trojan horse generic20.CLEL and trojan horse Agent2. CBRB

[one piece]

Hi,

I'm having a problem with the virus above inside my 2 systems. The virus keep coming back after I scan with AVG n Malwarebytes anti-virus.

May i know how to cure it? Thank you.

Regards,

Sebastian

Here are the DDS txt:

DDS (Ver_10-12-12.02) - NTFSx86

Run by jennifer at 9:35:57.35 on Fri 02/11/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.150 [GMT 8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

c:\Program Files\tbh\base\bin\tbhDaemon.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\tbh\base\bin\tbhSystray.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SkypeMate\SkypeMate.exe

C:\WINDOWS\System32\WScript.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\jennifer\Desktop\dds.scr

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [VTTimer] VTTimer.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\jennifer\startm~1\programs\startup\skypem~1.lnk - c:\program files\skypemate\SkypeMate.exe

StartupFolder: c:\documents and settings\jennifer\start menu\programs\startup\Startup.js

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paymas~1.lnk - c:\hrmwin\TBJ01000.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145857178484

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jennifer\applic~1\mozilla\firefox\profiles\p5lqnxp4.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox

FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-7-14 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-14 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-14 29584]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-14 243024]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]

R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]

=============== Created Last 30 ================

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 9:37:47.48 ===============

Please let me know if i need to upload the Attach.txt.

[one piece]

I only post 1 of the system DDS. After this cure, I'll need your help again in another system. Thank you.

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the Quick Scan button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

Please Download Rootkit Unhooker Save it to your desktop.

• Now double-click on RKUnhookerLE.exe to run it.
  
• Click the Report tab, then click Scan.
  
• Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  
• Wait till the scanner has finished and then click File, Save Report.
  
• Save the report somewhere where you can find it. Click Close.
  

Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
  
• A new OTL log (don't forget extra.txt)
  
• RKU log
  

Thanks and again sorry for the delay.

[one piece]

Hi, thank for your reply. now i'll download and run the OLT and post the txt file. thx again.

[one piece]

hi Elise,

here are the OTL.txt

OTL logfile created on: 2/14/2011 10:25:12 AM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\jennifer\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 14.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.06 Gb Total Space | 18.02 Gb Free Space | 46.12% Space Free | Partition Type: NTFS

Drive E: | 37.26 Gb Total Space | 37.17 Gb Free Space | 99.76% Space Free | Partition Type: NTFS

Drive N: | 104.13 Gb Total Space | 102.88 Gb Free Space | 98.80% Space Free | Partition Type: NTFS

Computer Name: HR_JENNIFERPC | User Name: jennifer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/14 10:24:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe

PRC - [2011/02/14 06:29:34 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe

PRC - [2011/02/14 06:29:34 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe

PRC - [2010/11/25 14:02:02 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/11/25 14:01:58 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/10/20 18:33:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/09/21 13:29:49 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/06/22 12:46:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/06/22 12:46:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/06/22 12:46:26 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/06/22 12:46:25 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe

PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/11/07 15:22:54 | 000,225,280 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.exe

PRC - [2005/06/20 21:42:20 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2005/03/11 10:33:28 | 000,147,456 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe

PRC - [2005/03/07 20:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

PRC - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (SafeList) ==========

MOD - [2011/02/14 10:24:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe

MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/06/22 12:46:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)

SRV - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - [2010/06/22 12:46:44 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/06/22 12:46:28 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/06/01 12:38:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/03/31 09:52:57 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)

DRV - [2008/04/14 02:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2005/06/20 22:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1〈=en-sg

IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF AA 76 1C 70 C7 CB 01 [binary data]

IE - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872

FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/25 14:03:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/27 13:50:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/03 12:36:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 18:33:48 | 000,000,000 | ---D | M]

[2011/02/10 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer\Application Data\Mozilla\Extensions

[2011/02/10 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer\Application Data\Mozilla\Firefox\Profiles\p5lqnxp4.default\extensions

[2011/02/08 08:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/03/30 07:29:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/07/28 07:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/25 14:03:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX

[2010/10/27 13:50:21 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED

[2009/02/24 15:51:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2008/10/04 20:24:00 | 003,695,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2011/02/09 10:02:20 | 000,429,726 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14795 more lines...

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)

O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Paymaster for Windows Shortcut Bar.lnk = C:\HRMWIN\TBJ01000.exe (Asian Computer Services Pte Ltd)

O4 - Startup: C:\Documents and Settings\jennifer\Start Menu\Programs\Startup\SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe ()

O4 - Startup: C:\Documents and Settings\jennifer\Start Menu\Programs\Startup\Startup.js ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1640572376-1934977806-1788637320-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145857178484 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.166.40 165.21.83.88

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kinergy.com.sg

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/04/08 16:10:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/14 10:24:14 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe

[2011/02/13 13:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Help

[2011/02/13 13:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Help

[2011/02/11 15:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\AVG9

[2011/02/11 15:26:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Application Data\Brother

[2011/02/11 09:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\sebas

[2011/02/10 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Simply Super Software

[2011/02/10 11:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Simply Super Software

[2011/02/10 11:40:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/02/10 11:40:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/02/10 11:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/02/10 11:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover

[2011/02/10 11:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover

[2011/02/10 11:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2011/02/10 10:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\AVG Security Toolbar

[2011/02/10 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Mozilla

[2011/02/10 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Mozilla

[2011/02/09 17:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\WinRAR

[2011/02/09 14:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer

[2011/02/09 14:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2011/02/09 14:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2011/02/09 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Macromedia

[2011/02/09 12:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Adobe

[2011/02/09 09:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/02/09 09:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2011/02/08 17:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Malwarebytes

[2011/02/08 17:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Adobe

[2011/02/08 17:11:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\IECompatCache

