Solved Malware / Virus Infection

GRAHAM WESTON · 2010/12/24

[Resolved] Malware / Virus Infection

The missus has had a problem with her laptop, IE going to incorrect web pages, and today started getting all sorts of scandisk warnings, including disk failure warnings and the like. I ran spybot, and found Fraud.hdddefragmenter and Fraud.sysguard, which i asked spybot to remove. I then ran the following and have included their reports below.
Malwarebytes
GMER
MBRCheck
DDS

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5387

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

24/12/2010 10:59:22 PM
mbam-log-2010-12-24 (22-59-22).txt

Scan type: Quick scan
Objects scanned: 140796
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\274526004 (Trojan.SCTool.Gen) -> Value: 274526004 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

....................................................................................................

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-25 01:01:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909
Running: bqbgnro6.exe; Driver: C:\Users\kiunga\AppData\Local\Temp\fwryipog.sys

---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\gaakk.sys The system cannot find the path specified. !
? System32\drivers\xqpb.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[896] ntdll.dll!LdrLoadDll 76ED9390 5 Bytes JMP 00AF13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- EOF - GMER 1.0.15 ----

...............................................................................................

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Compal
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ40 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 189):
0x82214000 \SystemRoot\system32\ntkrnlpa.exe
0x825CD000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\PSHED.dll
0x80423000 \SystemRoot\system32\BOOTVID.dll
0x8042B000 \SystemRoot\system32\CLFS.SYS
0x8046C000 \SystemRoot\system32\CI.dll
0x8054C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060E000 \SystemRoot\system32\drivers\acpi.sys
0x80654000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065D000 \SystemRoot\system32\drivers\msisadrv.sys
0x80665000 \SystemRoot\system32\drivers\pci.sys
0x8068C000 \SystemRoot\system32\drivers\isapnp.sys
0x8069B000 \SystemRoot\system32\drivers\mpio.sys
0x806B7000 \SystemRoot\System32\drivers\partmgr.sys
0x806C6000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806C9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806D3000 \SystemRoot\system32\drivers\volmgr.sys
0x806E2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8072C000 \SystemRoot\system32\drivers\intelide.sys
0x80733000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80741000 \SystemRoot\system32\drivers\pciide.sys
0x80748000 \SystemRoot\system32\drivers\aliide.sys
0x8074F000 \SystemRoot\system32\drivers\amdide.sys
0x80756000 \SystemRoot\system32\drivers\cmdide.sys
0x8075E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8076E000 \SystemRoot\system32\drivers\msdsm.sys
0x80788000 \SystemRoot\system32\drivers\nvraid.sys
0x807A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807C4000 \SystemRoot\system32\drivers\viaide.sys
0x88405000 \SystemRoot\system32\drivers\iastorv.sys
0x884A6000 \SystemRoot\system32\drivers\atapi.sys
0x884AE000 \SystemRoot\system32\drivers\ataport.SYS
0x884CC000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x884E6000 \SystemRoot\system32\drivers\storport.sys
0x88527000 \SystemRoot\system32\drivers\msahci.sys
0x88531000 \SystemRoot\system32\drivers\hpcisss.sys
0x8853C000 \SystemRoot\system32\drivers\adp94xx.sys
0x885A6000 \SystemRoot\system32\drivers\adpahci.sys
0x807CC000 \SystemRoot\system32\drivers\adpu160m.sys
0x805D5000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x88601000 \SystemRoot\system32\drivers\adpu320.sys
0x88627000 \SystemRoot\system32\drivers\djsvs.sys
0x8863B000 \SystemRoot\system32\drivers\arc.sys
0x88651000 \SystemRoot\system32\drivers\arcsas.sys
0x88667000 \SystemRoot\system32\drivers\elxstor.sys
0x886FB000 \SystemRoot\system32\drivers\i2omp.sys
0x88705000 \SystemRoot\system32\drivers\iirsp.sys
0x88715000 \SystemRoot\system32\drivers\iteatapi.sys
0x88721000 \SystemRoot\system32\drivers\iteraid.sys
0x8872D000 \SystemRoot\system32\drivers\lsi_fc.sys
0x88747000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8875F000 \SystemRoot\system32\drivers\megasas.sys
0x8880A000 \SystemRoot\system32\drivers\megasr.sys
0x888C1000 \SystemRoot\system32\drivers\mraid35x.sys
0x888CC000 \SystemRoot\system32\drivers\nfrd960.sys
0x888DA000 \SystemRoot\system32\drivers\nvstor.sys
0x88A0A000 \SystemRoot\system32\drivers\ql2300.sys
0x88B42000 \SystemRoot\system32\drivers\ql40xx.sys
0x88B97000 \SystemRoot\system32\drivers\sisraid2.sys
0x88BA4000 \SystemRoot\system32\drivers\sisraid4.sys
0x88BB9000 \SystemRoot\system32\drivers\symc8xx.sys
0x88BC5000 \SystemRoot\system32\drivers\sym_hi.sys
0x88BD0000 \SystemRoot\system32\drivers\sym_u3.sys
0x888E7000 \SystemRoot\system32\drivers\uliahci.sys
0x88BDB000 \SystemRoot\system32\drivers\ulsata.sys
0x88923000 \SystemRoot\system32\drivers\ulsata2.sys
0x8894F000 \SystemRoot\system32\drivers\vsmraid.sys
0x88970000 \SystemRoot\system32\drivers\fltmgr.sys
0x889A2000 \SystemRoot\system32\drivers\fileinfo.sys
0x88769000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88C0F000 \SystemRoot\system32\drivers\ndis.sys
0x88D1A000 \SystemRoot\system32\drivers\msrpc.sys
0x88D45000 \SystemRoot\system32\drivers\NETIO.SYS
0x88E0B000 \SystemRoot\System32\drivers\tcpip.sys
0x88EF5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89006000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89116000 \SystemRoot\system32\drivers\wd.sys
0x8911E000 \SystemRoot\system32\drivers\volsnap.sys
0x89157000 \SystemRoot\System32\Drivers\spldr.sys
0x8915F000 \SystemRoot\system32\drivers\sbp2port.sys
0x89174000 \SystemRoot\System32\Drivers\mup.sys
0x89183000 \SystemRoot\System32\drivers\ecache.sys
0x891AA000 \SystemRoot\system32\drivers\disk.sys
0x891BB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x891C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x891EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88F19000 \SystemRoot\system32\DRIVERS\processr.sys
0x9C40A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x88F28000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9C9EF000 \SystemRoot\System32\drivers\watchdog.sys
0x9CC07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9CCAC000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x88FC9000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x88D80000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9CDF4000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88D98000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9C400000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x9CDFE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88FED000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88DD6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9CC00000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x88E00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x889B2000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x88DE9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9C9FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x889DE000 \SystemRoot\system32\DRIVERS\enecir.sys
0x88F10000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9CE02000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9CE31000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9CE3C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9CE53000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9CE5E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9CE81000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9CE90000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9CEA4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9CEB9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9CEC9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9CECB000 \SystemRoot\system32\DRIVERS\ks.sys
0x9CEF5000 \SystemRoot\system32\DRIVERS\circlass.sys
0x9CF03000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9CF0D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9CF1A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9CF4F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9CF60000 \SystemRoot\system32\drivers\HdAudio.sys
0x9CF9F000 \SystemRoot\system32\drivers\portcls.sys
0x9CFCC000 \SystemRoot\system32\drivers\drmk.sys
0x9D000000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x9D063000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9D189000 \SystemRoot\system32\drivers\modem.sys
0x9D196000 \SystemRoot\system32\DRIVERS\hidir.sys
0x9D1A1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9D1B1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9D1B8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9D1C1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9D1C9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9D1D2000 \SystemRoot\System32\Drivers\Null.SYS
0x9D1D9000 \SystemRoot\System32\Drivers\Beep.SYS
0x9D1E0000 \SystemRoot\System32\drivers\vga.sys
0x887DA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9D1EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9D1F4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x807E7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9CFF1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x88DF4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88C00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88A00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9D205000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9D21B000 \SystemRoot\system32\DRIVERS\smb.sys
0x9D22F000 \SystemRoot\system32\drivers\afd.sys
0x9D277000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9D2A9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9D2BF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9D2CD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9D2E0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9D31C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9D326000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9D347000 \SystemRoot\System32\Drivers\dfsc.sys
0x9D35E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9D374000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9D381000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9D38C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0xA5870000 \SystemRoot\System32\win32k.sys
0x9D396000 \SystemRoot\System32\drivers\Dxapi.sys
0x9D3A0000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA5A90000 \SystemRoot\System32\TSDDD.dll
0xA5AB0000 \SystemRoot\System32\cdd.dll
0x9D3AF000 \SystemRoot\system32\drivers\luafv.sys
0xA880B000 \SystemRoot\system32\drivers\spsys.sys
0xA88BB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA88CB000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA88F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA88FF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA8912000 \SystemRoot\system32\drivers\HTTP.sys
0xA897F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA899C000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA89B5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA89CA000 \SystemRoot\system32\drivers\mrxdav.sys
0x9D3CA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA9E0F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA9E48000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA9E60000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9E88000 \SystemRoot\System32\DRIVERS\srv.sys
0xA9EEE000 \SystemRoot\system32\drivers\peauth.sys
0xA9FCC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA9FD6000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA9FE2000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x774E0000 \Windows\System32\ntdll.dll

