03/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR

[2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT

[2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL

[2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR

[2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI

[2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES

[2010/03/19 09:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR

[2010/03/19 09:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE

[2010/03/19 09:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK

[2010/03/19 09:46:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA

[2010/03/12 02:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/03/12 02:10:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/03/12 02:10:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/03/12 02:10:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/03/12 02:10:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/03/09 01:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real

[2010/03/07 16:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/03/07 16:14:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/02/26 06:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Local Settings\Application Data\Temp

[2010/01/28 16:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView

[2010/01/28 15:59:04 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Documents and Settings\All Users\Documents\iview425_setup.exe

[2009/12/23 16:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\My Documents\My PaperPort Documents

[2009/12/23 16:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Application Data\ScanSoft

[2009/12/20 04:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\.gnome2_private

[2009/12/20 04:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\.gnome2

[2009/12/12 16:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Application Data\PC-FAX TX

[2009/10/23 12:37:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Limited\Application Data\Brother

[2009/10/15 22:23:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU

[2009/10/15 22:14:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU

[2009/10/15 22:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2009/10/14 19:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Local Settings\Application Data\Scansoft

[2009/10/14 10:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reallusion

[2009/10/14 10:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Reallusion

[2009/10/14 09:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx

[2009/10/14 09:39:41 | 000,054,784 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll

[2009/10/14 09:39:23 | 000,094,208 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll

[2009/10/14 09:39:23 | 000,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll

[2009/10/14 09:39:23 | 000,012,288 | R--- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll

[2009/10/14 09:39:20 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll

[2009/10/14 09:39:09 | 000,037,376 | ---- | C] (Brother Industries,Ltd) -- C:\WINDOWS\System32\Brnsplg.dll

[2009/10/14 09:39:09 | 000,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\BrWiaNCp.dll

[2009/10/14 09:39:08 | 000,061,952 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrNetSti.dll

[2009/10/14 09:39:07 | 001,520,640 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07a.dll

[2009/10/14 09:39:03 | 000,000,000 | ---D | C] -- C:\Brother

[2009/10/14 09:39:01 | 000,126,976 | ---- | C] (Brother Industries,LTD) -- C:\WINDOWS\System32\BrfxD05a.dll

[2009/10/14 09:39:00 | 000,163,840 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll

[2009/10/14 09:39:00 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll

[2009/10/14 09:39:00 | 000,061,440 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll

[2009/10/14 09:38:59 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll

[2009/10/14 09:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Brother

[2009/10/14 09:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance

[2009/10/14 09:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2009/10/14 09:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared

[2009/10/14 09:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/10/14 09:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft

[2009/10/14 09:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother

[2009/10/02 23:17:14 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2009/09/25 10:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Local Settings\Application Data\Adobe

[2009/09/25 09:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/08/30 03:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\BodyMedia

[2009/08/30 03:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2009/08/17 23:33:52 | 001,193,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\FM20.DLL

[2009/08/08 22:17:48 | 000,000,000 | ---D | C] -- C:\38b81e8a2079401ded

[2009/08/08 21:24:33 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Limited\Desktop\ATF-Cleaner.exe

[2009/08/08 20:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limited\Application Data\Malwarebytes

[2009/08/08 15:32:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/08 15:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/08/08 15:32:45 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/08/08 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/08/08 14:46:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/08/06 13:15:39 | 000,000,000 | ---D | C] -- C:\$AVG8.VAULT$

[2009/08/05 23:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2009/08/05 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2009/08/05 23:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8

[2009/08/05 22:42:11 | 000,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/08/05 22:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/08/05 22:20:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

[2009/08/04 09:07:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2009/08/03 15:07:42 | 000,322,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\OGAAddin.dll

[2009/07/15 11:13:00 | 000,202,048 | ---- | C] (FTDI Ltd) -- C:\WINDOWS\System32\ftd2xx.dll

[2009/07/15 11:13:00 | 000,111,936 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftbusui.dll

[2009/07/15 11:13:00 | 000,107,840 | ---- | C] (FTDI) -- C:\WINDOWS\System32\FTLang.dll

[2009/07/15 11:13:00 | 000,071,488 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys

[2009/07/15 11:13:00 | 000,053,184 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys

[2009/07/15 11:13:00 | 000,047,432 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftserui2.dll

[2009/07/15 11:10:30 | 001,721,024 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmusbgowear4.dll

[2009/07/15 11:10:30 | 000,123,584 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmserialgowear25.dll

[2009/07/15 11:10:30 | 000,119,488 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmserialgowear24.dll

[2009/07/15 11:10:30 | 000,094,912 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmupgradegowear25.dll

[2009/07/15 11:10:30 | 000,094,912 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmupgradegowear24.dll

[2009/07/15 11:10:30 | 000,094,912 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmfirmwaregowear4.dll