[2011/02/08 17:11:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\PrivacIE

[2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\WinRAR

[2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\SkypeMate

[2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\IRAS

[2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Citrix

[2011/02/08 16:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Cirtrix 2000

[2011/02/08 16:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Advertisement

[2011/02/08 16:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Annex C

[2011/02/08 16:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Character Reference

[2011/02/08 16:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Confirmation

[2011/02/08 16:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Contract of Service

[2011/02/08 16:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\CV K&S

[2011/02/08 16:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Downloads

[2011/02/08 16:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Demystify Supply Chain Mgt_files

[2011/02/08 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Foreign Worker Address System_files

[2011/02/08 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\event catering_files

[2011/02/08 15:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\ESOS LETTERS 270410

[2011/02/08 15:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Good Quotations by Famous people_files

[2011/02/08 15:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Go for Growth_files

[2011/02/08 15:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Job Journal

[2011/02/08 15:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\JV

[2011/02/08 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\mail

[2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\NJStar Document

[2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder

[2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder (2)

[2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder (15)

[2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\New Folder (14)

[2011/02/08 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\My Skype Pictures

[2011/02/08 15:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Offer Letter - Ex

[2011/02/08 15:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Offer Letter - Nex

[2011/02/08 15:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Offer Letter - Op

[2011/02/08 15:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\photo

[2011/02/08 15:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\SDL

[2011/02/08 15:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\testimonial moo.doc_files

[2011/02/08 15:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Stanford Global Supply Chain Forum_files

[2011/02/08 15:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\The 7 Principles of...._files

[2011/02/08 15:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\The Brave New World of Supply Chain Mgt_files

[2011/02/08 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Title Page Primer on Performance Measurement_files

[2011/02/08 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Title Page Benchmarking Report on Functional Process Improvement, A_files

[2011/02/08 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\The Path to Supply Chain Leadership_files

[2011/02/08 15:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\My Documents\Tong Hua - payslip

[2011/02/08 15:46:04 | 001,120,119 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\Training objectives overview (2006).exe

[2011/02/08 15:45:50 | 000,792,952 | ---- | C] (eFax.com) -- C:\Documents and Settings\jennifer\My Documents\Supply Chain Connection.exe

[2011/02/08 15:45:18 | 000,987,136 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\SAFlashPlayer.exe

[2011/02/08 15:43:50 | 042,668,537 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\kinhq2006070809.exe

[2011/02/08 15:42:27 | 009,287,351 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\EB 200609.exe

[2011/02/08 15:41:26 | 009,287,351 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200609.exe

[2011/02/08 15:41:24 | 002,056,727 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200212.exe_

[2011/02/08 15:41:23 | 002,140,982 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200211.exe_

[2011/02/08 15:41:21 | 002,140,982 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\jennifer\My Documents\200211.exe

[2011/02/08 15:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Sun

[2011/02/08 15:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\DATALIB-JEN060610 D

[2011/02/08 15:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\HRMWIN b4 update sept 10 CPF

[2011/02/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\Unused Desktop Shortcuts

[2011/02/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop\PROGLIB b4 update lv 101110

[2011/02/08 15:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Application Data\Identities

[2011/02/08 15:35:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\My Documents\My Pictures

[2011/02/08 15:35:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\My Documents\My Music

[2011/02/08 15:35:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\IETldCache

[2011/02/08 15:34:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jennifer\Application Data\Microsoft

[2011/02/08 15:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer\SendTo

[2011/02/08 15:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer\Recent

[2011/02/08 15:34:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer\Application Data

[2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Startup

[2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Start Menu

[2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\My Documents

[2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Favorites

[2011/02/08 15:34:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennifer\Start Menu\Programs\Accessories

[2011/02/08 15:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennifer\Cookies

[2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\Templates

[2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\PrintHood

[2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\NetHood

[2011/02/08 15:34:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennifer\Local Settings

[2011/02/08 15:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Local Settings\Application Data\Microsoft

[2011/02/08 15:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer\Desktop

[1999/12/07 07:31:22 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\jennifer\My Documents\*.tmp files -> C:\Documents and Settings\jennifer\My Documents\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/14 10:26:25 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\jennifer\Desktop\RKUnhookerLE.EXE

[2011/02/14 10:25:03 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QMgyCYm.js

[2011/02/14 10:24:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer\Desktop\OTL.exe

[2011/02/14 09:55:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\uaKqKJ8F.js

[2011/02/14 09:41:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\l8ksxNVU.js

[2011/02/14 09:28:01 | 071,143,366 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2011/02/14 09:27:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\uJmFU.js

[2011/02/14 09:02:03 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\yMmIn1Ajmv.js

[2011/02/14 08:46:14 | 000,227,840 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\k86WBD6.exe

[2011/02/14 08:46:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nfj4YP0mkl.js

[2011/02/14 08:34:01 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\eQ3Yk5jvIp.js

[2011/02/14 08:25:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LQ9hut0.js

[2011/02/14 07:58:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dqlpC.js

[2011/02/14 07:44:01 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\L4jGlO0T.js

[2011/02/14 07:13:02 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Fw8u5fLT.js

[2011/02/14 06:39:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\kDn6KNEw.js

[2011/02/14 06:32:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aVFPPdMf.js

[2011/02/14 06:29:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/02/13 17:13:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vP17ox.js

[2011/02/13 16:53:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MGsiyT.js

[2011/02/13 16:46:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\rVtB7b6QX.js

[2011/02/13 16:27:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MirBRaAu9.js

[2011/02/13 15:56:09 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\sAmVWp1A.js

[2011/02/13 15:31:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\oI9B2TjcGr.js

[2011/02/13 15:20:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\wJdzydsu23.js

[2011/02/13 15:09:09 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zVxzGBLQNS.js

[2011/02/13 14:47:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\kFk03uckS.js

[2011/02/13 14:21:10 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\DVzuv.js

[2011/02/13 13:50:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cKxDJ.js

[2011/02/13 13:33:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iLVIEvxl.js