Processes (total 85):
0 System Idle Process
4 System
416 C:\Windows\System32\smss.exe
548 csrss.exe
612 csrss.exe
620 C:\Windows\System32\wininit.exe
656 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
864 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\Ati2evxx.exe
1036 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe
1204 C:\Windows\System32\audiodg.exe
1476 C:\Windows\System32\svchost.exe
1492 C:\Windows\System32\SLsvc.exe
1516 C:\Windows\System32\svchost.exe
1628 C:\Windows\System32\Ati2evxx.exe
1680 C:\Windows\System32\svchost.exe
1840 C:\Windows\System32\wlanext.exe
1964 C:\Windows\System32\spoolsv.exe
1988 C:\Windows\System32\svchost.exe
404 C:\Windows\System32\taskeng.exe
852 C:\Windows\System32\dwm.exe
1120 C:\Windows\explorer.exe
356 C:\Windows\System32\taskeng.exe
2176 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe
2208 C:\Windows\System32\agrsmsvc.exe
2224 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2280 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2312 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2380 C:\Windows\System32\svchost.exe
2404 C:\Program Files\SMINST\BLService.exe
2488 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2532 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2560 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2588 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\svchost.exe
2664 C:\Windows\System32\SearchIndexer.exe
2764 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3364 C:\Program Files\Apoint2K\Apoint.exe
3376 C:\Program Files\HP\QuickPlay\QPService.exe
3432 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3572 C:\Program Files\Windows Defender\MSASCui.exe
3584 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3708 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3720 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3732 C:\Windows\tsnp2std.exe
3744 C:\Windows\vsnp2std.exe
3772 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
3784 C:\Program Files\IDT\WDM\sttray.exe
3808 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3848 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3864 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3876 C:\Program Files\Logitech\Vid\Vid.exe
3900 C:\Program Files\uTorrent\uTorrent.exe
3912 C:\Program Files\Skype\Phone\Skype.exe
3924 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3940 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3228 WmiPrvSE.exe
556 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
1580 WmiPrvSE.exe
528 C:\Program Files\Apoint2K\ApMsgFwd.exe
2940 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3968 C:\Program Files\Windows Media Player\wmpnscfg.exe
2064 C:\Program Files\Windows Media Player\wmpnetwk.exe
3056 C:\Program Files\Apoint2K\ApntEx.exe
1360 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4328 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4688 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3292 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2848 C:\Windows\System32\wuauclt.exe
5544 C:\Windows\System32\VSSVC.exe
5084 C:\Windows\System32\svchost.exe
4996 C:\Windows\servicing\TrustedInstaller.exe
5496 C:\Windows\System32\wbem\WMIADAP.exe
4524 C:\Windows\System32\SearchProtocolHost.exe
2808 C:\Windows\System32\SearchFilterHost.exe
5232 C:\Windows\System32\consent.exe
4920 C:\Users\kiunga\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`7ab00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6DF26AE7D6663DFFFF5602BEDE5BE4683120D56C

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
...........................................................................................