[2009/07/15 11:10:30 | 000,078,528 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmcommgowear4.dll

[2009/07/10 17:15:22 | 000,086,720 | ---- | C] (BodyMedia, Inc.) -- C:\WINDOWS\bmversiongowear.dll

[2009/07/05 14:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LeighPeele

[2003/02/13 16:43:21 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[1 C:\Documents and Settings\Limited\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Limited\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2010/05/30 14:10:07 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Limited\NTUSER.DAT

[2010/05/30 13:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/05/30 12:16:19 | 000,134,630 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\screenshot_library.JPG

[2010/05/30 09:58:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Limited\NTUSER.INI

[2010/05/30 09:52:55 | 000,015,849 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pop-up_1.JPG

[2010/05/30 01:55:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/05/29 20:48:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/29 15:22:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/29 12:33:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010/05/29 12:33:11 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/05/29 10:14:25 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk

[2010/05/29 10:14:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/29 10:14:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/05/29 10:14:02 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/26 22:41:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/23 22:03:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/22 16:37:10 | 000,105,800 | ---- | M] () -- C:\Documents and Settings\Limited\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/05/22 10:44:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.com

[2010/05/22 09:10:36 | 000,403,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/22 05:35:46 | 000,000,531 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2010/05/21 16:35:41 | 000,000,944 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini

[2010/05/20 11:14:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brdfxspd.dat

[2010/05/19 17:56:56 | 000,018,485 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\click.php

[2010/05/17 08:03:33 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Limited\Local Settings\Application Data\d3d9caps.dat

[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010/05/04 14:31:04 | 000,607,013 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS

[2010/05/03 12:56:25 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Limited\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys

[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys

[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys

[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys

[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys

[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys

[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys

[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys

[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys

[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys

[2010/04/18 06:12:38 | 097,525,032 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Documents\iTunesSetup.exe

[2010/03/21 16:03:31 | 001,644,436 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\SMR-manual.pdf

[2010/03/20 11:53:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/03/20 11:39:23 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI

[2010/03/17 15:03:13 | 000,483,160 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2010/03/17 15:03:12 | 000,086,608 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2010/03/17 15:03:09 | 000,580,614 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2010/03/12 09:25:35 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010/03/10 08:19:43 | 000,027,797 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pop-up.JPG

[2010/03/10 01:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll

[2010/03/09 01:43:39 | 000,004,654 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI

[2010/03/07 06:00:16 | 000,006,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\sugahono

[2010/03/06 03:47:11 | 000,078,137 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rogue_site.JPG

[2010/03/05 09:12:02 | 000,195,740 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\QuickStart-TurnUpTheHeat.pdf

[2010/02/28 00:44:57 | 000,287,496 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\limited_bookmarks_022710.html

[2010/02/28 00:44:33 | 000,190,131 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\bookmarks-2010-02-27.json

[2010/02/26 01:12:16 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\danim.dll

[2010/02/25 06:01:00 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll

[2010/02/25 01:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll

[2010/02/25 01:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2010/02/25 01:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2010/02/25 01:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll

[2010/02/25 01:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2010/02/25 01:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2010/02/25 01:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2010/02/24 04:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe

[2010/02/16 08:19:55 | 002,181,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe

[2010/02/16 07:39:04 | 002,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe

[2010/02/11 07:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys

[2010/02/07 07:56:24 | 000,180,479 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\bookmarks-2010-02-07.json

[2010/02/07 07:56:01 | 000,274,405 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\limited_bookmarks_020710.html

[2010/01/30 09:47:33 | 000,029,621 | ---- | M] () -- C:\Documents and Settings\Limited\My Documents\IMG_2326.jpg

[2010/01/29 09:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm

[2010/01/29 09:43:39 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax

[2010/01/28 16:17:09 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk

[2010/01/28 16:17:08 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk

[2010/01/28 15:59:09 | 001,359,360 | ---- | M] (Irfan Skiljan) -- C:\Documents and Settings\All Users\Documents\iview425_setup.exe

[2010/01/28 14:20:52 | 001,134,037 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\PSSD600IXUS60CUGba-EN.pdf

[2010/01/28 14:20:39 | 002,725,137 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\PSSD600IXUS60CUGad-EN.pdf

[2010/01/12 16:34:07 | 000,448,040 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\CouponActivator.exe

[2010/01/09 14:21:38 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2010/01/09 14:21:38 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/07 17:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/23 17:08:54 | 006,497,675 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\UM_MFC_465cn_EN_1269.pdf

[2009/12/17 18:14:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/12/17 18:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/12/17 18:14:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/12/17 18:14:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/12/17 16:02:47 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/12/16 07:58:04 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe

[2009/12/14 02:35:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll

[2009/12/12 16:39:39 | 000,000,030 | ---- | M] () -- C:\WINDOWS\iedit.INI

[2009/12/12 16:03:35 | 000,000,180 | ---- | M] () -- C:\WINDOWS\brpcfx.ini

[2009/12/12 03:46:55 | 169,235,610 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ubuntu-9.10-desktop-i386.iso

[2009/12/09 00:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll

[2009/11/27 12:33:35 | 001,291,264 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll

[2009/11/27 11:37:27 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll

[2009/11/25 23:06:42 | 002,004,262 | ---- | M] () -- C:\WINDOWS\iis6.BAK

[2009/10/25 06:11:34 | 000,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2009/10/21 01:00:55 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll

[2009/10/21 01:00:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll

[2009/10/15 23:51:48 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll

[2009/10/15 12:21:47 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll

[2009/10/14 09:42:06 | 000,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2009/10/14 09:42:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI

[2009/10/14 09:41:23 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini

[2009/10/14 09:41:22 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf07a.dat

[2009/10/13 05:53:29 | 000,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll

[2009/10/12 08:54:17 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll

[2009/10/12 08:54:17 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll

[2009/09/24 11:12:59 | 004,470,187 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\did-you-hear.pdf

[2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys

[2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys

[2009/09/12 09:26:23 | 000,171,391 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\7day_mealplan.pdf

[2009/09/01 01:08:05 | 005,158,982 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\flts.zip

[2009/08/30 02:55:44 | 015,984,024 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\jre-6u7-windows-i586-p-s.exe

[2009/08/26 03:16:37 | 000,247,326 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmdll.dll

[2009/08/17 23:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\FM20.DLL

[2009/08/17 04:01:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2009/08/14 07:19:41 | 001,850,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys

[2009/08/08 21:24:52 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Limited\Desktop\ATF-Cleaner.exe

[2009/08/08 15:32:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/08 13:37:42 | 000,022,729 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\crap_3.JPG

[2009/08/08 13:36:54 | 000,036,833 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\crap_2.JPG

[2009/08/06 19:24:18 | 000,327,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll

[2009/08/06 19:24:18 | 000,021,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui

[2009/08/06 19:24:12 | 000,015,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui

[2009/08/06 19:24:10 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll

[2009/08/06 19:24:10 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll

[2009/08/06 19:24:06 | 000,015,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2009/08/06 19:24:04 | 000,096,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll

[2009/08/06 19:24:00 | 000,017,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui

[2009/08/06 19:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll

[2009/08/06 19:23:46 | 000,274,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2009/08/06 19:23:46 | 000,016,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2009/08/05 04:11:47 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | M] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,322,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\OGAAddin.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | M] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2009/08/01 13:46:42 | 000,179,471 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\bookmarks_html_08-01-09.html

[2009/08/01 13:45:01 | 000,117,836 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\Bookmarks 2009-08-01.json

[2009/07/17 11:27:47 | 001,435,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\query.dll

[2009/07/15 11:13:00 | 000,202,048 | ---- | M] (FTDI Ltd) -- C:\WINDOWS\System32\ftd2xx.dll

[2009/07/15 11:13:00 | 000,111,936 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\ftbusui.dll

[2009/07/15 11:13:00 | 000,107,840 | ---- | M] (FTDI) -- C:\WINDOWS\System32\FTLang.dll

[2009/07/15 11:13:00 | 000,071,488 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys

[2009/07/15 11:13:00 | 000,053,184 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys

[2009/07/15 11:13:00 | 000,047,432 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\ftserui2.dll

[2009/07/15 11:10:30 | 001,721,024 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmusbgowear4.dll

[2009/07/15 11:10:30 | 000,123,584 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmserialgowear25.dll

[2009/07/15 11:10:30 | 000,119,488 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmserialgowear24.dll

[2009/07/15 11:10:30 | 000,094,912 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmupgradegowear25.dll

[2009/07/15 11:10:30 | 000,094,912 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmupgradegowear24.dll

[2009/07/15 11:10:30 | 000,094,912 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmfirmwaregowear4.dll

[2009/07/15 11:10:30 | 000,078,528 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmcommgowear4.dll

[2009/07/10 17:15:22 | 000,086,720 | ---- | M] (BodyMedia, Inc.) -- C:\WINDOWS\bmversiongowear.dll

[2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/06/28 08:38:54 | 000,823,782 | ---- | M] () -- C:\Documents and Settings\Limited\Desktop\marine_aqua.bmp

[2009/06/27 11:28:55 | 000,005,359 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mom June 09 India Network Health Plan Application Confirmation.htm

[2009/06/27 11:28:36 | 000,004,161 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mom's_insform1_htm.htm

[2009/06/25 13:36:08 | 000,661,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqqm.dll

[2009/06/25 13:36:08 | 000,517,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsnap.dll

[2009/06/25 13:36:08 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqutil.dll