[2011/02/13 13:10:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Mlso9W.js

[2011/02/13 12:57:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\XOz56gf.js

[2011/02/13 12:45:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2011/02/13 12:25:10 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\SBLgBqy.js

[2011/02/13 12:03:21 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QP9y6Fqar.js

[2011/02/13 11:55:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\EYX5cTF.js

[2011/02/13 11:54:10 | 000,013,686 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/02/11 17:33:47 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\NcYwzSxd.js

[2011/02/11 17:14:47 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\L5vIXnffOp.js

[2011/02/11 17:07:47 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aa8ZHgcc.js

[2011/02/11 16:36:48 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\adjnhYF.js

[2011/02/11 16:27:47 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AA6TO6hY.js

[2011/02/11 15:57:50 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\TysQ1.js

[2011/02/11 15:24:53 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\jhsQNUUwRt.js

[2011/02/11 15:21:59 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\letter of certification to RI - Liu Ying 0211.doc

[2011/02/11 15:00:41 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\LETTER OF CERTIfication Lim Say Kai 0211.doc

[2011/02/11 14:55:59 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aN5wq0aF3.js

[2011/02/11 14:39:59 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\SFRqsvPJyJ.js

[2011/02/11 14:35:00 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\tYwjN.js

[2011/02/11 14:29:01 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\n3U4zt.js

[2011/02/11 14:15:15 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\oOnOO.js

[2011/02/11 14:04:15 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\HIU0j.js

[2011/02/11 13:47:15 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pWctj.js

[2011/02/11 13:14:14 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hxNlC6HcXJ.js

[2011/02/11 13:02:15 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vlNjgwjcd.js

[2011/02/11 12:30:15 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pcGDKuvnCu.js

[2011/02/11 12:18:16 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RhtyN9.js

[2011/02/11 12:11:53 | 000,109,232 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\e1HoHbiVbx.exe

[2011/02/11 12:11:20 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\fnt7rfd0h4.js

[2011/02/11 11:53:14 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dX1paD0.js

[2011/02/11 11:22:14 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ulxu2ny2.js

[2011/02/11 11:13:56 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Recommendation for Peggy 0211.doc

[2011/02/11 11:13:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\K5GWfWI9fT.js

[2011/02/11 11:03:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\wGPcL.js

[2011/02/11 10:47:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\PtoReJT.js

[2011/02/11 10:34:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zBvobmeSPo.js

[2011/02/11 10:26:15 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\jLySP7SHR.js

[2011/02/11 10:14:14 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Qtx0YP.js

[2011/02/11 10:01:17 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UA9ZkLQvne.js

[2011/02/11 09:52:14 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\BOlIMZ.js

[2011/02/11 09:35:44 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\jennifer\Desktop\dds.scr

[2011/02/11 09:29:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\i7cyMmS.js

[2011/02/11 09:16:15 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UZxCmPqec4.js

[2011/02/11 08:59:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cci3v.js

[2011/02/11 08:31:16 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RlDa1y.js

[2011/02/11 07:58:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cTcFw.js

[2011/02/11 07:31:26 | 000,079,114 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\l8OIQOWX.exe

[2011/02/11 07:31:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pBLIsG.js

[2011/02/11 06:58:19 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\m77TPKLWV2.js

[2011/02/11 06:56:47 | 000,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/02/10 20:06:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/02/10 19:36:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hqsuQsTW.js

[2011/02/10 19:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\rQBUs05k9C.js

[2011/02/10 18:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\EkStXwp.js

[2011/02/10 18:52:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\KWic67AxHc.js

[2011/02/10 18:39:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vm1XI4LPOG.js

[2011/02/10 18:05:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\NoAb98.js

[2011/02/10 17:52:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ja4hI.js

[2011/02/10 17:20:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\edzEK.js

[2011/02/10 17:11:40 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RfonCJDcd.js

[2011/02/10 16:47:40 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MluLQ.js

[2011/02/10 16:25:55 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal 0111.xls

[2011/02/10 16:25:23 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal0111.xls

[2011/02/10 16:15:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\f8YzxuYu.js

[2011/02/10 16:09:40 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\FBsx44qm.js

[2011/02/10 15:59:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zHBeQc.js

[2011/02/10 15:45:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\WfPiBn.js

[2011/02/10 15:22:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\XU7tMC.js

[2011/02/10 14:48:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ylgYS.js

[2011/02/10 14:22:41 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AlYXgNF.js

[2011/02/10 13:51:40 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\yJfThAo9.js

[2011/02/10 13:30:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\PlVN0.js

[2011/02/10 13:20:49 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O5XIESTZb.js

[2011/02/10 12:58:28 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IPtdk4W9o.js

[2011/02/10 12:37:36 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hPx0uxSIvw.js

[2011/02/10 12:32:00 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OJjhh.js

[2011/02/10 12:21:32 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\VrIGCyknF.js

[2011/02/10 12:11:31 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\TYi6EvxH.js

[2011/02/10 12:05:30 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r9jAojDg.js

[2011/02/10 11:43:28 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\F1p1F.js

[2011/02/10 11:40:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/02/10 11:39:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk

[2011/02/10 11:09:27 | 000,087,328 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vDaoaPQ5.exe

[2011/02/10 11:09:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\YT8Afga.js

[2011/02/10 10:47:04 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Yg9mFx.js

[2011/02/10 10:31:05 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\eetXq.js

[2011/02/10 10:16:04 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dklthdf.js

[2011/02/10 09:48:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\YmT2mcD.js

[2011/02/10 09:29:06 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\VP14IaQaZ.js

[2011/02/10 09:15:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\W6QRwZ71V.js

[2011/02/10 09:04:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Is8MIUz.js

[2011/02/10 08:43:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pgFbrOf1a.js

[2011/02/10 08:20:27 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\8781.bat

[2011/02/10 08:20:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\B5aS17a.js

