PDA

View Full Version : Many viruses



herself
2009-02-25, 03:29
Deleted 7 viruses but keep coming back...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:00 PM, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rachel Chalmers] C:\Documents and Settings\Rachel Chalmers\Rachel Chalmers.exe /i
O4 - HKCU\..\Run: [PrivacyControls] C:\Program Files\ParetoLogic\Privacy Controls\
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.pembroke.ca/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137432383984
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227461917578&h=00fb2a133cb7254fc03d4ac56e6f1ea4/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - http://static.photobox.co.uk/sg/common/ImageUploader4.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c993819c2f6bac) (gupdate1c993819c2f6bac) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8333 bytes

peku006
2009-02-27, 13:04
Hello and Welcome to Safer Networking,

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

There is no sign of an antivirus installed on your system. There are several reasons for it. Either you have disabled your antivirus or there's no antivirus installed.

If you have disabled it, please re-enable it. If you have no antivirus installed, please get ONE antivirus and install it. Restart the computer for changes to take effect.

avast! 4 Home Edition (http://files.avast.com/iavs4pro/setupeng.exe)
AntiVir Free Edition (http://www.antivir-pe.com/freet/index.php?id=25&domain=free-av.com)

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006

herself
2009-02-28, 02:25
Malwarebytes' Anti-Malware 1.34
Database version: 1807
Windows 5.1.2600 Service Pack 3

27/02/2009 7:20:56 PM
mbam-log-2009-02-27 (19-20-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 151741
Time elapsed: 30 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rachel Chalmers at 2009-02-27 19:23:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (38%) free of 36 GB
Total RAM: 223 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:52 PM, on 27/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rachel Chalmers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Rachel Chalmers\Desktop\Shortcuts\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rachel Chalmers.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk.disabled
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.pembroke.ca/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137432383984
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227461917578&h=00fb2a133cb7254fc03d4ac56e6f1ea4/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - http://static.photobox.co.uk/sg/common/ImageUploader4.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c993819c2f6bac) (gupdate1c993819c2f6bac) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Net Logon Netlogongupdate1c993819c2f6bac (Netlogongupdate1c993819c2f6bac) - Unknown owner - C:\WINDOWS\system32\kdcomf.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 9611 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ParetoLogic Anti-Spyware.job
C:\WINDOWS\tasks\Pareto UNS.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{7755D808-CE09-11DD-BCB6-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{7E48724C-CE09-11DD-BCB6-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{33EC0E1C-CEC6-11DD-BCB7-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{E6B3FF34-CFFA-11DD-BCBC-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{5CB04426-D159-11DD-BCBE-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{B05E622E-D1DC-11DD-BCBF-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{FB23AFE6-D527-11DD-BCC8-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{0FB73DC6-D57B-11DD-BCC9-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{B8E4A5D8-D89F-11DD-BCCC-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{779D0154-D9FA-11DD-BCCF-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{39D16F7A-DAFB-11DD-BCD1-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{BAD41ED6-DB66-11DD-BCD1-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{99571724-DCEA-11DD-BCD3-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{9643CF76-DD14-11DD-BCD4-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{32D5DB42-DDEF-11DD-BCD7-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{E1731130-DE1F-11DD-BCD8-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{C0732D66-DEC0-11DD-BCD8-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{0F069C08-DF5A-11DD-BCD8-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{0E3CC9DE-E0ED-11DD-BCDB-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{0B4D097F-E3A0-11DD-BCE1-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{FB181342-E513-11DD-BCE4-000D0BF78A0E}.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{64075EF0-E990-11DD-BCED-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{96004D5C-E9B5-11DD-BCED-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{6121D6E8-EC7E-11DD-BCF2-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{5C3C6D68-EEA0-11DD-BCF4-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{7CCC3508-EF14-11DD-BCF4-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{30F1A16C-F276-11DD-BCF9-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{C0BB68A6-F306-11DD-BCFB-000D0BF78A0E}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{86F3FA50-F420-11DD-BCFE-00142A96D7BD}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{F36338E2-F595-11DD-BD00-00142A96D7BD}.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1922302795-1254322789-754815182-1006.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{B335411C-FB07-11DD-BD0A-00142A96D7BD}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{DA2E06CE-FF20-11DD-BD15-00142A96D7BD}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{5EF11948-017C-11DE-BD1C-00142A96D7BD}.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{01D52E0C-04A1-11DE-BD29-00142A96D7BD}.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-07-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-20 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-07-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-07-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-28 352256]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXDDCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll []
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-11-13 981904]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2005-01-18 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2005-01-18 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-01-14 1986384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-12-11 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rachel Chalmers^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\Program Files\LimeWire\LimeWire.exe [2008-09-18 147456]