[2009/06/25 13:36:08 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqoa.dll

[2009/06/25 13:36:08 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqtrig.dll

[2009/06/25 13:36:08 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqrt.dll

[2009/06/25 13:36:08 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqad.dll

[2009/06/25 13:36:08 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqrtdep.dll

[2009/06/25 13:36:08 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsec.dll

[2009/06/25 13:36:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqupgrd.dll

[2009/06/25 13:36:08 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqdscli.dll

[2009/06/25 13:36:08 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqise.dll

[2009/06/25 03:44:41 | 000,724,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll

[2009/06/22 06:49:23 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqbkup.exe

[2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys

[2009/06/12 06:50:54 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe

[2009/06/12 06:50:53 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe

[1 C:\Documents and Settings\Limited\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Limited\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/30 12:16:19 | 000,134,630 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\screenshot_library.JPG

[2010/05/30 09:52:55 | 000,015,849 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pop-up_1.JPG

[2010/05/29 10:14:02 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys

[2010/05/22 08:22:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/19 17:56:39 | 000,018,485 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\click.php

[2010/04/16 12:23:26 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk

[2010/03/21 16:03:31 | 001,644,436 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SMR-manual.pdf

[2010/03/20 11:39:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/03/20 11:39:17 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/03/20 11:37:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/03/20 11:37:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/03/20 11:37:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/03/20 11:37:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/03/20 11:37:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/03/13 15:03:35 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Limited\Local Settings\Application Data\d3d9caps.dat

[2010/03/10 08:19:43 | 000,027,797 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pop-up.JPG

[2010/03/06 03:47:11 | 000,078,137 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rogue_site.JPG

[2010/03/05 09:12:02 | 000,195,740 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\QuickStart-TurnUpTheHeat.pdf

[2010/02/28 00:44:57 | 000,287,496 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\limited_bookmarks_022710.html

[2010/02/28 00:44:33 | 000,190,131 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\bookmarks-2010-02-27.json

[2010/02/23 15:32:57 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/02/23 15:32:52 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/02/07 07:56:23 | 000,180,479 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\bookmarks-2010-02-07.json

[2010/02/07 07:56:01 | 000,274,405 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\limited_bookmarks_020710.html

[2010/01/30 09:47:33 | 000,029,621 | ---- | C] () -- C:\Documents and Settings\Limited\My Documents\IMG_2326.jpg

[2010/01/28 16:16:01 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk

[2010/01/28 16:16:00 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk

[2010/01/28 14:20:52 | 001,134,037 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\PSSD600IXUS60CUGba-EN.pdf

[2010/01/28 14:20:35 | 002,725,137 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\PSSD600IXUS60CUGad-EN.pdf

[2010/01/12 16:34:02 | 000,448,040 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\CouponActivator.exe

[2010/01/09 14:21:38 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2010/01/09 14:21:38 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2009/12/23 17:08:53 | 006,497,675 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\UM_MFC_465cn_EN_1269.pdf

[2009/12/12 02:46:47 | 169,235,610 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ubuntu-9.10-desktop-i386.iso

[2009/10/14 09:42:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2009/10/14 09:42:06 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2009/10/14 09:41:22 | 000,000,944 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2009/10/14 09:41:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2009/10/14 09:41:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat

[2009/10/14 09:39:03 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.BMP

[2009/10/14 09:39:03 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini

[2009/10/14 09:39:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat

[2009/10/14 09:39:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2009/10/14 09:28:07 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2009/09/24 11:12:54 | 004,470,187 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\did-you-hear.pdf

[2009/09/12 09:26:22 | 000,171,391 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\7day_mealplan.pdf

[2009/09/01 01:06:55 | 005,158,982 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\flts.zip

[2009/08/30 02:54:45 | 015,984,024 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\jre-6u7-windows-i586-p-s.exe

[2009/08/08 15:32:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/08 13:44:13 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Limited\NTUSER.DAT

[2009/08/08 13:37:42 | 000,022,729 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\crap_3.JPG

[2009/08/08 13:36:54 | 000,036,833 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\crap_2.JPG

[2009/08/05 22:42:25 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2009/08/01 13:46:42 | 000,179,471 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\bookmarks_html_08-01-09.html

[2009/08/01 13:45:01 | 000,117,836 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\Bookmarks 2009-08-01.json

[2009/06/28 08:38:53 | 000,823,782 | ---- | C] () -- C:\Documents and Settings\Limited\Desktop\marine_aqua.bmp

[2009/06/27 11:28:55 | 000,005,359 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mom June 09 India Network Health Plan Application Confirmation.htm

[2009/06/27 11:28:36 | 000,004,161 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mom's_insform1_htm.htm

[2008/07/04 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini

[2008/07/04 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini

[2007/09/15 17:00:01 | 000,001,486 | ---- | C] () -- C:\WINDOWS\NETG.INI

[2007/08/12 14:28:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/05/13 18:15:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI

[2007/02/06 16:02:00 | 000,123,939 | ---- | C] () -- C:\WINDOWS\System32\drivers\kqemu.sys

[2006/01/02 16:18:43 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI

[2005/12/01 01:48:27 | 000,004,654 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI

[2004/01/27 17:30:22 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/01/27 17:29:59 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll

[2003/06/07 21:51:37 | 000,000,536 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2003/05/28 12:15:07 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ctavp4.dll

[2003/03/11 23:54:49 | 000,017,493 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2003/02/13 16:57:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/02/13 16:46:47 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2003/02/13 16:46:45 | 000,000,793 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2003/02/13 16:43:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2003/02/13 16:43:21 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll

[2003/02/13 16:43:21 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini

[2003/02/13 16:43:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2003/02/13 16:43:20 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI

[2003/02/13 16:43:20 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI

[2003/02/13 16:43:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini

[2003/02/13 16:42:38 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2003/02/13 16:38:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/02/13 16:17:18 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll

[2002/01/21 16:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

========== LOP Check ==========

[2003/02/13 16:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2007/05/13 18:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA

[2008/11/21 01:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

[2009/08/05 23:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2007/09/30 14:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2004/06/26 01:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm

[2005/03/20 03:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2009/10/14 09:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2004/12/11 11:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/01/08 12:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/08/05 22:20:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

[2007/12/06 00:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\InfraRecorder

[2007/03/06 06:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\Learn2.com

[2009/06/27 11:19:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Limited\Application Data\lowsec

[2009/12/12 16:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\PC-FAX TX

[2009/12/23 16:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\ScanSoft

[2007/01/31 01:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Limited\Application Data\Viewpoint

[2010/05/26 22:41:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/05/30 01:55:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2010/05/29 12:33:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

################## OTL END##################

################## HIJACK ##################

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 3:33:39 PM, on 5/30/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\TrendMicro\HiJackThis\BRAVO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518040942.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [heguhidew] Rundll32.exe "c:\DOCUME~1\ALLUSE~1\APPLIC~1\sajuyaya\sajuyaya.dll",a

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://ehelp.nelnet.net/netagent/objects/custappx3.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129601807465

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--

End of file - 12279 bytes

[Maurice Naggar]

Advise your sibling to not play online games on the web (if they do that) until this case is done, which should be soon.

I do not want this pc exposed online while we are cleaning/removing.

The system acquired what looks like a Vundo infection in between the times that you had been not checking the forum.

I can sympathize if you have a heavy work schedule.

But if you want to protect your pc investment, you must check in with this forum on a daily regular basis.

• Double-click OTL.exe to start it.
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :processes
  heguhidew
  :OTL
  O4 - HKCU..\Run: [heguhidew] c:\DOCUME~1\ALLUSE~1\APPLIC~1\sajuyaya\sajuyaya.DLL
  :files
  C:\Documents and Settings\All Users\Application Data\sajuyaya\sajuyaya.DLL
  C:\Documents and Settings\All Users\Application Data\sajuyaya
  C:\recycler
  D:\recycler
  e:\recycler
  f:\recycler
  g:\recycler
  h:\recycler
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "heguhidew"=-
  :Commands
  [purity]
  [emptytemp]
  [CREATERESTOREPOINT]
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[picghaw]

## LOGS ##########

All processes killed

========== PROCESSES ==========

No active process named heguhidew was found!

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\heguhidew deleted successfully.

File c:\DOCUME~1\ALLUSE~1\APPLIC~1\sajuyaya\sajuyaya.DLL not found.

========== FILES ==========

File\Folder C:\Documents and Settings\All Users\Application Data\sajuyaya\sajuyaya.DLL not found.

File\Folder C:\Documents and Settings\All Users\Application Data\sajuyaya not found.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

C:\RECYCLER\S-1-5-21-1143873491-3534893803-2643926262-1009 folder moved successfully.

Folder move failed. C:\RECYCLER\S-1-5-21-1143873491-3534893803-2643926262-1005 scheduled to be moved on reboot.

Folder move failed. C:\RECYCLER scheduled to be moved on reboot.

File\Folder D:\recycler not found.

File\Folder e:\recycler not found.

File\Folder f:\recycler not found.

File\Folder g:\recycler not found.

File\Folder h:\recycler not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\heguhidew not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Limited

->Temp folder emptied: 14291339 bytes

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

->Temporary Internet Files folder emptied: 213788 bytes

->Java cache emptied: 1523987 bytes

->FireFox cache emptied: 89182583 bytes

->Flash cache emptied: 66085 bytes

User: LocalService

User: NetworkService

User: soulsis

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.

Windows Temp folder emptied: 432160 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 101.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05302010_213823

[Maurice Naggar]

The issue with the DLL should be gone now. Right?