[2011/02/10 07:55:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\WZNKQb.js

[2011/02/10 07:46:07 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\W8zmaLWujd.js

[2011/02/10 07:15:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IOzhAD.js

[2011/02/09 19:33:23 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bHKpmQT1.js

[2011/02/09 19:06:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js

[2011/02/09 18:33:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\I5np9x.js

[2011/02/09 18:15:23 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js

[2011/02/09 18:10:52 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\7076.bat

[2011/02/09 18:10:23 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js

[2011/02/09 17:54:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js

[2011/02/09 17:45:23 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js

[2011/02/09 17:26:46 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011/02/09 17:21:25 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js

[2011/02/09 14:18:48 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IFJMllI.js

[2011/02/09 13:47:09 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\3712.bat

[2011/02/09 13:46:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\gA73H9.js

[2011/02/09 13:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js

[2011/02/09 13:07:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iRNv1.js

[2011/02/09 12:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\boY58.js

[2011/02/09 12:42:41 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bF1BS.js

[2011/02/09 12:13:11 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\9736.bat

[2011/02/09 12:12:41 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js

[2011/02/09 12:02:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aiyqb.js

[2011/02/09 10:05:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js

[2011/02/09 10:02:20 | 000,429,726 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/02/09 09:31:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js

[2011/02/09 08:59:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js

[2011/02/09 08:25:05 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js

[2011/02/09 07:53:05 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UVaTfT.js

[2011/02/09 07:48:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OpVuQE.js

[2011/02/09 07:28:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js

[2011/02/09 07:21:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js

[2011/02/08 19:09:42 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js

[2011/02/08 19:00:37 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\CCA3G.js

[2011/02/08 17:34:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js

[2011/02/08 17:04:57 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RrfVr.js

[2011/02/08 17:00:00 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aZGEAC.js

[2011/02/08 16:30:33 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js

[2011/02/08 16:02:53 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk

[2011/02/08 16:02:29 | 000,000,886 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2011/02/08 15:35:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/02/08 15:35:20 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2011/02/08 15:21:07 | 000,036,316 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\dll

[2011/02/08 15:20:47 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\jennifer\Start Menu\Programs\Startup\Startup.js

[2011/02/08 15:20:24 | 000,041,984 | ---- | M] () -- C:\WINDOWS\System32\document.doc

[2011/01/28 15:16:41 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\MOM LETTER EXTENSION DP ALDRIN 0111.doc

[2011/01/28 12:21:17 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\AIA GHS LISTING 311210w.xls

[2011/01/27 18:09:42 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Tax-CAR BENEFITS-2011 w.xls

[2011/01/27 15:42:49 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\cpf 05, 06 to 10 schedule.xls

[2011/01/27 12:29:27 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\MOM LETTER RENEW PP SPass 0111.doc

[2011/01/26 20:33:05 | 000,039,988 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\CS Workshop Report 2011.pdf

[2011/01/26 17:53:05 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\cpf 05, 06 & 07 schedule.xls

[2011/01/26 14:56:40 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\DD Salary Cost Jan - Dec 2010.xls

[2011/01/26 14:54:48 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\DD Salary Cost Jan - Dec 2010w.xls

[2011/01/26 09:58:46 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\CNY 2011 CHART FOR TE.xls

[2011/01/26 09:38:10 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\KHQ Sec KNT 2011.xls

[2011/01/26 08:38:47 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\CNY 2011 SCHEDULE FOR TE.xls

[2011/01/25 18:14:18 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\LABELS.xls

[2011/01/25 14:30:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Letter of resignation 0111 wxs.doc

[2011/01/25 08:40:05 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Certificate of resignation 0111 WXushan.doc

[2011/01/25 08:35:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\testimonial wangxushan 0111.doc

[2011/01/24 14:09:22 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\hdb Shirley poh 240111.doc

[2011/01/20 12:06:44 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Dr leave for yr 2010.xls

[2011/01/20 09:51:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Text Snr Design Engineer 200111.doc

[2011/01/20 09:47:34 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Ad Text 200111.doc

[2011/01/19 17:04:37 | 000,234,523 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\IPA Gu Lin.pdf

[2011/01/19 16:53:37 | 000,007,121 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\IPA Gu Lin.mht

[2011/01/19 16:48:35 | 000,065,942 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\SB Ack Gu Lin.pdf

[2011/01/19 16:20:27 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\BONUS 10 4 OTHER STAFF.xls

[2011/01/19 11:52:22 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Bonus1210 wo sal.xls

[2011/01/19 11:07:38 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Bonus1211 wo salary.xls

[2011/01/19 11:05:04 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal0111 wo bonus.xls

[2011/01/19 10:42:25 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Sal0111A.xls

[2011/01/18 21:59:11 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\JV Others for Dec 10 pg 2.xls

[2011/01/18 21:44:08 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Reconciliation Dec 10.xls

[2011/01/18 17:13:00 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Bonus1210.xls

[2011/01/18 16:21:18 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Career Pg 180111.doc

[2011/01/18 15:07:56 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\Career page 0111.doc

[2011/01/18 08:34:02 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\jennifer\My Documents\VC Salary Jan - Dec 2010.xls

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\jennifer\My Documents\*.tmp files -> C:\Documents and Settings\jennifer\My Documents\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[one piece]

Hi Elise, due to the long reports and cause me unable to post up, so I'll zip up the 3 reports here and attach here. Thank you.

hope to hear you soon.

Reports.zip

[Elise]

Hi again, there's quite some bad stuff showing up here, so lets start to clean some of it.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[one piece]

hi, sorry for the delay... here are the log file

But it unable to install the Recovery Console after I click ok.