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/06/2009 2:38:41 PM
System Uptime: 25/12/2010 1:13:35 AM (0 hours ago)

Motherboard: Compal | | 30FF
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket M2/S1G1 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 248.109 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.952 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0000
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter
PNP Device ID: ROOT\*TUNMP\0000
Service: tunmp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office system
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player
Agere Systems HDA Modem
AMD USB Audio Driver Filter
AOL Toolbar 5.0
Ask Toolbar
ATI Catalyst Install Manager
µTorrent
Broadcom 802.11 Wireless LAN Adapter
Business Contact Manager for Outlook 2007 SP2
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink DVD Suite
CyberLink YouCam
Debut Video Capture Software
erLT
ESU for Microsoft Vista
Express Burn Disc Burning Software
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0125
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
IDT Audio
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
LabelPrint
LightScribe System Software 1.14.17.1
Logitech Vid
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NCH Toolbox
Norton Internet Security
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
Prism Video Converter
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skins
Skype Toolbars
Skypeâ„¢ 4.2
SoftStylus
Spybot - Search & Destroy
The KMPlayer (remove only)
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
USB2.0 PC Camera (SN9C201&202)
VideoPad Video Editor
VLC media player 1.1.0

==== Event Viewer Messages From Past Week ========

25/12/2010 1:18:42 AM, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0428) disappeared from the system without first being prepared for removal.
25/12/2010 1:18:42 AM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0028) disappeared from the system without first being prepared for removal.
25/12/2010 1:18:42 AM, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0228) disappeared from the system without first being prepared for removal.
25/12/2010 1:18:42 AM, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0328) disappeared from the system without first being prepared for removal.
25/12/2010 1:14:12 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/12/2010 5:48:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
24/12/2010 11:02:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
24/12/2010 11:02:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
24/12/2010 11:02:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
24/12/2010 11:01:39 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
24/12/2010 11:01:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/12/2010 11:01:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
24/12/2010 11:01:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/12/2010 11:01:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
22/12/2010 12:54:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user kiunga-PC\kiunga SID (S-1-5-21-4052979293-2891934890-3244637704-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================

.............................................................................................

DDS (Ver_10-12-12.02) - NTFSx86
Run by kiunga at 1:24:02.22 on Sat 25/12/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.2045.1164 [GMT 10:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Logitech\Vid\Vid.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\kiunga\Desktop\cleanup\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ninemsn.com.au/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:10293
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Logitech Vid] "c:\program files\logitech\vid\Vid.exe" -bootmode
uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [tSfkTNduxrPpGPr.exe] c:\users\kiunga\appdata\local\temp\tSfkTNduxrPpGPr.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5 "
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0 "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0 "
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0 "
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-au\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\kiunga\appdata\roaming\mozilla\firefox\profiles\cz3k99xz.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_e7ea6efc\AEstSrv.exe [2009-6-4 77824]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-3-11 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-4 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-3-10 222512]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-7-9 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-2 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 100184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-24 12:30:14 -------- d-----w- c:\users\kiunga\appdata\roaming\Malwarebytes
2010-12-24 12:30:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-24 12:30:03 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-24 12:30:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-24 12:29:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 00:19:24 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e6965672-e492-49a1-9d73-22d527675efb}\mpengine.dll

==================== Find3M ====================

2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-21 20:08:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-21 18:30:50 389632 ----a-w- c:\windows\system32\html.iec
2010-10-20 17:41:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-19 00:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 1:25:11.43 ===============

I hope someone can please advise what little nasty's are still on this laptop. Many thanks.

broni · 2010/12/24

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

I can see Norton in a list of installed programs, but I don't really see any AV program running.
What's the story here?

Then...

Found non-standard or infected MBR.
Click to expand...

Let's double check...

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

GRAHAM WESTON · 2010/12/24

Broni,
Many thanks with ur help with this problem. Merry Xmas by the way. Re Nortons, this laptop is not all that old, got it for the missus so she wouldn't use my main PC to watch her African Romance Movies, now i'm glad i did that, saved my machine. Anyway, Norton AV was a trial version, and it has run out, so i did uninstall it yesterday b4 i did all the scans, so i don't know why it is still showing as installed. When this machine is all clear i will download Avira or Avast as the main AV Protection. I have not done this yet, as you mention not to do any upgrades or the like till after the machine is cleaned. I have run remover.exe, txt file as follows.

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...

Many thanks
Graham

broni · 2010/12/24

Merry Christmas

to watch her African Romance Movies
Click to expand...

Hahahaha.....

Just for a good measure, run Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN IF you didn't run it already.