I belive we should be about done with this case.

De-install HijackThis that you have. There's a newer version.

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder and double-click Hijackthis.exe to start it.

Do a "Scan and Save log".

Reply with Copy of the latest HijackThis log.

[picghaw]

Yes, I just did a restart of the computer and the DLL pop-up is gone now.

as a FYI .... When I run this on the non-admin account I get this pop-up (see after logs), just thought I mention it. I don't think its an issue.

########################

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:17:30 AM, on 6/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Limited\Desktop\HiJackThis.exe

C:\WINDOWS\SYSTEM32\mspaint.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518040942.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://ehelp.nelnet.net/netagent/objects/custappx3.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129601807465

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--

End of file - 12481 bytes

############################

[Maurice Naggar]

As an FYI and a general note, you should login with an account that has administrator rights while doing any of this work.

So do not login with a non-admin account.

The system has McAfee. And needs cleaning out of leftover traces of Norton-Symantec.

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

Step 2

Download, and Save, and then run the Norton/Symantec Removal Tool

Download from here http://service1.symantec.com/Support/tsgen...005033108162039

Logoff and restart the system fresh when done.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

You had an old Combofix.exe on your Desktop from several months ago. Delete it !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on Combo-Fix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Combofix.txt

[picghaw]

Hey,

I've been on vacation since Thursday morning and I just got back......forgot to post that on b4 I left. I'll try to work on this tonight b4 I got to bed.

[picghaw]

Step 1 : Done. I re-check the scan logs and those 6 deleted items were gone.

Step 2 : Done.

Step 3 : I'm unable to access my McAfee to turn it off at the moment as my subscription via Comcast has expired. Apparently Norton is the new Anti-virus that I will be using now ..... which sort-of made Step 2 unnecessary, but oh well I'll work on that either later tonight or tomorrow night.

[picghaw]

FYI ........... mew virus program is Norton, McAfee was uninstalled before I ran ComboFix.

###################### LOGS ######################

ComboFix 10-06-06.03 - soulsis 06/07/2010 1:34.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.397 [GMT -5:00]

Running from: c:\documents and settings\soulsis\Desktop\Combo-Fix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Vb40032.dll

.

((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))

.

2010-06-07 03:47 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-06-07 03:47 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2010-06-07 03:47 . 2010-06-07 03:47 -------- d-----w- c:\windows\LastGood

2010-06-07 03:47 . 2010-06-07 03:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-06-07 03:47 . 2010-06-07 03:47 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-06-07 03:46 . 2010-06-07 05:51 -------- d-----w- c:\windows\system32\drivers\N360

2010-06-07 03:45 . 2010-06-07 03:46 -------- d-----w- c:\program files\Norton Security Suite

2010-06-07 03:45 . 2010-06-07 03:45 -------- d-----w- c:\program files\Windows Sidebar

2010-06-07 03:33 . 2010-06-07 03:33 -------- d-----w- c:\program files\NortonInstaller

2010-06-07 03:33 . 2010-06-07 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-06-07 03:30 . 2010-06-07 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-06-07 02:58 . 2010-06-07 02:57 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-29 07:44 . 2010-05-29 07:44 -------- d-----w- c:\documents and settings\soulsis\DoctorWeb

2010-05-28 04:31 . 2010-05-28 04:31 -------- d-sh--w- c:\documents and settings\soulsis\PrivacIE

2010-05-28 04:04 . 2010-05-28 04:04 -------- d-sh--w- c:\documents and settings\soulsis\IETldCache

2010-05-26 13:35 . 2010-05-26 13:35 -------- d-----w- c:\documents and settings\Limited\Application Data\Kodak

2010-05-24 07:48 . 2010-05-24 07:48 -------- d-sh--w- c:\documents and settings\Limited\PrivacIE

2010-05-23 19:55 . 2010-05-23 19:55 -------- d-sh--w- c:\documents and settings\Limited\IETldCache

2010-05-23 19:42 . 2010-05-23 19:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-05-23 12:24 . 2010-05-24 03:03 -------- d-----w- c:\windows\ie8updates

2010-05-23 12:17 . 2010-05-23 12:21 -------- dc-h--w- c:\windows\ie8

2010-05-23 12:14 . 2010-02-25 06:24 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-05-23 12:14 . 2010-02-25 06:24 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-05-23 12:14 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-05-23 12:14 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-05-23 12:14 . 2010-02-25 06:24 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-05-23 12:14 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-05-22 13:22 . 2010-05-29 20:22 664 ----a-w- c:\windows\system32\d3d9caps.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-07 03:53 . 2003-08-30 02:00 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-06-07 03:47 . 2003-08-30 01:59 -------- d-----w- c:\program files\Symantec