ComboFix 11-02-16.01 - jennifer 02/17/2011 9:02.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.232 [GMT 8:00]

Running from: c:\documents and settings\jennifer\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\13A.tmp

C:\1C6.tmp

c:\documents and settings\jennifer\Application Data\e1HoHbiVbx.exe

c:\documents and settings\jennifer\Application Data\l8OIQOWX.exe

c:\documents and settings\jennifer\Application Data\vDaoaPQ5.exe

c:\documents and settings\jennifer\Start Menu\Programs\Startup\Startup.js

.

((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))

.

2011-02-10 03:40 . 2011-02-10 03:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-02-10 03:40 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-10 03:40 . 2011-02-10 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-10 03:40 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-10 03:39 . 2006-06-19 04:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2011-02-10 03:39 . 2006-05-25 06:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2011-02-10 03:39 . 2005-08-25 16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\program files\Trojan Remover

2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2011-02-10 03:39 . 2011-02-10 03:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software

2011-02-09 08:29 . 2011-02-09 08:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar

2011-02-09 08:28 . 2011-02-09 08:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-02-09 08:19 . 2011-02-09 08:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-02-09 06:21 . 2011-02-09 09:16 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2011-02-09 06:13 . 2011-02-09 09:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-02-09 06:13 . 2011-02-09 06:13 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-02-09 06:12 . 2011-02-09 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-02-09 01:59 . 2011-02-10 03:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-02-09 01:59 . 2011-02-10 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-02-08 07:34 . 2011-02-08 09:11 -------- d-----w- c:\documents and settings\jennifer

2011-02-08 07:26 . 2011-02-08 07:27 -------- d-----w- c:\documents and settings\Administrator.HR_JENNIFERPC

2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2005-03-07 53248]

"VTTrayp"="VTtrayp.exe" [2005-03-11 147456]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-02-17 492840]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\jennifer\Start Menu\Programs\Startup\

SkypeMate.lnk - c:\program files\SkypeMate\SkypeMate.exe [2005-11-7 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2010-9-24 131584]

Paymaster for Windows Shortcut Bar.lnk - c:\hrmwin\TBJ01000.exe [2010-4-21 49152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]

.

.

------- Supplementary Scan -------

.

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

FF - ProfilePath - c:\documents and settings\jennifer\Application Data\Mozilla\Firefox\Profiles\p5lqnxp4.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll

AddRemove-BW - c:\baan\UNINST\Setup.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-17 09:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2011-02-17 09:10:29

ComboFix-quarantined-files.txt 2011-02-17 01:10

Pre-Run: 19,671,425,024 bytes free

Post-Run: 19,662,286,848 bytes free

- - End Of File - - 8006877EC2FF0498B46F4CC9F3CAA9F9

[Elise]

Hi again, does your internet work fine otherwise?

OTL FIX

------------

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox.
   