C:\Documents and Settings\Rachel Chalmers\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk.disabled - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\System32\lxddcoms.exe"="C:\WINDOWS\System32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\System32\LEXPPS.EXE"="C:\WINDOWS\System32\LEXPPS.EXE:*:Disabled:LEXPPS"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Documents and Settings\Rachel Chalmers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Rachel Chalmers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Windows Live\Messenger\wlcstart.exe"="C:\Program Files\Windows Live\Messenger\wlcstart.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Mail\wlmail.exe"="C:\Program Files\Windows Live\Mail\wlmail.exe:*:Enabled:Windows Live Mail"
"C:\Program Files\Movie Maker\moviemk.exe"="C:\Program Files\Movie Maker\moviemk.exe:*:Enabled:@C:\Program Files\Movie Maker\1033\wmm2res.dll,-61446"
"C:\WINDOWS\System32\spooIsv.exe"="C:\WINDOWS\System32\spooIsv.exe:*:Disabled:spooIsv"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"
"C:\WINDOWS\System32\winIogon.exe"="C:\WINDOWS\System32\winIogon.exe:LocalSubNet:Enabled:winIogon"
"C:\WINDOWS\System32\SPOOL\drivers\W32X86\3\LXDDtime.exe"="C:\WINDOWS\System32\SPOOL\drivers\W32X86\3\LXDDtime.exe:*:Disabled: "
"C:\WINDOWS\System32\SPOOL\drivers\W32X86\3\lxddPSWX.EXE"="C:\WINDOWS\System32\SPOOL\drivers\W32X86\3\lxddPSWX.EXE:*:Disabled: "
"C:\WINDOWS\System32\SPOOL\drivers\W32X86\3\lxddjswx.exe"="C:\WINDOWS\System32\SPOOL\drivers\W32X86\3\lxddjswx.exe:*:Disabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:BorgListener"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-02-27 18:47:39 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-27 18:47:36 ----D---- C:\Program Files\Alwil Software
2009-02-27 02:03:29 ----RSH---- C:\WINDOWS\system32\kdcomf.exe
2009-02-24 22:15:32 ----SHD---- C:\FOUND.003
2009-02-24 21:51:09 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-02-24 21:51:08 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-02-24 21:51:08 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-02-24 21:51:03 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-02-24 21:51:03 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-02-24 21:51:03 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-02-24 21:51:02 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-02-24 21:51:02 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-02-24 21:51:02 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-02-24 21:49:37 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-02-24 21:49:36 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-02-24 21:49:36 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-02-24 20:26:22 ----D---- C:\WINDOWS\ERDNT
2009-02-24 20:25:30 ----D---- C:\Program Files\ERUNT
2009-02-24 18:01:22 ----HD---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-24 14:51:38 ----SHD---- C:\FOUND.002
2009-02-24 13:38:47 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-23 21:02:09 ----A---- C:\WINDOWS\system32\3ex6CED.tmp.jpg
2009-02-23 05:32:54 ----SHD---- C:\FOUND.001
2009-02-23 02:07:36 ----SHD---- C:\FOUND.000
2009-02-20 12:33:04 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-20 12:32:59 ----D---- C:\Program Files\Google
2009-02-15 15:38:32 ----D---- C:\Documents and Settings\Rachel Chalmers\Application Data\Opera
2009-02-15 15:38:16 ----D---- C:\Program Files\Opera
2009-02-11 21:38:39 ----A---- C:\WINDOWS\system32\Pasted_Data_07f7.txt
2009-02-11 18:01:15 ----HD---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-08 20:34:09 ----A---- C:\WINDOWS\system32\gtv328C.tmp.jpg
2009-02-08 20:33:44 ----A---- C:\WINDOWS\system32\ph0BD8A.tmp.jpg
2009-02-08 20:31:07 ----A---- C:\WINDOWS\system32\2w832E7.tmp.jpg
2009-02-07 22:00:05 ----A---- C:\WINDOWS\system32\1c1197B.tmp.jpg
2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll
2009-01-29 17:14:12 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2009-02-27 02:01:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-11 23:56:18 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-11 18:01:08 ----A---- C:\WINDOWS\imsins.BAK
2009-02-04 22:05:50 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2009-02-04 22:05:34 ----A---- C:\Documents and Settings\All Users\Application Data\updateinfo.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-07-13 11904]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-11-13 353680]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 int15.sys;int15.sys; \??\C:\Program Files\Acer\eRecovery\int15.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2005-03-18 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-03-18 626977]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-04-19 6144]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-07-13 257024]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2005-03-18 32256]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
S2 fips32cup;fips32cup; \??\C:\WINDOWS\system32\drivers\fips32cup.sys []
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S2 port135sik;port135sik; \??\C:\WINDOWS\system32\drivers\port135sik.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-09-29 15360]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-03-26 12800]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-03-26 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-03-26 24832]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-07-05 147456]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-02-14 299008]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZONELABS\vsmon.exe [2008-11-13 2405776]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-02-12 537520]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 gupdate1c993819c2f6bac;Google Update Service (gupdate1c993819c2f6bac); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-20 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-20 182768]
S2 Netlogongupdate1c993819c2f6bac;Net Logon Netlogongupdate1c993819c2f6bac; C:\WINDOWS\system32\kdcomf.exe [2009-02-27 57856]
S3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RogersSelfHelpService;Rogers SHS Service; C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe [2008-05-21 140648]
S3 RogersUpdateManager;Rogers Update Manager; C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-22 163840]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