2010-06-07 03:47 . 2010-06-07 03:47 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-06-07 03:47 . 2010-06-07 03:47 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-06-07 03:25 . 2008-06-08 18:20 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-07 02:57 . 2007-10-03 06:08 -------- d-----w- c:\program files\Java

2010-06-07 01:57 . 2010-04-22 03:37 439816 ----a-w- c:\documents and settings\soulsis\Application Data\Real\Update\setup3.10\setup.exe

2010-05-30 23:03 . 2010-05-23 02:03 664 ----a-w- c:\documents and settings\Limited\Local Settings\Application Data\d3d9caps.tmp

2010-05-23 02:03 . 2010-05-23 02:03 503808 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20b80f55-n\msvcp71.dll

2010-05-23 02:03 . 2010-05-23 02:03 499712 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20b80f55-n\jmc.dll

2010-05-23 02:03 . 2010-05-23 02:03 348160 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20b80f55-n\msvcr71.dll

2010-05-23 02:03 . 2010-05-23 02:03 61440 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba4bca1-n\decora-sse.dll

2010-05-23 02:03 . 2010-05-23 02:03 12800 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba4bca1-n\decora-d3d.dll

2010-05-22 21:37 . 2006-01-03 22:20 105800 -c--a-w- c:\documents and settings\Limited\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-22 15:48 . 2008-07-05 06:36 -------- d-----w- c:\documents and settings\soulsis\Application Data\gtk-2.0

2010-05-22 10:45 . 2007-01-30 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-05-22 10:29 . 2010-05-22 10:29 348160 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-29fa67f4-n\msvcr71.dll

2010-05-22 10:29 . 2010-05-22 10:29 61440 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-107985a4-n\decora-sse.dll

2010-05-22 10:29 . 2010-05-22 10:29 503808 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-29fa67f4-n\msvcp71.dll

2010-05-22 10:29 . 2010-05-22 10:29 499712 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-29fa67f4-n\jmc.dll

2010-05-22 10:29 . 2010-05-22 10:29 12800 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-107985a4-n\decora-d3d.dll

2010-05-20 16:14 . 2009-10-14 14:39 0 -c--a-w- c:\windows\brdfxspd.dat

2010-05-17 13:03 . 2010-03-13 20:03 664 ----a-w- c:\documents and settings\Limited\Local Settings\Application Data\d3d9caps.dat

2010-05-12 16:21 . 2009-10-03 04:17 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-03-12 08:18 . 2010-03-12 08:18 348160 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d0e6296-n\msvcr71.dll

2010-03-12 08:18 . 2010-03-12 08:18 503808 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d0e6296-n\msvcp71.dll

2010-03-12 08:18 . 2010-03-12 08:18 61440 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59d4f46c-n\decora-sse.dll

2010-03-12 08:18 . 2010-03-12 08:18 499712 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d0e6296-n\jmc.dll

2010-03-12 08:18 . 2010-03-12 08:18 12800 ----a-w- c:\documents and settings\Limited\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59d4f46c-n\decora-d3d.dll

2010-03-12 07:10 . 2010-03-12 07:10 61440 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-67842eb8-n\decora-sse.dll

2010-03-12 07:10 . 2010-03-12 07:10 503808 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b9961f5-n\msvcp71.dll

2010-03-12 07:10 . 2010-03-12 07:10 499712 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b9961f5-n\jmc.dll

2010-03-12 07:10 . 2010-03-12 07:10 348160 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b9961f5-n\msvcr71.dll

2010-03-12 07:10 . 2010-03-12 07:10 12800 ----a-w- c:\documents and settings\soulsis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-67842eb8-n\decora-d3d.dll

2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2003-11-28 05:33 . 2003-11-28 05:33 267472 -c--a-w- c:\program files\NSSetup.exe

2003-08-23 04:28 . 2003-08-23 04:28 5327648 -c--a-w- c:\program files\WindowsXP-KB821557-x86-ENU.exe

2003-08-13 18:25 . 2003-08-13 18:25 1291040 ----a-w- c:\program files\WindowsXP-KB823980-x86-ENU.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]

"nwiz"="nwiz.exe" [2003-10-06 741376]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-12-11 98304]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-06 180269]

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-05-20 53248]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2006-10-04 53760]

c:\documents and settings\soulsis\Start Menu\Programs\Startup\

Supreme Office Suite 3.0.lnk - c:\program files\Supreme Office Suite3.0\program\quickstart.exe [2002-7-4 24576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Album Fast Start.lnk - c:\program files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE [2005-12-1 36864]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-13 45056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\gnucash\\bin\\gnucash-bin.exe"=

"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [8/5/2009 10:42 PM 64160]

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symds.sys [6/7/2010 12:51 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symefa.sys [6/7/2010 12:51 AM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [6/6/2010 11:50 PM 537136]

R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\cchpx86.sys [6/7/2010 12:51 AM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\ironx86.sys [6/7/2010 12:51 AM 116784]