   :otl
   [2011/02/14 10:25:03 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QMgyCYm.js
   [2011/02/14 09:55:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\uaKqKJ8F.js
   [2011/02/14 09:41:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\l8ksxNVU.js
   [2011/02/14 09:27:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\uJmFU.js
   [2011/02/14 09:02:03 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\yMmIn1Ajmv.js
   [2011/02/14 08:46:14 | 000,227,840 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\k86WBD6.exe
   [2011/02/14 08:46:01 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nfj4YP0mkl.js
   [2011/02/14 08:34:01 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\eQ3Yk5jvIp.js
   [2011/02/14 08:25:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LQ9hut0.js
   [2011/02/14 07:58:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dqlpC.js
   [2011/02/14 07:44:01 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\L4jGlO0T.js
   [2011/02/14 07:13:02 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Fw8u5fLT.js
   [2011/02/14 06:39:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\kDn6KNEw.js
   [2011/02/14 06:32:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aVFPPdMf.js
   [2011/02/13 17:13:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vP17ox.js
   [2011/02/13 16:53:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MGsiyT.js
   [2011/02/13 16:46:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\rVtB7b6QX.js
   [2011/02/13 16:27:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MirBRaAu9.js
   [2011/02/13 15:56:09 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\sAmVWp1A.js
   [2011/02/13 15:31:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\oI9B2TjcGr.js
   [2011/02/13 15:20:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\wJdzydsu23.js
   [2011/02/13 15:09:09 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zVxzGBLQNS.js
   [2011/02/13 14:47:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\kFk03uckS.js
   [2011/02/13 14:21:10 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\DVzuv.js
   [2011/02/13 13:50:09 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cKxDJ.js
   [2011/02/13 13:33:09 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iLVIEvxl.js
   [2011/02/13 13:10:09 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Mlso9W.js
   [2011/02/13 12:57:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\XOz56gf.js
   [2011/02/13 12:25:10 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\SBLgBqy.js
   [2011/02/13 12:03:21 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QP9y6Fqar.js
   [2011/02/13 11:55:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\EYX5cTF.js
   [2011/02/11 17:33:47 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\NcYwzSxd.js
   [2011/02/11 17:14:47 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\L5vIXnffOp.js
   [2011/02/11 17:07:47 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aa8ZHgcc.js
   [2011/02/11 16:36:48 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\adjnhYF.js
   [2011/02/11 16:27:47 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AA6TO6hY.js
   [2011/02/11 15:57:50 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\TysQ1.js
   [2011/02/11 15:24:53 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\jhsQNUUwRt.js
   [2011/02/11 14:55:59 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aN5wq0aF3.js
   [2011/02/11 14:39:59 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\SFRqsvPJyJ.js
   [2011/02/11 14:35:00 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\tYwjN.js
   [2011/02/11 14:29:01 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\n3U4zt.js
   [2011/02/11 14:15:15 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\oOnOO.js
   [2011/02/11 14:04:15 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\HIU0j.js
   [2011/02/11 13:47:15 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pWctj.js
   [2011/02/11 13:14:14 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hxNlC6HcXJ.js
   [2011/02/11 13:02:15 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vlNjgwjcd.js
   [2011/02/11 12:30:15 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pcGDKuvnCu.js
   [2011/02/11 12:18:16 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RhtyN9.js
   [2011/02/11 12:11:53 | 000,109,232 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\e1HoHbiVbx.exe
   [2011/02/11 12:11:20 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\fnt7rfd0h4.js
   [2011/02/11 11:53:14 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dX1paD0.js
   [2011/02/11 11:22:14 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ulxu2ny2.js
   [2011/02/11 11:13:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\K5GWfWI9fT.js
   [2011/02/11 11:03:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\wGPcL.js
   [2011/02/11 10:47:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\PtoReJT.js
   [2011/02/11 10:34:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zBvobmeSPo.js
   [2011/02/11 10:26:15 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\jLySP7SHR.js
   [2011/02/11 10:14:14 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Qtx0YP.js
   [2011/02/11 10:01:17 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UA9ZkLQvne.js
   [2011/02/11 09:52:14 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\BOlIMZ.js
   [2011/02/11 09:29:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\i7cyMmS.js
   [2011/02/11 09:16:15 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UZxCmPqec4.js
   [2011/02/11 08:59:14 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cci3v.js
   [2011/02/11 08:31:16 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RlDa1y.js
   [2011/02/11 07:58:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cTcFw.js
   [2011/02/11 07:31:26 | 000,079,114 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\l8OIQOWX.exe
   [2011/02/11 07:31:14 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pBLIsG.js
   [2011/02/11 06:58:19 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\m77TPKLWV2.js
   [2011/02/10 19:36:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hqsuQsTW.js
   [2011/02/10 19:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\rQBUs05k9C.js
   [2011/02/10 18:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\EkStXwp.js
   [2011/02/10 18:52:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\KWic67AxHc.js
   [2011/02/10 18:39:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vm1XI4LPOG.js
   [2011/02/10 18:05:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\NoAb98.js
   [2011/02/10 17:52:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ja4hI.js
   [2011/02/10 17:20:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\edzEK.js
   [2011/02/10 17:11:40 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RfonCJDcd.js
   [2011/02/10 16:47:40 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\MluLQ.js
   [2011/02/10 16:15:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\f8YzxuYu.js
   [2011/02/10 16:09:40 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\FBsx44qm.js
   [2011/02/10 15:59:40 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\zHBeQc.js
   [2011/02/10 15:45:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\WfPiBn.js
   [2011/02/10 15:22:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\XU7tMC.js
   [2011/02/10 14:48:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ylgYS.js
   [2011/02/10 14:22:41 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AlYXgNF.js
   [2011/02/10 13:51:40 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\yJfThAo9.js
   [2011/02/10 13:30:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\PlVN0.js
   [2011/02/10 13:20:49 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O5XIESTZb.js
   [2011/02/10 12:58:28 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IPtdk4W9o.js
   [2011/02/10 12:37:36 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\hPx0uxSIvw.js
   [2011/02/10 12:32:00 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OJjhh.js
   [2011/02/10 12:21:32 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\VrIGCyknF.js
   [2011/02/10 12:11:31 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\TYi6EvxH.js
   [2011/02/10 12:05:30 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r9jAojDg.js
   [2011/02/10 11:43:28 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\F1p1F.js
   [2011/02/10 11:09:27 | 000,087,328 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\vDaoaPQ5.exe
   [2011/02/10 11:09:09 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\YT8Afga.js
   [2011/02/10 10:47:04 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Yg9mFx.js
   [2011/02/10 10:31:05 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\eetXq.js
   [2011/02/10 10:16:04 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\dklthdf.js
   [2011/02/10 09:48:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\YmT2mcD.js
   [2011/02/10 09:29:06 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\VP14IaQaZ.js
   [2011/02/10 09:15:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\W6QRwZ71V.js
   [2011/02/10 09:04:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\Is8MIUz.js
   [2011/02/10 08:43:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pgFbrOf1a.js
   [2011/02/10 08:20:27 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\8781.bat
   [2011/02/10 08:20:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\B5aS17a.js
   [2011/02/10 07:55:05 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\WZNKQb.js
   [2011/02/10 07:46:07 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\W8zmaLWujd.js
   [2011/02/10 07:15:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IOzhAD.js
   [2011/02/09 19:33:23 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bHKpmQT1.js
   [2011/02/09 19:06:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js
   [2011/02/09 18:33:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\I5np9x.js
   [2011/02/09 18:15:23 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js
   [2011/02/09 18:10:52 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\7076.bat
   [2011/02/09 18:10:23 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js
   [2011/02/09 17:54:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js
   [2011/02/09 17:45:23 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js
   [2011/02/09 17:21:25 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js
   [2011/02/09 14:18:48 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IFJMllI.js
   [2011/02/09 13:47:09 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\3712.bat
   [2011/02/09 13:46:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\gA73H9.js
   [2011/02/09 13:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js
   [2011/02/09 13:07:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iRNv1.js
   [2011/02/09 12:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\boY58.js
   [2011/02/09 12:42:41 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bF1BS.js
   [2011/02/09 12:13:11 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\9736.bat
   [2011/02/09 12:12:41 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js
   [2011/02/09 12:02:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aiyqb.js
   [2011/02/09 10:05:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js
   [2011/02/09 09:31:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js
   [2011/02/09 08:59:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js
   [2011/02/09 08:25:05 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js
   [2011/02/09 07:53:05 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UVaTfT.js
   [2011/02/09 07:48:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OpVuQE.js
   [2011/02/09 07:28:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js
   [2011/02/09 07:21:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js
   [2011/02/08 19:09:42 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js
   [2011/02/08 19:00:37 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\CCA3G.js
   [2011/02/08 17:34:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js
   [2011/02/08 17:04:57 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RrfVr.js
   [2011/02/08 17:00:00 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aZGEAC.js
   [2011/02/08 16:30:33 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js
   
   :commands
   [emptytemp]

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   

[one piece]

Hi,

I'm still able to access to internet.