peku006
2009-02-28, 09:40
Hi herself

Deleted 7 viruses but keep coming back...
Can you tell me which program finds those and where they are located?

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire

I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

1 - Remove bad HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

2 - Update Java

Please download JavaRa (http://prm753.bchea.org/click/click.php?id=9) and unzip it to your desktop.

Double-click on JavaRa.exe to start the program.
Click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
A log file will pop up. Please save it to a convenient location.

Download the latest version of Java Runtime Environment (JRE) 6 Update 12 (http://java.sun.com/javase/downloads/index.jsp).

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.

3 - Clean temp files

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Click Exit on the Main menu to close the program


4 - Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

5 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

6 - Status Check
Please reply with


1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006

herself
2009-02-28, 23:46
I deleted Limewore a few months ago and cant see it in ADD/REMOVE so not sure why it shows?

JavaRa link wouldnt work and Kaspersky stalls at 11% I know it takes a long time so I let it sit for 2 hours just to see if it would finish scanning but it doesnt .
:sad:

peku006
2009-03-01, 11:19
Hi herself

I deleted Limewore a few months ago and cant see it in ADD/REMOVE so not sure why it shows?
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this folder (if present):
C:\Program Files\LimeWire

JavaRa link wouldnt work
When I was trying it worked.

if Kaspersky does not work can try F-Secure

1 - F-Secure Online Scan

Please go to F-Secure website (http://support.f-secure.com/ols3beta/start.html) to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan. Under Virus Scan Options, select the Scan whole system option.
Under Other Scan Options, select these options: Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the F-Secure online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006

herself
2009-03-02, 20:52
I found and deleted the Limewire folder .
tried f-secure it runs for about 2 hours then gives an error message saying something about 'not enough memory '
I downloaded JavaRa to my desktop but dont have a programme to unzip it

Avast antivirus says I have Cutwail trojan:red:

peku006
2009-03-04, 09:23
Avast antivirus says I have Cutwail trojan
Can you tell me where it is located?

dont have a programme to unzip it

How to create and extract a ZIP File (http://www.bleepingcomputer.com/tutorials/tutorial106.html)

OK don't worry about F-Secure , we'll try a different onlinescan

Please go to Eset website (http://www.eset.com/onlinescan/) to perform an online scan. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

Thanks peku006

herself
2009-03-04, 18:15
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3907 (20090304)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=43381bf036bb344591aad4c68f3ba8b2
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-03-04 04:02:07
# local_time=2009-03-04 11:02:07 (-0500, Eastern Standard Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 3
# scanned=297911
# found=1
# scan_time=5240
C:\FOUND.001\FILE0006.CHK a variant of Win32/Wigon.JN trojan 9817F3458282FE9ACAB95047E2C4FA67

peku006
2009-03-04, 18:18
Hi herself

Please download OTListIt2 by OldTimer from Geeks to Go (http://oldtimer.geekstogo.com/OTListIt2.exe). Save it your desktop.
Double click on OTListIt2.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.