We need to fix your MBR....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

GRAHAM WESTON · 2010/12/25

Broni, ran the Norton's removal tool, all Ok. You ever try to find a blank CD on Xmas day when all the shops are shut, Hmmmm, found one after a few hours. Anyway, ran everything as instructed, new MBRCheck txt as follows.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Compal
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ40 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 189):
0x8221D000 \SystemRoot\system32\ntkrnlpa.exe
0x825D6000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\PSHED.dll
0x80424000 \SystemRoot\system32\BOOTVID.dll
0x8042C000 \SystemRoot\system32\CLFS.SYS
0x8046D000 \SystemRoot\system32\CI.dll
0x8054D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060A000 \SystemRoot\system32\drivers\acpi.sys
0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80659000 \SystemRoot\system32\drivers\msisadrv.sys
0x80661000 \SystemRoot\system32\drivers\pci.sys
0x80688000 \SystemRoot\system32\drivers\isapnp.sys
0x80697000 \SystemRoot\system32\drivers\mpio.sys
0x806B3000 \SystemRoot\System32\drivers\partmgr.sys
0x806C2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806C5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806CF000 \SystemRoot\system32\drivers\volmgr.sys
0x806DE000 \SystemRoot\System32\drivers\volmgrx.sys
0x80728000 \SystemRoot\system32\drivers\intelide.sys
0x8072F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8073D000 \SystemRoot\system32\drivers\pciide.sys
0x80744000 \SystemRoot\system32\drivers\aliide.sys
0x8074B000 \SystemRoot\system32\drivers\amdide.sys
0x80752000 \SystemRoot\system32\drivers\cmdide.sys
0x8075A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8076A000 \SystemRoot\system32\drivers\msdsm.sys
0x80784000 \SystemRoot\system32\drivers\nvraid.sys
0x8079F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807C0000 \SystemRoot\system32\drivers\viaide.sys
0x8840C000 \SystemRoot\system32\drivers\iastorv.sys
0x884AD000 \SystemRoot\system32\drivers\atapi.sys
0x884B5000 \SystemRoot\system32\drivers\ataport.SYS
0x884D3000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x884ED000 \SystemRoot\system32\drivers\storport.sys
0x8852E000 \SystemRoot\system32\drivers\msahci.sys
0x88538000 \SystemRoot\system32\drivers\hpcisss.sys
0x88543000 \SystemRoot\system32\drivers\adp94xx.sys
0x885AD000 \SystemRoot\system32\drivers\adpahci.sys
0x807C8000 \SystemRoot\system32\drivers\adpu160m.sys
0x805D6000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8860F000 \SystemRoot\system32\drivers\adpu320.sys
0x88635000 \SystemRoot\system32\drivers\djsvs.sys
0x88649000 \SystemRoot\system32\drivers\arc.sys
0x8865F000 \SystemRoot\system32\drivers\arcsas.sys
0x88675000 \SystemRoot\system32\drivers\elxstor.sys
0x88709000 \SystemRoot\system32\drivers\i2omp.sys
0x88713000 \SystemRoot\system32\drivers\iirsp.sys
0x88723000 \SystemRoot\system32\drivers\iteatapi.sys
0x8872F000 \SystemRoot\system32\drivers\iteraid.sys
0x8873B000 \SystemRoot\system32\drivers\lsi_fc.sys
0x88755000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8876D000 \SystemRoot\system32\drivers\megasas.sys
0x88808000 \SystemRoot\system32\drivers\megasr.sys
0x888BF000 \SystemRoot\system32\drivers\mraid35x.sys
0x888CA000 \SystemRoot\system32\drivers\nfrd960.sys
0x888D8000 \SystemRoot\system32\drivers\nvstor.sys
0x88A0A000 \SystemRoot\system32\drivers\ql2300.sys
0x88B42000 \SystemRoot\system32\drivers\ql40xx.sys
0x88B97000 \SystemRoot\system32\drivers\sisraid2.sys
0x88BA4000 \SystemRoot\system32\drivers\sisraid4.sys
0x88BB9000 \SystemRoot\system32\drivers\symc8xx.sys
0x88BC5000 \SystemRoot\system32\drivers\sym_hi.sys
0x88BD0000 \SystemRoot\system32\drivers\sym_u3.sys
0x888E5000 \SystemRoot\system32\drivers\uliahci.sys
0x88BDB000 \SystemRoot\system32\drivers\ulsata.sys
0x88921000 \SystemRoot\system32\drivers\ulsata2.sys
0x8894D000 \SystemRoot\system32\drivers\vsmraid.sys
0x8896E000 \SystemRoot\system32\drivers\fltmgr.sys
0x889A0000 \SystemRoot\system32\drivers\fileinfo.sys
0x88777000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88C07000 \SystemRoot\system32\drivers\ndis.sys
0x88D12000 \SystemRoot\system32\drivers\msrpc.sys
0x88D3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x88E01000 \SystemRoot\System32\drivers\tcpip.sys
0x88EEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89003000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89113000 \SystemRoot\system32\drivers\wd.sys
0x8911B000 \SystemRoot\system32\drivers\volsnap.sys
0x89154000 \SystemRoot\System32\Drivers\spldr.sys
0x8915C000 \SystemRoot\system32\drivers\sbp2port.sys
0x89171000 \SystemRoot\System32\Drivers\mup.sys
0x89180000 \SystemRoot\System32\drivers\ecache.sys
0x891A7000 \SystemRoot\system32\drivers\disk.sys
0x891B8000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x891C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x891EB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88F06000 \SystemRoot\system32\DRIVERS\processr.sys
0x9C60B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x88F15000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9CBF0000 \SystemRoot\System32\drivers\watchdog.sys
0x9CC0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9CCB2000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x88FB6000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x88FDA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9CC00000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88D78000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9C600000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x9CC0A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88DB6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88DC5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9CDFA000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x88FF2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x889B0000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x88DD8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9CBFC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88DE3000 \SystemRoot\system32\DRIVERS\enecir.sys
0x891F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9CE01000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9CE30000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9CE3B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9CE52000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9CE5D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9CE80000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9CE8F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9CEA3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9CEB8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9CEC8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9CECA000 \SystemRoot\system32\DRIVERS\ks.sys
0x9CEF4000 \SystemRoot\system32\DRIVERS\circlass.sys
0x9CF02000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9CF0C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9CF19000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9CF4E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9CF5F000 \SystemRoot\system32\drivers\HdAudio.sys
0x9CF9E000 \SystemRoot\system32\drivers\portcls.sys
0x9CFCB000 \SystemRoot\system32\drivers\drmk.sys
0x9D00F000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x9D072000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9D198000 \SystemRoot\system32\drivers\modem.sys
0x9D1A5000 \SystemRoot\system32\DRIVERS\hidir.sys
0x9D1B0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9D1C0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9D1C7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9D1D0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9D1D8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9D1E1000 \SystemRoot\System32\Drivers\Null.SYS
0x9D1E8000 \SystemRoot\System32\Drivers\Beep.SYS
0x9D1EF000 \SystemRoot\System32\drivers\vga.sys
0x889DC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9D000000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9CFF0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x887E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88600000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88A00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x807E3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9D40B000 \SystemRoot\system32\DRIVERS\smb.sys
0x9D41F000 \SystemRoot\system32\drivers\afd.sys
0x9D467000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9D499000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9D4AF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9D4C6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9D4D4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9D4E7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9D523000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9D52C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9D536000 \SystemRoot\System32\Drivers\dfsc.sys
0x9D54D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9D56E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9D57B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9D586000 \SystemRoot\System32\Drivers\dump_msahci.sys
0xA5890000 \SystemRoot\System32\win32k.sys
0x9D590000 \SystemRoot\System32\drivers\Dxapi.sys
0x9D59A000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA5AB0000 \SystemRoot\System32\TSDDD.dll
0xA5AD0000 \SystemRoot\System32\cdd.dll
0x9D5A9000 \SystemRoot\system32\drivers\luafv.sys
0x9D5C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D5D4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9D400000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x891C9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA860B000 \SystemRoot\system32\drivers\spsys.sys
0xA86BB000 \SystemRoot\system32\drivers\HTTP.sys
0xA8728000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA8745000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA875E000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA8773000 \SystemRoot\system32\drivers\mrxdav.sys
0xA8794000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA87B3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAA004000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAA01C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAA044000 \SystemRoot\System32\DRIVERS\srv.sys
0xAA0AA000 \SystemRoot\system32\drivers\peauth.sys
0xAA188000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAA192000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAA19E000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xAA1A3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77090000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
396 C:\Windows\System32\smss.exe
464 csrss.exe
528 C:\Windows\System32\wininit.exe
540 csrss.exe
572 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\Ati2evxx.exe
952 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe
1112 C:\Windows\System32\audiodg.exe
1352 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\SLsvc.exe
1412 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\Ati2evxx.exe
1540 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\wlanext.exe
1920 C:\Windows\System32\taskeng.exe
1928 C:\Windows\System32\spoolsv.exe
1996 C:\Windows\System32\svchost.exe
2044 C:\Windows\System32\dwm.exe
412 C:\Windows\explorer.exe
432 C:\Windows\System32\taskeng.exe
2132 C:\Program Files\Apoint2K\Apoint.exe
2160 C:\Program Files\HP\QuickPlay\QPService.exe
2168 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2208 C:\Program Files\Windows Defender\MSASCui.exe
2216 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2256 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2264 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2280 C:\Windows\tsnp2std.exe
2288 C:\Windows\vsnp2std.exe
2296 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
2304 C:\Program Files\IDT\WDM\sttray.exe
2316 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2332 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2340 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2348 C:\Program Files\Logitech\Vid\Vid.exe
2364 C:\Program Files\uTorrent\uTorrent.exe
2372 C:\Program Files\Skype\Phone\Skype.exe
2380 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2388 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2664 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe
2696 C:\Windows\System32\agrsmsvc.exe
2712 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2752 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2844 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2912 C:\Windows\System32\svchost.exe
2924 C:\Program Files\SMINST\BLService.exe
2948 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3028 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3080 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3144 C:\Windows\System32\svchost.exe
3200 C:\Windows\System32\svchost.exe
3260 C:\Windows\System32\SearchIndexer.exe
3452 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3636 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3836 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4016 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2100 WmiPrvSE.exe
1308 C:\Program Files\Apoint2K\ApMsgFwd.exe
3016 C:\Program Files\Apoint2K\ApntEx.exe
1660 C:\Program Files\Windows Media Player\wmpnscfg.exe
2936 C:\Program Files\Windows Media Player\wmpnetwk.exe
836 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3432 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5976 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5132 C:\Windows\System32\wuauclt.exe
2576 C:\Windows\System32\SearchProtocolHost.exe
5696 C:\Windows\System32\SearchFilterHost.exe
6076 C:\Users\kiunga\Desktop\cleanup\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`7ab00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