Here's the report.

Error: Unable to interpret <[2011/02/09 19:06:40 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js> in the current context!

Error: Unable to interpret <[2011/02/09 18:33:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\I5np9x.js> in the current context!

Error: Unable to interpret <[2011/02/09 18:15:23 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js> in the current context!

Error: Unable to interpret <[2011/02/09 18:10:52 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\7076.bat> in the current context!

Error: Unable to interpret <[2011/02/09 18:10:23 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js> in the current context!

Error: Unable to interpret <[2011/02/09 17:54:23 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js> in the current context!

Error: Unable to interpret <[2011/02/09 17:45:23 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js> in the current context!

Error: Unable to interpret <[2011/02/09 17:21:25 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js> in the current context!

Error: Unable to interpret <[2011/02/09 14:18:48 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\IFJMllI.js> in the current context!

Error: Unable to interpret <[2011/02/09 13:47:09 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\3712.bat> in the current context!

Error: Unable to interpret <[2011/02/09 13:46:41 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\gA73H9.js> in the current context!

Error: Unable to interpret <[2011/02/09 13:12:41 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js> in the current context!

Error: Unable to interpret <[2011/02/09 13:07:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\iRNv1.js> in the current context!

Error: Unable to interpret <[2011/02/09 12:58:40 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\boY58.js> in the current context!

Error: Unable to interpret <[2011/02/09 12:42:41 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\bF1BS.js> in the current context!

Error: Unable to interpret <[2011/02/09 12:13:11 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\9736.bat> in the current context!

Error: Unable to interpret <[2011/02/09 12:12:41 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js> in the current context!

Error: Unable to interpret <[2011/02/09 12:02:41 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aiyqb.js> in the current context!

Error: Unable to interpret <[2011/02/09 10:05:14 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js> in the current context!

Error: Unable to interpret <[2011/02/09 09:31:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js> in the current context!

Error: Unable to interpret <[2011/02/09 08:59:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js> in the current context!

Error: Unable to interpret <[2011/02/09 08:25:05 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js> in the current context!

Error: Unable to interpret <[2011/02/09 07:53:05 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\UVaTfT.js> in the current context!

Error: Unable to interpret <[2011/02/09 07:48:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\OpVuQE.js> in the current context!

Error: Unable to interpret <[2011/02/09 07:28:05 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js> in the current context!

Error: Unable to interpret <[2011/02/09 07:21:04 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js> in the current context!

Error: Unable to interpret <[2011/02/08 19:09:42 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js> in the current context!

Error: Unable to interpret <[2011/02/08 19:00:37 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\CCA3G.js> in the current context!

Error: Unable to interpret <[2011/02/08 17:34:08 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js> in the current context!

Error: Unable to interpret <[2011/02/08 17:04:57 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\RrfVr.js> in the current context!

Error: Unable to interpret <[2011/02/08 17:00:00 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\aZGEAC.js> in the current context!

Error: Unable to interpret <[2011/02/08 16:30:33 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js> in the current context!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 54846 bytes

->FireFox cache emptied: 32169421 bytes

->Flash cache emptied: 511 bytes

User: Administrator.HR_JENNIFERPC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: jennifer

->Temp folder emptied: 236933 bytes

->Temporary Internet Files folder emptied: 1435118 bytes

->Java cache emptied: 42037 bytes

->FireFox cache emptied: 46685106 bytes

->Flash cache emptied: 994 bytes

User: jenniferold

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 106938 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 273378063 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 340.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02182011_083548

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Elise]

Did you copy the first line of the script ":otl"?

Make sure to copy also the :, it looks like something went wrong. Can you please run it again?

[one piece]

hi,

I'll run again.

thank.

[one piece]

hi,

my user when out of office now, i'll run it when she is back. thank for your time.

[one piece]

Hi,

Here the new report. Thank you.

All processes killed

========== OTL ==========

C:\Documents and Settings\jennifer\Application Data\QMgyCYm.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\uaKqKJ8F.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\l8ksxNVU.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\uJmFU.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\yMmIn1Ajmv.js moved successfully.

File C:\Documents and Settings\jennifer\Application Data\k86WBD6.exe not found.

C:\Documents and Settings\jennifer\Application Data\nfj4YP0mkl.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\eQ3Yk5jvIp.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\LQ9hut0.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\dqlpC.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\L4jGlO0T.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\Fw8u5fLT.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\kDn6KNEw.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\aVFPPdMf.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\vP17ox.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\MGsiyT.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\rVtB7b6QX.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\MirBRaAu9.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\sAmVWp1A.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\oI9B2TjcGr.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\wJdzydsu23.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\zVxzGBLQNS.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\kFk03uckS.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\DVzuv.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\cKxDJ.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\iLVIEvxl.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\Mlso9W.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\XOz56gf.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\SBLgBqy.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\QP9y6Fqar.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\EYX5cTF.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\NcYwzSxd.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\L5vIXnffOp.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\aa8ZHgcc.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\adjnhYF.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\AA6TO6hY.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\TysQ1.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\jhsQNUUwRt.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\aN5wq0aF3.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\SFRqsvPJyJ.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\tYwjN.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\n3U4zt.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\oOnOO.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\HIU0j.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\pWctj.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\hxNlC6HcXJ.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\vlNjgwjcd.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\pcGDKuvnCu.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\RhtyN9.js moved successfully.

File C:\Documents and Settings\jennifer\Application Data\e1HoHbiVbx.exe not found.

C:\Documents and Settings\jennifer\Application Data\fnt7rfd0h4.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\dX1paD0.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\ulxu2ny2.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\K5GWfWI9fT.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\wGPcL.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\PtoReJT.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\zBvobmeSPo.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\jLySP7SHR.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\Qtx0YP.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\UA9ZkLQvne.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\BOlIMZ.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\i7cyMmS.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\UZxCmPqec4.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\cci3v.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\RlDa1y.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\cTcFw.js moved successfully.