Thanks peku006

herself
2009-03-04, 18:31
OTListIt logfile created on: 04/03/2009 11:22:52 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\Rachel Chalmers\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

223.48 Mb Total Physical Memory | 78.81 Mb Available Physical Memory | 35.26% Memory free
740.10 Mb Paging File | 245.64 Mb Available in Paging File | 33.19% Paging File free
Paging file location(s): C:\pagefile.sys 529 529;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.60 Gb Total Space | 14.67 Gb Free Space | 41.20% Space Free | Partition Type: FAT32
Drive D: | 35.98 Gb Total Space | 35.39 Gb Free Space | 98.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAD-MUDDER
Current User Name: Rachel Chalmers
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\ZONELABS\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE ()
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\lxddcoms.exe ( )
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Rachel Chalmers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Rachel Chalmers\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Rachel Chalmers\Local Settings\Temporary Internet Files\Content.IE5\MA0LVTXL\winzip120[1].exe ()

========== Win32 Services (SafeList) ==========

SRV - (aawservice [On_Demand | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apple Mobile Device [On_Demand | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [On_Demand | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (fsssvc [Auto | Running]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gupdate1c993819c2f6bac [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KodakCCS [Auto | Stopped]) -- File not found
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (lxdd_device [On_Demand | Running]) -- C:\WINDOWS\system32\lxddcoms.exe ( )
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RogersSelfHelpService [On_Demand | Stopped]) -- C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe (Rogers Cable Communications)
SRV - (RogersUpdateManager [On_Demand | Stopped]) -- C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe (Rogers Cable Communications)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZONELABS\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (int15.sys [Auto | Running]) -- C:\Program Files\Acer\eRecovery\int15.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ndiscm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (NTIDrvr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (PID_0928 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT25USBAP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt25usbap.sys (Ralink Technology Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\system32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (UBHelper [System | Running]) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost;*.local

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - presf.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.hotmail.com"
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/07/05 18:08:10 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2008/07/05 21:31:48 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2008/07/05 21:31:48 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Rachel Chalmers\Application Data\mozilla\Extensions [2008/07/05 21:32:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Rachel Chalmers\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/07/05 21:32:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Rachel Chalmers\Application Data\mozilla\Firefox\Profiles\iib8i6ew.default\extensions [2008/07/05 21:32:36 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Rachel Chalmers\Application Data\mozilla\Firefox\Profiles\iib8i6ew.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008/12/18 15:02:04 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Rachel Chalmers\Application Data\mozilla\Firefox\Profiles\iib8i6ew.default\extensions\hide.unvisited@agadak.net [2008/12/21 13:22:10 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Rachel Chalmers\Application Data\mozilla\Firefox\Profiles\iib8i6ew.default\extensions\moveplayer@movenetworks.com [2008/07/14 18:05:14 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2008/07/05 21:31:48 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/07/05 21:31:48 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/02/28 04:03:22 00,000,000 | ---D | M]