**You ever get sick of us techy type people who can't fix their own bloody computors ???

broni · 2010/12/29

I apologize for the delay. It looks like email notification missed me.

Good job on fixing MBR

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

GRAHAM WESTON · 2010/12/30

Broni,
Ran ComboFix, txt file as follows.

ComboFix 10-12-29.03 - kiunga 31/12/2010 1:47.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.2045.957 [GMT 10:00]
Running from: c:\users\kiunga\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 15:53 . 2010-12-30 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 16:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{364BDFE6-42FF-4B19-BE3B-F207F676283F}\mpengine.dll
2010-12-25 05:59 . 2006-03-17 10:39 147456 ----a-w- c:\program files\Mozilla Firefox\NTBR_CD\BurnCDCC.exe
2010-12-25 02:49 . 2010-12-25 02:49 -------- d-----w- c:\program files\7-Zip
2010-12-24 12:30 . 2010-12-24 12:30 -------- d-----w- c:\users\kiunga\AppData\Roaming\Malwarebytes
2010-12-24 12:30 . 2010-12-24 12:30 -------- d-----w- c:\programdata\Malwarebytes
2010-12-24 12:30 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-24 12:30 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-24 12:29 . 2010-12-24 12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 00:41 . 2010-09-04 01:38 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"Logitech Vid "= "c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD "= "c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2010-07-18 319792]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-01 39408]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"Apoint "= "c:\program files\Apoint2K\Apoint.exe" [2008-03-31 217088]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"tsnp2std "= "c:\windows\tsnp2std.exe" [2007-01-05 258048]
"snp2std "= "c:\windows\vsnp2std.exe" [2006-09-15 675840]
"LWS "= "c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 100184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe [2008-10-15 77824]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-03 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 15:18]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 15:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:10293
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\kiunga\AppData\Roaming\Mozilla\Firefox\Profiles\cz3k99xz.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-31 01:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2010-12-31 01:55:17
ComboFix-quarantined-files.txt 2010-12-30 15:55

Pre-Run: 266,198,654,976 bytes free
Post-Run: 266,143,059,968 bytes free

- - End Of File - - CF7E494CA6BCE25DB5BACC2CB876984D

broni · 2010/12/30

Please, uninstall Ask Toolbar, known adware.