R2 kqemu;kqemu driver;c:\windows\SYSTEM32\DRIVERS\kqemu.sys [2/6/2007 4:02 PM 123939]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [6/7/2010 12:51 AM 126392]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [5/28/2010 2:33 PM 331640]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2010 3:32 PM 135664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BHDRVX86

*NewlyCreated* - CCHP

*NewlyCreated* - EECTRL

*NewlyCreated* - ERASERUTILDRV11010

*NewlyCreated* - IDSXPX86

*NewlyCreated* - N360

*NewlyCreated* - NAVENG

*NewlyCreated* - NAVEX15

*NewlyCreated* - SRTSP

*NewlyCreated* - SRTSPX

*NewlyCreated* - SYMDS

*NewlyCreated* - SYMEFA

*NewlyCreated* - SYMEVENT

*NewlyCreated* - SYMIRON

*Deregistered* - EraserUtilDrv11010

.

Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 04:41]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 20:32]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 20:32]

2010-06-07 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-06-07 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 03:18]

.

.

------- Supplementary Scan -------

.

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\soulsis\Application Data\Mozilla\Firefox\Profiles\vu693bl9.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-DelayShred - c:\program files\mcafee.com\shredder\SHRED32.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-07 01:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

.

Completion time: 2010-06-07 01:53:46

ComboFix-quarantined-files.txt 2010-06-07 06:53

ComboFix2.txt 2010-03-20 16:58

Pre-Run: 23,667,814,400 bytes free

Post-Run: 23,633,829,888 bytes free

- - End Of File - - DB91EA36D5408F724F48A9F88725CAF8

###################### END OF LOGS ######################

[Maurice Naggar]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Windows 7/XP/Vista/2000/2003/2008 Offline and save it to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u20-windows-i586-s.exe to install the newest version.
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

If you want to also un-check the "Check for updates automatically" you may:

Click the Update tab. un-check the line if it is checked.

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 20 from Sun Microsystems Inc.

Step 2

New HijackThis run

Star Hijackthis.

Do a "Scan and Save log".

Reply with copy of the new HijackThis log

[picghaw]

Java Stuff is Done.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:27:55 AM, on 6/10/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\soulsis\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\SOULSIS\\APPLICATION DATA\\Mozilla\\Profiles\\default\\34yscgug.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\soulsis\\Desktop");

user_pref("browser.history.grouping", "none");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html");

user_pref("browser.startup.homepage_override.mston

N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\SOULSIS\\APPLICATION DATA\\Mozilla\\Profiles\\default\\34yscgug.slt");

user_pref("browser.download.dir", "C:\\Documents and Settings\\soulsis\\Desktop");

user_pref("browser.history.grouping", "none");

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html");

user_pref("browser.startup.homepage_override.mston

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Supreme Office Suite 3.0.lnk = C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe

O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://ehelp.nelnet.net/netagent/objects/custappx3.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} - http://download.mcafee.com/molbin/shared/m...56/mcinsctl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8...pdatePortal.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105193306109

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129601807465

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...524/mcfscan.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--

End of file - 12790 bytes

[Maurice Naggar]

You are good to go after the following steps below.

After that, make it your top priority to get and apply XP Service Pack 3 from Windows Updates.

This system is on XP Service Pack 2:

Microsoft support for Windows XP with Service Pack 2 (SP2) will end on July 13, 2010. Your system will not be getting automatic updates after that point. You must get & install Service Pack 3. And in your case, you will need to de-install Internet Explorer 8 first, after that get service pack 3.

See Windows XP Service Pack 3 (SP3): Installation Guide

also Windows Xp Service Pack 3 (sp3) Information

http://www.bleepingcomputer.com/forums/topic146857.html

Hard disk space requirements for Windows XP Service Pack 3

http://support.microsoft.com/kb/947311/

The following few steps will remove tools we used; followed by advice on staying safer.

Cleanups

Go to Control Panel and Add-or-Remove programs.

De-install ESET Online if found

Look for it and click the line for it. Select Change/Remove to de-install it.

De-install HijackThis

OK & Exit out of Control Panel

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combo-fix ), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Click Start, then click Run.
  In the command box that opens, type or copy/paste
  combo-fix /uninstall
  and then click OK.
  

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

• Delete RootRepeal if still present
  
• Delete DrWeb Cure-It if still present
  
• Run Disk Cleanup with the System Restore Cleanup as outlined here by Bert Kinney, MS MVP
  http://bertk.mvps.org/html/diskclean.html
  Safer practices
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in WinXP:
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  Kaspersky Webscan Online Virus Scanner
  ESET Online Scanner
  Panda ActiveScan
  Trend Micro Housecall
  F-Secure Online Scanner
  
• Read Tony Klein's article How Did I Get Infected In The First Place
  
• MS Online Safety & Privacy Education
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.