O1 HOSTS File: (301734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10427 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" (ALWIL Software)
O4 - HKLM..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 (Lexmark International, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Rachel Chalmers\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 54 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.pembroke.ca/ScriptX.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} http://support.f-secure.com/ols3beta/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137432383984 (MUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} http://static.photobox.co.uk/sg/common/ImageUploader4.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {51C55F9E-C308-4c95-89AB-8858D8AFD819} - Reg Error: Value error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/04 11:26:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B7.TMP
[2009/03/04 11:20:56 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rachel Chalmers\Desktop\OTListIt2.exe
[2009/03/04 09:25:04 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/03/02 13:01:10 | 23,440,9984 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/02 13:01:06 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009/03/02 12:51:31 | 00,001,960 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/03/01 17:36:40 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/02/27 22:06:47 | 00,003,942 | ---- | C] () -- C:\Documents and Settings\Rachel Chalmers\My Documents\MEL FEB 27TH 2009.rtf
[2009/02/27 22:04:39 | 00,001,906 | ---- | C] () -- C:\Documents and Settings\Rachel Chalmers\My Documents\MELANIE FEB 27TH 2009.rtf
[2009/02/27 18:48:08 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/02/27 18:48:07 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/02/27 18:48:07 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/02/27 18:48:04 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/02/27 18:48:01 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/02/27 18:48:01 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/02/27 18:48:00 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/02/27 18:48:00 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/02/27 18:47:39 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/27 18:47:39 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/02/27 18:47:36 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/02/27 02:34:04 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{01D52E0C-04A1-11DE-BD29-00142A96D7BD}.job
[2009/02/27 02:03:46 | 00,000,032 | --S- | C] () -- C:\WINDOWS\System32\3518407067.dat
[2009/02/26 17:16:39 | 00,001,522 | ---- | C] () -- C:\Documents and Settings\Rachel Chalmers\Desktop\Mozilla Firefox.lnk
[2009/02/24 22:15:32 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2009/02/24 21:51:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/02/24 21:51:00 | 00,348,371 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/02/24 20:26:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/02/24 20:25:43 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\Rachel Chalmers\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled
[2009/02/24 20:25:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/02/24 14:51:38 | 00,000,000 | -HSD | C] -- C:\FOUND.002
[2009/02/23 21:02:09 | 00,198,243 | ---- | C] () -- C:\WINDOWS\System32\3ex6CED.tmp.jpg
[2009/02/23 19:42:03 | 01,086,156 | ---- | C] () -- C:\WINDOWS\System32\HEALTHcollage.jpg
[2009/02/23 05:32:54 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009/02/23 02:34:15 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{5EF11948-017C-11DE-BD1C-00142A96D7BD}.job
[2009/02/23 02:07:36 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[2009/02/20 17:18:29 | 00,042,959 | ---- | C] () -- C:\WINDOWS\System32\n508601249_1344307_8297[1].jpg
[2009/02/20 12:35:24 | 00,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/02/20 12:33:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/02/20 12:33:02 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/02/20 12:32:59 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/02/20 02:34:06 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{DA2E06CE-FF20-11DD-BD15-00142A96D7BD}.job
[2009/02/15 15:38:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rachel Chalmers\Local Settings\Application Data\Opera
[2009/02/15 15:38:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rachel Chalmers\Application Data\Opera
[2009/02/15 15:38:19 | 00,000,500 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/02/15 15:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/02/14 21:23:59 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{B335411C-FB07-11DD-BD0A-00142A96D7BD}.job
[2009/02/10 16:42:30 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Rachel Chalmers\Local Settings\Application Data\fusioncache.dat
[2009/02/08 20:35:59 | 00,003,164 | ---- | C] () -- C:\WINDOWS\System32\sid......._thumb[1].jpg
[2009/02/08 20:34:09 | 00,002,955 | ---- | C] () -- C:\WINDOWS\System32\gtv328C.tmp.jpg
[2009/02/08 20:33:44 | 00,004,607 | ---- | C] () -- C:\WINDOWS\System32\ph0BD8A.tmp.jpg
[2009/02/08 20:31:07 | 00,157,543 | ---- | C] () -- C:\WINDOWS\System32\2w832E7.tmp.jpg
[2009/02/07 23:07:08 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{F36338E2-F595-11DD-BD00-00142A96D7BD}.job
[2009/02/07 22:00:05 | 00,178,372 | ---- | C] () -- C:\WINDOWS\System32\1c1197B.tmp.jpg
[2009/02/07 20:09:33 | 00,020,659 | ---- | C] () -- C:\WINDOWS\System32\nerrrd.jpg
[2009/02/07 18:57:07 | 00,038,578 | ---- | C] () -- C:\WINDOWS\System32\bushremorse[1].jpg
[2009/02/06 19:03:18 | 00,307,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[2009/02/06 18:52:40 | 00,049,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sirenacm.dll
[2009/02/06 02:34:04 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{86F3FA50-F420-11DD-BCFE-00142A96D7BD}.job
[2009/02/04 16:57:02 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{C0BB68A6-F306-11DD-BCFB-000D0BF78A0E}.job
[2009/02/03 23:42:14 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{30F1A16C-F276-11DD-BCF9-000D0BF78A0E}.job

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/04 11:21:08 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rachel Chalmers\Desktop\OTListIt2.exe
[2009/03/04 10:55:28 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/04 09:46:04 | 00,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1922302795-1254322789-754815182-1006.job
[2009/03/04 08:51:52 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/04 08:50:14 | 00,348,371 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/04 08:49:00 | 00,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/03/04 08:48:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/04 08:48:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/04 08:48:00 | 23,440,9984 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/04 04:24:24 | 05,377,946 | -H-- | M] () -- C:\Documents and Settings\Rachel Chalmers\Local Settings\Application Data\IconCache.db
[2009/03/04 00:33:20 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/03/03 18:00:16 | 00,000,462 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/03/03 18:00:06 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2009/03/02 12:51:34 | 00,001,960 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/03/01 22:32:04 | 00,000,404 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/02/28 03:00:02 | 00,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Spyware.job
[2009/02/27 22:15:12 | 00,003,942 | ---- | M] () -- C:\Documents and Settings\Rachel Chalmers\My Documents\MEL FEB 27TH 2009.rtf
[2009/02/27 22:04:40 | 00,001,906 | ---- | M] () -- C:\Documents and Settings\Rachel Chalmers\My Documents\MELANIE FEB 27TH 2009.rtf
[2009/02/27 18:48:02 | 00,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/27 03:01:36 | 00,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{7755D808-CE09-11DD-BCB6-000D0BF78A0E}.job
[2009/02/27 02:34:06 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{01D52E0C-04A1-11DE-BD29-00142A96D7BD}.job
[2009/02/27 02:03:48 | 00,000,032 | --S- | M] () -- C:\WINDOWS\System32\3518407067.dat
[2009/02/26 17:16:40 | 00,001,522 | ---- | M] () -- C:\Documents and Settings\Rachel Chalmers\Desktop\Mozilla Firefox.lnk
[2009/02/26 16:57:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/24 21:51:18 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/02/24 20:25:44 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\Rachel Chalmers\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled
[2009/02/23 21:02:20 | 00,198,243 | ---- | M] () -- C:\WINDOWS\System32\3ex6CED.tmp.jpg
[2009/02/23 19:44:08 | 01,086,156 | ---- | M] () -- C:\WINDOWS\System32\HEALTHcollage.jpg
[2009/02/23 02:34:16 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{5EF11948-017C-11DE-BD1C-00142A96D7BD}.job
[2009/02/20 17:18:38 | 00,042,959 | ---- | M] () -- C:\WINDOWS\System32\n508601249_1344307_8297[1].jpg
[2009/02/20 02:34:08 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{DA2E06CE-FF20-11DD-BD15-00142A96D7BD}.job
[2009/02/15 15:38:20 | 00,000,500 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/02/14 21:24:00 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{B335411C-FB07-11DD-BD0A-00142A96D7BD}.job
[2009/02/11 23:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/11 18:01:08 | 00,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/10 16:42:32 | 00,000,138 | ---- | M] () -- C:\Documents and Settings\Rachel Chalmers\Local Settings\Application Data\fusioncache.dat
[2009/02/08 20:36:06 | 00,003,164 | ---- | M] () -- C:\WINDOWS\System32\sid......._thumb[1].jpg
[2009/02/08 20:34:16 | 00,002,955 | ---- | M] () -- C:\WINDOWS\System32\gtv328C.tmp.jpg
[2009/02/08 20:33:52 | 00,004,607 | ---- | M] () -- C:\WINDOWS\System32\ph0BD8A.tmp.jpg
[2009/02/08 20:31:20 | 00,157,543 | ---- | M] () -- C:\WINDOWS\System32\2w832E7.tmp.jpg
[2009/02/07 23:07:10 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{F36338E2-F595-11DD-BD00-00142A96D7BD}.job
[2009/02/07 22:00:22 | 00,178,372 | ---- | M] () -- C:\WINDOWS\System32\1c1197B.tmp.jpg
[2009/02/07 20:09:42 | 00,020,659 | ---- | M] () -- C:\WINDOWS\System32\nerrrd.jpg
[2009/02/07 18:57:18 | 00,038,578 | ---- | M] () -- C:\WINDOWS\System32\bushremorse[1].jpg
[2009/02/06 19:03:18 | 00,307,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[2009/02/06 18:52:40 | 00,049,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sirenacm.dll
[2009/02/06 02:34:06 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{86F3FA50-F420-11DD-BCFE-00142A96D7BD}.job
[2009/02/05 16:11:36 | 01,256,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/05 16:08:20 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/02/05 16:07:24 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/02/05 16:05:12 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/02/05 16:04:46 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/02/04 16:57:04 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{C0BB68A6-F306-11DD-BCFB-000D0BF78A0E}.job
[2009/02/04 14:15:12 | 00,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SHSupdates.xml
[2009/02/04 14:12:12 | 00,044,250 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\log.doc
[2009/02/03 23:42:16 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{30F1A16C-F276-11DD-BCF9-000D0BF78A0E}.job
< End of report >