File C:\Documents and Settings\jennifer\Application Data\l8OIQOWX.exe not found.

C:\Documents and Settings\jennifer\Application Data\pBLIsG.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\m77TPKLWV2.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\hqsuQsTW.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\rQBUs05k9C.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\EkStXwp.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\KWic67AxHc.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\vm1XI4LPOG.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\NoAb98.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\ja4hI.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\edzEK.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\RfonCJDcd.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\MluLQ.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\f8YzxuYu.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\FBsx44qm.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\zHBeQc.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\WfPiBn.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\XU7tMC.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\ylgYS.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\AlYXgNF.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\yJfThAo9.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\PlVN0.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\O5XIESTZb.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\IPtdk4W9o.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\hPx0uxSIvw.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\OJjhh.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\VrIGCyknF.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\TYi6EvxH.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\r9jAojDg.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\F1p1F.js moved successfully.

File C:\Documents and Settings\jennifer\Application Data\vDaoaPQ5.exe not found.

C:\Documents and Settings\jennifer\Application Data\YT8Afga.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\Yg9mFx.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\eetXq.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\dklthdf.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\YmT2mcD.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\VP14IaQaZ.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\W6QRwZ71V.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\Is8MIUz.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\pgFbrOf1a.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\8781.bat moved successfully.

C:\Documents and Settings\jennifer\Application Data\B5aS17a.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\WZNKQb.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\W8zmaLWujd.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\IOzhAD.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\bHKpmQT1.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\mN3GdaBEdz.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\I5np9x.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\nbUV0bnJd.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\7076.bat moved successfully.

C:\Documents and Settings\jennifer\Application Data\LHOdcXnjNq.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\AHFr3jC.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\cFqJ2RZuxK.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\mo5kJNS.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\IFJMllI.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\3712.bat moved successfully.

C:\Documents and Settings\jennifer\Application Data\gA73H9.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\xpnjq8nVo.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\iRNv1.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\boY58.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\bF1BS.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\9736.bat moved successfully.

C:\Documents and Settings\jennifer\Application Data\nnoaj2U.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\aiyqb.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\cBRiosFJm.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\mkRccW4tt.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\O0XGqQu.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\pX6Q4Fhzh.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\UVaTfT.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\OpVuQE.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\r8ZLmQniX.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\lMR8RGw7dP.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\x7EgD4Q.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\CCA3G.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\ORpBnw774G.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\RrfVr.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\aZGEAC.js moved successfully.

C:\Documents and Settings\jennifer\Application Data\QBDqBNJQ.js moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Administrator.HR_JENNIFERPC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: jennifer

->Temp folder emptied: 150719 bytes

->Temporary Internet Files folder emptied: 1269013 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 3501050 bytes

->Flash cache emptied: 0 bytes

User: jenniferold

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02182011_180500

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Elise]

That worked!

How are things running now? Can you rerun OTL, click the NONE button, then change the value under Extra Registry to "use safelist" and click Run Scan. Post me extra.txt

[one piece]

I'll rerun the OLT on monday n the system seen ok, but I have to reinstall the AVG after I rerun the OLT n confirm everything is ok. Very thank for ur time, me will post the result after scan. Thank again.

[Elise]

Okay, please keep me posted!

[one piece]

Hi Elise, here are the OTL log.

OTL logfile created on: 2/21/2011 8:52:22 AM - Run 2

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\jennifer\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 166.00 Mb Available Physical Memory | 35.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.06 Gb Total Space | 18.09 Gb Free Space | 46.32% Space Free | Partition Type: NTFS

Drive E: | 37.26 Gb Total Space | 37.17 Gb Free Space | 99.76% Space Free | Partition Type: NTFS

Drive N: | 104.13 Gb Total Space | 102.87 Gb Free Space | 98.79% Space Free | Partition Type: NTFS

Computer Name: HR_JENNIFERPC | User Name: jennifer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >

[one piece]

Hi, do you know why i can't reinstall my AVG 9.0 back to the system after i uninstall it?

[one piece]

hi, please ignore the last reply... i able to install it already. after install and run a full scan, everything seen ok. Thank u very much.

[one piece]

hi, if everything ok with this system, can i post the other system also having the same problem?

[Elise]

Hi, you can post a separate topic for that, we do not work on two systems in one topic, to avoid any confusion between the logs.

You didn't post me extra.txt, thats otl.txt. Please post me also extra.txt

[one piece]

hi here is the extra.txt report.

OTL Extras logfile created on: 2/21/2011 8:59:26 AM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = \\HR_JENNIFERPC\sebas

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free

7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 91.78 Gb Free Space | 61.58% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 342.95 Gb Free Space | 73.63% Space Free | Partition Type: NTFS

Drive K: | 465.76 Gb Total Space | 74.94 Gb Free Space | 16.09% Space Free | Partition Type: NTFS

Computer Name: KHQ_SEBAS_TAN | User Name: sebastian.tan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin

"{045BCAD4-3EBF-4D4E-8166-6B735F5AA298}" = Baan IV BW

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1

"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29342492-9F4F-4089-866A-10D801B610FD}" = Cisco Configuration Professional

"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models

"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011

"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669A37FF-A446-46F9-8AAE-EEC1988A2ADF}" = Autodesk Design Review Firefox Add-on v1.1

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en

"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011

"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007

"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models

"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models

"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran

[Elise]

Hi that looks good too. One thing, there is a newer version from AVG out; I recommend you to upgrade to the latest version.

Lets also do one last scan for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Check
      
   8. Push the Start button.
      
   9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      
   10. When the scan completes, push
       
   11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
       Note - when ESET doesn't find any threats, no report will be created.
       
   12. Push the button.
       
   13. Push
       
       

[one piece]

hi sorry, i think i have posted up the wrong extra.txt... will post it again.