==================================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:10293
uInternet Settings,ProxyOverride = <local>
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

GRAHAM WESTON · 2010/12/31

Broni, Happy New Year.
Have done as you instructed, TXT file below. Sorry, did not uninstall ask toolbar, will do it now.

ComboFix 10-12-29.03 - kiunga 01/01/2011 1:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2045.1287 [GMT 10:00]
Running from: c:\users\kiunga\Desktop\ComboFix.exe
Command switches used :: c:\users\kiunga\Desktop\cleanup\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-31 15:14 . 2010-12-31 15:14 -------- d-----w- c:\users\kiunga\AppData\Local\temp
2010-12-31 15:14 . 2010-12-31 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 16:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53B84456-2223-45E4-B4D7-EBCC55AD1D07}\mpengine.dll
2010-12-25 05:59 . 2006-03-17 10:39 147456 ----a-w- c:\program files\Mozilla Firefox\NTBR_CD\BurnCDCC.exe
2010-12-25 02:49 . 2010-12-25 02:49 -------- d-----w- c:\program files\7-Zip
2010-12-24 12:30 . 2010-12-24 12:30 -------- d-----w- c:\users\kiunga\AppData\Roaming\Malwarebytes
2010-12-24 12:30 . 2010-12-24 12:30 -------- d-----w- c:\programdata\Malwarebytes
2010-12-24 12:30 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-24 12:30 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-24 12:29 . 2010-12-24 12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 00:41 . 2010-09-04 01:38 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"Logitech Vid "= "c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD "= "c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2010-07-18 319792]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-01 39408]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"Apoint "= "c:\program files\Apoint2K\Apoint.exe" [2008-03-31 217088]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"tsnp2std "= "c:\windows\tsnp2std.exe" [2007-01-05 258048]
"snp2std "= "c:\windows\vsnp2std.exe" [2006-09-15 675840]
"LWS "= "c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 100184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe [2008-10-15 77824]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-03 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 15:18]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 15:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\kiunga\AppData\Roaming\Mozilla\Firefox\Profiles\cz3k99xz.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-01 01:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2011-01-01 01:16:05
ComboFix-quarantined-files.txt 2010-12-31 15:16
ComboFix2.txt 2010-12-30 15:55

Pre-Run: 266,207,805,440 bytes free
Post-Run: 266,161,909,760 bytes free

- - End Of File - - D12048C98E0F116CE1184BDB25147E37

What are the main problems you have found with this system, would be interested to know. Cheers. Graham.

broni · 2010/12/31

Combofix log looks good now

Well, we had couple of nasties found by MBAM and your MBR seemed to be infected.
All cured by now.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

GRAHAM WESTON · 2011/01/02

Broni,
the laptop appears to be working fine, but must admit, not useing it until all is cleared up' Completed the above, and txt file's are below. Many thanks.

OTL logfile created on: 3/01/2011 12:46:17 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\kiunga\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.92 Gb Total Space | 247.98 Gb Free Space | 86.73% Space Free | Partition Type: NTFS
Drive D: | 12.17 Gb Total Space | 1.95 Gb Free Space | 16.04% Space Free | Partition Type: NTFS

Computer Name: KIUNGA-PC | User Name: kiunga | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/03 00:44:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kiunga\Downloads\OTL.exe
PRC - [2010/12/20 00:17:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/02 01:17:42 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/07/18 22:55:39 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/05/11 16:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid\Vid.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/04/11 16:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/03 11:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/10/15 21:39:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe
PRC - [2008/10/15 21:39:50 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe
PRC - [2007/12/12 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/01/05 17:12:58 | 000,258,048 | ---- | M] (SONIX) -- C:\Windows\tsnp2std.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe

========== Modules (SafeList) ==========

MOD - [2011/01/03 00:44:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kiunga\Downloads\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 11:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/03 11:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/10/15 21:39:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe -- (STacSV)
SRV - [2008/10/15 21:39:50 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/12 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\kiunga\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/05/15 08:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2010/05/15 08:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/04 14:43:43 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/04/11 14:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/10 22:54:24 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/03/10 22:54:24 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/03/10 22:54:24 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/12/11 01:30:58 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/11 06:26:00 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/15 21:39:54 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/07/21 19:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/28 19:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/04/28 15:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/03/31 19:36:12 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/01 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/24 22:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/21 12:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 12:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 12:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 12:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 12:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 12:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 12:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 12:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 12:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 12:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 12:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 12:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 12:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 12:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 12:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 12:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 12:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 12:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 12:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 12:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 12:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 12:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 12:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/06/19 09:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/01/26 16:48:28 | 012,028,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/20 00:17:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 00:17:41 | 000,000,000 | ---D | M]

[2010/10/07 18:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiunga\AppData\Roaming\Mozilla\Extensions
[2011/01/01 01:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiunga\AppData\Roaming\Mozilla\Firefox\Profiles\cz3k99xz.default\extensions
[2010/12/19 00:03:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kiunga\AppData\Roaming\Mozilla\Firefox\Profiles\cz3k99xz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/24 21:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/24 22:09:27 | 000,428,340 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14749 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-AU\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kiunga\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 01:16:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/01 01:16:08 | 000,000,000 | ---D | C] -- C:\Users\kiunga\AppData\Local\temp
[2011/01/01 01:15:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/01 01:05:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/31 01:46:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/31 01:46:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/31 01:46:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/31 01:46:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/31 01:45:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/25 12:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2010/12/25 12:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/12/24 23:15:43 | 000,000,000 | ---D | C] -- C:\Users\kiunga\Desktop\cleanup
[2010/12/24 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\kiunga\AppData\Roaming\Malwarebytes
[2010/12/24 22:30:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/24 22:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/24 22:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/24 22:30:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/24 22:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/24 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\kiunga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scanner
[2010/12/20 00:44:47 | 000,000,000 | ---D | C] -- C:\Users\kiunga\Desktop\host file
[2010/07/18 09:32:32 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2010/07/18 09:32:32 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll

========== Files - Modified Within 30 Days ==========

[2011/01/03 00:48:13 | 000,655,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/03 00:48:13 | 000,126,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/03 00:42:07 | 000,000,383 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/01/03 00:42:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/03 00:42:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/03 00:41:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/03 00:41:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/03 00:41:33 | 2145,210,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/01 16:53:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/01 01:31:29 | 000,000,230 | ---- | M] () -- C:\Users\kiunga\Desktop\Run.lnk
[2010/12/25 01:04:54 | 000,080,384 | ---- | M] () -- C:\Users\kiunga\Desktop\MBRCheck.exe
[2010/12/24 23:12:59 | 000,001,356 | ---- | M] () -- C:\Users\kiunga\AppData\Local\d3d9caps.dat
[2010/12/24 22:30:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/24 22:09:27 | 000,428,340 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/24 22:09:01 | 000,428,340 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101224-220927.backup
[2010/12/24 15:57:31 | 000,000,771 | ---- | M] () -- C:\Users\kiunga\Desktop\Scanner.lnk
[2010/12/23 11:00:06 | 000,000,203 | ---- | M] () -- C:\Users\kiunga\Desktop\CD Drive - Shortcut.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/19 00:55:13 | 000,379,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/01/01 01:31:29 | 000,000,230 | ---- | C] () -- C:\Users\kiunga\Desktop\Run.lnk
[2010/12/31 01:46:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/31 01:46:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/31 01:46:16 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/31 01:46:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/31 01:46:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/25 01:13:49 | 2145,210,368 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/25 01:12:54 | 000,080,384 | ---- | C] () -- C:\Users\kiunga\Desktop\MBRCheck.exe
[2010/12/24 22:30:04 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/24 15:57:31 | 000,000,771 | ---- | C] () -- C:\Users\kiunga\Desktop\Scanner.lnk
[2010/12/23 11:00:06 | 000,000,203 | ---- | C] () -- C:\Users\kiunga\Desktop\CD Drive - Shortcut.lnk
[2010/10/04 05:34:17 | 000,001,356 | ---- | C] () -- C:\Users\kiunga\AppData\Local\d3d9caps.dat
[2010/07/21 17:27:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/20 00:49:40 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/18 22:50:58 | 000,016,384 | ---- | C] () -- C:\Users\kiunga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 09:32:37 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010/07/18 09:32:36 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2010/07/18 09:32:35 | 012,028,032 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2010/07/17 12:15:48 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2010/07/17 12:08:29 | 000,000,000 | ---- | C] () -- C:\Users\kiunga\AppData\Local\FnF4.txt
[2010/07/09 11:32:40 | 000,000,000 | ---- | C] () -- C:\Users\kiunga\AppData\Local\QSwitch.txt
[2010/07/09 11:32:40 | 000,000,000 | ---- | C] () -- C:\Users\kiunga\AppData\Local\DSwitch.txt
[2010/07/09 11:32:40 | 000,000,000 | ---- | C] () -- C:\Users\kiunga\AppData\Local\AtStart.txt
[2010/07/09 11:32:24 | 000,008,925 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/05/15 07:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/05/15 07:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/05/15 07:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/04 15:31:36 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/06/04 15:31:25 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/06/04 15:30:50 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/06/04 15:30:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/06/04 15:28:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/06/04 15:27:22 | 000,000,383 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/06/04 14:43:51 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/11 00:33:06 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/11 00:27:02 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/03/11 00:24:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/03/11 00:23:35 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/12/11 00:05:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/07/18 10:48:04 | 000,000,000 | ---D | M] -- C:\Users\kiunga\AppData\Roaming\Leadertech
[2011/01/03 00:41:51 | 000,000,000 | ---D | M] -- C:\Users\kiunga\AppData\Roaming\uTorrent
[2011/01/02 01:31:53 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/01/01 01:16:06 | 000,009,763 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/03 00:41:33 | 2145,210,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/03 00:41:31 | 2458,992,640 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 22:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 22:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 22:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/07/26 00:20:08 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 07:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 22:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 12:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/19 19:23:15 | 000,000,286 | -HS- | M] () -- C:\Users\kiunga\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2005/02/16 11:06:16 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\kiunga\Desktop\HijackThis.exe
[2010/12/25 01:04:54 | 000,080,384 | ---- | M] () -- C:\Users\kiunga\Desktop\MBRCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2004/12/09 17:23:46 | 000,013,022 | ---- | M] () -- C:\Windows\snp2std.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/07/09 11:32:02 | 000,000,402 | -HS- | M] () -- C:\Users\kiunga\Favorites\desktop.ini
[2010/09/30 14:26:35 | 000,000,264 | ---- | M] () -- C:\Users\kiunga\Favorites\NCH Audio and Telephony Software.lnk
[2010/09/30 14:26:35 | 000,000,228 | ---- | M] () -- C:\Users\kiunga\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/01/03 00:42:07 | 000,000,383 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/09/29 20:26:14 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
[2011/01/03 00:46:22 | 000,008,925 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2009/06/04 15:31:25 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/11 00:33:28 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/06/04 15:30:10 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/11 00:26:49 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/06/04 15:28:04 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/06/04 15:30:50 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/11 00:24:48 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/03/11 00:32:55 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/06/04 15:31:38 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
.......................................................................................................................

Extras.txt in next post.

GRAHAM WESTON · 2011/01/02

Broni,
Extras.txt as follows.