herself
2009-03-04, 18:34
OTListIt Extras logfile created on: 04/03/2009 11:22:52 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\Rachel Chalmers\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

223.48 Mb Total Physical Memory | 78.81 Mb Available Physical Memory | 35.26% Memory free
740.10 Mb Paging File | 245.64 Mb Available in Paging File | 33.19% Paging File free
Paging file location(s): C:\pagefile.sys 529 529;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.60 Gb Total Space | 14.67 Gb Free Space | 41.20% Space Free | Partition Type: FAT32
Drive D: | 35.98 Gb Total Space | 35.39 Gb Free Space | 98.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAD-MUDDER
Current User Name: Rachel Chalmers
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:BorgListener ()
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\WINDOWS\System32\lxddcoms.exe:*:Enabled:Lexmark Communications System ( )
C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor (Lexmark)
C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio ()
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client (Veoh Networks)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\WINDOWS\System32\LEXPPS.EXE:*:Disabled:LEXPPS ()
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)
C:\Documents and Settings\Rachel Chalmers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome (Google Inc.)
C:\Program Files\Windows Live\Messenger\wlcstart.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Mail\wlmail.exe:*:Enabled:Windows Live Mail (Microsoft Corporation)
C:\Program Files\Movie Maker\moviemk.exe:*:Enabled:@C:\Program Files\Movie Maker\1033\wmm2res.dll,-61446 (Microsoft Corporation)
C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE (Microsoft Corporation)
C:\WINDOWS\System32\SPOOL\drivers\W32X86\3\LXDDtime.exe:*:Disabled: (Lexmark International, Inc.)
C:\WINDOWS\System32\SPOOL\drivers\W32X86\3\lxddPSWX.EXE:*:Disabled: ()
C:\WINDOWS\System32\SPOOL\drivers\W32X86\3\lxddjswx.exe:*:Disabled: ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{068158C0-3719-4D6E-B01E-A61077D10DAF}" = NTI Burner Database
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63
"{2E63BD12-932B-42F5-86B9-5E05BCA1DC3E}" = ParetoLogic Privacy Controls
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A0EF44E-1DDD-12F3-2321-75972B1CF0D8}" = Multiply AutoUploader
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}" = Nokia Connectivity Cable Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{D5577624-0626-4C4B-87AA-D966DA1739D6}" = Nokia PC Suite
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast!" = avast! Antivirus
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1" = Multiply AutoUploader
"Eraser" = Eraser
"ERUNT_is1" = ERUNT 1.1j
"EsetOnlineScanner" = ESET Online Scanner
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{068158C0-3719-4D6E-B01E-A61077D10DAF}" = NTI Burner Database
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"ParetoLogic Anti-Spyware" = ParetoLogic Anti-Spyware
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Rogers Self Help Software" = Rogers Self Help Software 4053
"Rogers Update Manager" = Rogers Update Manager
"Rogers Yahoo! Applications" = Rogers Yahoo! Applications
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Smart Defrag_is1" = Smart Defrag 1.10
"WIC" = Windows Imaging Component
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XoftSpySE" = XoftSpySE
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 28/02/2009 7:46:46 PM | Computer Name = MAD-MUDDER | Source = avast! | ID = 33554522
Description =

Error - 03/03/2009 10:09:22 PM | Computer Name = MAD-MUDDER | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 26/02/2009 2:44:21 AM | Computer Name = MAD-MUDDER | Source = Application Error | ID = 1000
Description = Faulting application wlcsdk.exe, version 14.0.8064.206, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 26/02/2009 6:22:33 PM | Computer Name = MAD-MUDDER | Source = Application Error | ID = 1000
Description = Faulting application crashreporter.exe, version 1.9.0.3306, faulting
module kernel32.dll, version 5.1.2600.5512, fault address 0x0000b046.

Error - 28/02/2009 9:45:14 AM | Computer Name = MAD-MUDDER | Source = ESENT | ID = 489
Description = wuauclt (1828) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 28/02/2009 9:45:17 AM | Computer Name = MAD-MUDDER | Source = ESENT | ID = 455
Description = wuaueng.dll (1828) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 28/02/2009 9:45:28 AM | Computer Name = MAD-MUDDER | Source = ESENT | ID = 489
Description = wuauclt (1828) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 28/02/2009 9:45:28 AM | Computer Name = MAD-MUDDER | Source = ESENT | ID = 455
Description = wuaueng.dll (1828) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 01/03/2009 9:27:16 PM | Computer Name = MAD-MUDDER | Source = ESENT | ID = 454
Description = wlcomm (1008) Database recovery/restore failed with unexpected error
-1011.

Error - 02/03/2009 12:06:30 AM | Computer Name = MAD-MUDDER | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8064.206, faulting
module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.

Error - 02/03/2009 10:47:43 AM | Computer Name = MAD-MUDDER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module fsgkiapi.dll, version 8.0.14180.4202, fault address 0x0000ed2e.

Error - 04/03/2009 10:18:48 AM | Computer Name = MAD-MUDDER | Source = Windows Live Messenger | ID = 1000
Description =

[ System Events ]
Error - 04/03/2009 9:53:54 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 04/03/2009 9:54:30 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 04/03/2009 9:54:30 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 04/03/2009 9:55:10 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 04/03/2009 9:55:10 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 04/03/2009 9:55:44 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 04/03/2009 9:55:44 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 04/03/2009 9:56:17 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 04/03/2009 9:56:18 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 04/03/2009 10:01:03 AM | Computer Name = MAD-MUDDER | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

peku006
2009-03-05, 11:53
Hi herself

Download and Run OTMoveIt3

Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.

:files
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001
C:\FOUND.000


Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3

Please reply with

the OTMoveIt3.log
How's the computer running now? Any problems?

Thanks peku006

herself
2009-03-06, 01:00
========== FILES ==========
C:\FOUND.003 moved successfully.
C:\FOUND.002 moved successfully.
C:\FOUND.001 moved successfully.
C:\FOUND.000 moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 030

Seems to be running ok now thankyou :)

peku006
2009-03-06, 13:50
Hi herself

Congratulations, your log looks clean! :yahoo:

Next we remove all used tools.
Delete RSIT from your desktop, also delete this folder C:\rsit.


Double-click OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)

Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)

Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.


Happy safe surfing! :bigthumb:

herself
2009-03-06, 17:39
Thankyou Peku006 ! It seems to be ok now .:D::bigthumb:

I have a question but not sure if its related to Malware ?
When I start the computer I get an icon in the task bar bottom right corner to remove hardware ,
when I click on it it says ''safetly remove USB mass storage device drives ( F:G:H:I)''
I don't have a storage device pluged into my computer.
It only showed up after someone plugged in an external hardware device and then removed it ,that was months ago .... now it shows up everytime I start the computer as if its still reading it ?

peku006
2009-03-06, 18:08
Hi herself

I am not an expert at this type of problem. I would suggest that you go to one of the forums below that specialize in more general computer problems. They have people that know more about this sort of problem because it does not seem to be a malware problem.

Good Hardware and Software Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require you to register free before posting for help.

herself
2009-03-06, 19:57
Thankyou Peku :D:

peku006
2009-03-07, 12:17
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.