OTL Extras logfile created on: 3/01/2011 12:46:17 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\kiunga\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.92 Gb Total Space | 247.98 Gb Free Space | 86.73% Space Free | Partition Type: NTFS
Drive D: | 12.17 Gb Total Space | 1.95 Gb Free Space | 16.04% Space Free | Partition Type: NTFS

Computer Name: KIUNGA-PC | User Name: kiunga | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E6F35B2B-97B3-4865-A375-6D4409730A05}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F86DDF-C173-404F-AA5A-4BF37A76DC19}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{58116308-9E72-400A-8731-CFEAB8208015}" = protocol=17 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"{842D6A41-0606-4D72-951D-74D03A3162C0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8A64125C-3D4A-4DA3-832E-DEA530CE6912}" = protocol=6 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"{B196E1CB-4D81-4385-B456-C5553F3F2EB6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D6B90731-7B72-41F0-9B72-1AB5FF6FB5E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC0EBD24-7309-4AE9-82CF-A2F02B514239}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F076CD61-ECD8-4376-9BC0-201B7AA4EEE8}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"TCP Query User{1E33340A-F249-4954-B2F7-4A5121C17312}C:\program files\logitech\vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"TCP Query User{60DA5D15-B930-42FB-955E-16E309352A4E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{BFA953F0-D9B2-4B2E-9C0E-BB9E4DE4AFCC}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{DFFCEB07-FDF5-4082-A515-91913244CECE}C:\program files\logitech\vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid\vid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E0E6066-A687-448D-BFC4-D58BE3399C3B}" = SoftStylus
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A1CE85-747B-6A0C-19FE-DFDD0B2DA671}" = ATI Catalyst Install Manager
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FB3B08F0-5245-2336-0655-5256861F0986}" = ccc-utility
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Debut" = Debut Video Capture Software
"ExpressBurn" = Express Burn Disc Burning Software
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Prism" = Prism Video Converter
"PROHYBRIDR" = 2007 Microsoft Office system
"The KMPlayer" = The KMPlayer (remove only)
"ToolBox" = NCH Toolbox
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.0
"WildTangent hp Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2010 8:04:10 PM | Computer Name = kiunga-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2010 11:23:47 AM | Computer Name = kiunga-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/12/2010 9:34:47 PM | Computer Name = kiunga-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/12/2010 10:41:11 AM | Computer Name = kiunga-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 18/12/2010 10:55:38 AM | Computer Name = kiunga-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/12/2010 11:11:22 AM | Computer Name = kiunga-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000374, fault offset 0x000afaf8, process id 0x109c, application
start time 0x01cb9f8d3a93f010.

Error - 19/12/2010 11:12:30 PM | Computer Name = kiunga-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/12/2010 9:51:08 AM | Computer Name = kiunga-PC | Source = EventSystem | ID = 4621
Description =

Error - 20/12/2010 9:19:04 PM | Computer Name = kiunga-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/12/2010 1:57:14 AM | Computer Name = kiunga-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/10/2010 1:22:05 PM | Computer Name = kiunga-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0028)
disappeared from the system without first being prepared for removal.

Error - 11/10/2010 1:22:05 PM | Computer Name = kiunga-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0228)
disappeared from the system without first being prepared for removal.

Error - 11/10/2010 1:22:05 PM | Computer Name = kiunga-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0328)
disappeared from the system without first being prepared for removal.

Error - 11/10/2010 1:22:05 PM | Computer Name = kiunga-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0428)
disappeared from the system without first being prepared for removal.

Error - 14/10/2010 1:28:09 AM | Computer Name = kiunga-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/10/2010 1:32:00 AM | Computer Name = kiunga-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0028)
disappeared from the system without first being prepared for removal.

Error - 14/10/2010 1:32:00 AM | Computer Name = kiunga-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0228)
disappeared from the system without first being prepared for removal.

Error - 14/10/2010 1:32:00 AM | Computer Name = kiunga-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0328)
disappeared from the system without first being prepared for removal.

Error - 14/10/2010 1:32:00 AM | Computer Name = kiunga-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FE103C&REV_00\4&a85ac60&0&0428)
disappeared from the system without first being prepared for removal.

Error - 17/10/2010 1:01:09 PM | Computer Name = kiunga-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

< End of report >

Many thanks. Is it starting to look better now.

Cheers
Graham.

broni · 2011/01/02

You're welcome

I can't see any AV program running, so please install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

By now, you should be OK to give the computer a spin to see, if things are working fine.

===============================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

GRAHAM WESTON · 2011/01/03

Broni, I have downloaded Avira, and done all other scans as requested. ESET did not find any threats. TXT files as requested below.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) deleted successfully.
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: kiunga
->Temp folder emptied: 1030213 bytes
->Temporary Internet Files folder emptied: 55471355 bytes
->Java cache emptied: 27801 bytes
->FireFox cache emptied: 54893219 bytes
->Flash cache emptied: 77487 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8562 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 106.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: kiunga
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01032011_213521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

.................................................................................................................

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````

hope all looks OK now.

Cheers
Graham.

broni · 2011/01/03

Uninstall Java(TM) 6 Update 7 .

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

==============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

GRAHAM WESTON · 2011/01/06

Broni,
have done the updates and run the OTL scan, txt file below. Many thanks for ur work in cleaning this laptop, greatly appreciated. All seems to be running well, and i have also installed Secunia and WOT. hopefully we will not have any more problems. Again, many thanks for your work.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kiunga
->Temp folder emptied: 659332 bytes
->Temporary Internet Files folder emptied: 40963055 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 986 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: kiunga
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01072011_013330

Files\Folders moved on Reboot...
C:\Users\kiunga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG3FQNEO\96950-active-malware-virus-infection[1].htm moved successfully.
C:\Users\kiunga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Users\kiunga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

how does it look now.

Cheers Graham

broni · 2011/01/06

I'm glad to hear good news

Good luck and stay safe

GRAHAM WESTON · 2011/01/07

Broni,
Thank you very much, ur help is greatly appreciated.

Regards
Graham

broni · 2011/01/07

You're very welcome

Log in or Sign up

Solved Malware / Virus Infection

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Malware / Virus Infection

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches