Help with 13.ATHP please

[8abcbp]

c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a585\info.iad
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\_bwattrs.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\_bwfiles.txt
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\_bwfindx.zip
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\2005\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\2005\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\2005\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\2006\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\2006\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\2006\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\2006\desktop.ico
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\fiav\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\fiav\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\fiav\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\fiis\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\fiis\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\fiis\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\info.iad
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\main.wkg
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\MS CD\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\MS CD\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\MS CD\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\PEX 470\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\PEX 470\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\PEX 470\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\PEX 471\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\PEX 471\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\PEX 471\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\Solarsoft\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\Solarsoft\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\Solarsoft\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\sveav\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\sveav\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\sveav\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\sveis\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\sveis\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\sveis\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\telmex_av\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\telmex_av\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a5e3\telmex_av\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\_bw_info.tmp
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\_bwattrs.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\_bwfiles.txt
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\_bwfiles.zip
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\_bwfindx.zip
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\_bwipak.bwz
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\_bwncdesc.zip
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\avp.vnd
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\BW_datapak.bif
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\BW_datapak.bis
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\fssign2.def
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\gen001.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\info.iad
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\krndos.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\krnjava.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\ocr.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\orioneng.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\orionfin.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\sign.def
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\troj011.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\troj012.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\troj017.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\troj021.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\unp008.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\unp011.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\unp017.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\unp020.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus002.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus004.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus005.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus006.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus007.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus009.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus013.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus015.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus018.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\virus019.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\worm002.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\worm004.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\1060a6ae\worm999.avc
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\BWEvents.txt
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\chninfo.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\ChnReg.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\cluster.cfg
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\segrules.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\Stats.tmp
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\UserProf.bak
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\6278\UserProf.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\background.gif
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\browser.htm
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\bwsetup.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\cache.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\cert.db
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chandir.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chandir.idx
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chn.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\chn.idx
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\DefPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\desktop-4476822.ico
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\desktop.ico
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\fsbwce.log
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\fsbweng.log
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\fsbwupst.log
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\GenFlash\1\gen.bif
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\GenFlash\1\gen.bis
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\GenFlash\1\info.iad
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\HostCache.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\InfoCenter.GIF
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\InfoCenter.htm
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\inuse.txt
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\L0000001.FCS
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\main.log
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs.idx
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_die.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_die.idx
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_dnd.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_dnd.idx
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_ext.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_ext.idx
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_rcv.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\prs_rcv.idx
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\S0000000.FCS
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\S0000001.FCS
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\shopping.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\storydb.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\storydb.idx
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\test.txt
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\UpgradePubKey.txt
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\UsrPrefs.ini
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Data\wg1.wkg
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Misc\Backup\chandir.dat
c:\program files\F-Secure Internet Security\backweb\4476822\Users\Default\Misc\Backup\chandir.idx
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsbw\banner_setup_370x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsbw\banner_setup_492x74.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsbw\fsbwres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsbw\ico_uninstall.ico
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-csy.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-dan.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-deu.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-ell.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-eng.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-esn.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-fin.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-fra.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-hun.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-ita.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-nld.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-nor.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-plk.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-ptb.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-ptg.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-slv.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-sve.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres-trk.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\fsma\fsmres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\gui\gres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\help\banner.gif
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\help\helpinst.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\Common\help\splash.jpg
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\common\banner_vs_common_422x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\advanced\banner_advanced_591x59.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\advanced\banner_advanced_788x72.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\advanced\fsavauires.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\dialogs\e-mail\banner_email_scan_rprt_582x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\dialogs\e-mail\fsesres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\dialogs\scan_clean\background.bmp_380x392.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\dialogs\scan_clean\fsavures.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\dialogs\securitynews\banner_virus_news_422x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\dialogs\securitynews\fsavvnres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\flyer\flyer.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\banner_level_369x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\banner_level_492x74.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\banner_main_563x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\banner_main_750x74.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-csy.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-dan.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-deu.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-ell.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-eng.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-esn.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-fin.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-fra.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-hun.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-ita.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-nld.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-nor.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-plk.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-ptb.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-ptg.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-slv.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-sve.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres-trk.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\main\fsavgres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\fsgui\plugins\virusspy\ieshield.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\splash\avabtres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\splash\bmp_about_406x259.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\splash\bmp_splash_208x320.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\start-up wizard\banner_start-up_563x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\start-up wizard\banner_start-up_750x74.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\start-up wizard\bmp_background_353x340.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\start-up wizard\fsswgres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\tnb\banner_tnb_458x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\tnb\banner_tnb_610x74.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FAV\tnb\tnbutil.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\common\banner_vs_common_422x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\advanced\banner_advanced_591x59.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\advanced\banner_advanced_788x72.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\advanced\fsavauires.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\dialogs\alert_application\banner_alert_458x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\dialogs\alert_application\banner_app_cont_458x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\dialogs\alert_application\fsdfwpi2.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\dialogs\e-mail\banner_email_scan_rprt_582x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\dialogs\e-mail\fsesres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\dialogs\scan_clean\background.bmp_380x392.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\dialogs\scan_clean\fsavures.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\dialogs\securitynews\banner_virus_news_422x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\dialogs\securitynews\fsavvnres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\flyer\flyer.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\banner_level_369x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\banner_level_492x74.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\banner_main_563x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\banner_main_750x74.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-csy.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-dan.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-deu.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-ell.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-eng.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-esn.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-fin.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-fra.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-hun.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-ita.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-nld.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-nor.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-plk.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-ptb.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-ptg.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-slv.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-sve.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres-trk.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\main\fsavgres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\plugins\parental\fshttps.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\plugins\parental\fspcinst.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\plugins\parental\fspcmsie.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\plugins\spam\fsscmso.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\fsgui\plugins\virusspy\ieshield.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\splash\avabtres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\splash\bmp_about_406x259.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\splash\bmp_splash_208x320.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\start-up wizard\banner_start-up_563x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\start-up wizard\banner_start-up_750x74.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\start-up wizard\bmp_background_353x340.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\start-up wizard\fsswgres.custom
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\tnb\banner_tnb_458x60.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\tnb\banner_tnb_610x74.bmp
c:\program files\F-Secure Internet Security\Common\custom\custom1\FIS\tnb\tnbutil.custom
c:\program files\F-Secure Internet Security\Common\custom\uninst.log
c:\program files\F-Secure Internet Security\Common\fsbw.cr
c:\program files\F-Secure Internet Security\Common\fsbw.dpf
c:\program files\F-Secure Internet Security\Common\fsbwares.csy
c:\program files\F-Secure Internet Security\Common\fsbwares.dan
c:\program files\F-Secure Internet Security\Common\fsbwares.deu
c:\program files\F-Secure Internet Security\Common\fsbwares.ell
c:\program files\F-Secure Internet Security\Common\fsbwares.eng
c:\program files\F-Secure Internet Security\Common\fsbwares.esn
c:\program files\F-Secure Internet Security\Common\fsbwares.fin
c:\program files\F-Secure Internet Security\Common\fsbwares.fra
c:\program files\F-Secure Internet Security\Common\fsbwares.hun
c:\program files\F-Secure Internet Security\Common\fsbwares.ita
c:\program files\F-Secure Internet Security\Common\fsbwares.nld
c:\program files\F-Secure Internet Security\Common\fsbwares.nor
c:\program files\F-Secure Internet Security\Common\fsbwares.plk
c:\program files\F-Secure Internet Security\Common\fsbwares.ptb
c:\program files\F-Secure Internet Security\Common\fsbwares.ptg
c:\program files\F-Secure Internet Security\Common\fsbwares.slv
c:\program files\F-Secure Internet Security\Common\fsbwares.sve
c:\program files\F-Secure Internet Security\Common\fsbwares.trk
c:\program files\F-Secure Internet Security\Common\fsbwih.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BACKWEB_PLUG-IN_-_4476822
-------\Legacy_FSBWSYS
-------\Service_BackWeb Plug-in - 4476822
-------\Service_fsbwsys


((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-19 11:01 . 2009-07-02 07:59 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-19 11:01 . 2009-07-02 08:00 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-18 13:47 . 2009-07-18 13:47 -------- d-----w- c:\program files\Trend Micro
2009-07-18 06:40 . 2009-07-18 06:40 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-18 06:40 . 2009-07-19 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-18 06:40 . 2009-07-19 05:49 -------- d-----w- c:\program files\NOS
2009-07-14 20:41 . 2009-07-14 20:41 -------- d-----w- c:\program files\ERUNT
2009-07-14 15:56 . 2009-07-14 15:56 -------- d-----w- C:\Rooter$
2009-07-11 19:32 . 2009-07-02 08:00 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-11 19:32 . 2009-07-02 08:00 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-11 19:32 . 2009-07-02 08:00 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-11 19:32 . 2009-07-11 19:31 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-11 19:32 . 2009-07-02 08:00 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-11 19:32 . 2009-07-02 07:59 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-11 19:32 . 2009-07-02 07:59 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-11 19:32 . 2009-07-02 07:59 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-11 19:32 . 2009-07-02 07:59 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-11 19:30 . 2009-07-02 07:59 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-11 19:30 . 2009-07-02 07:59 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-07 14:16 . 2009-07-13 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\14334684
2009-07-07 14:15 . 2009-07-07 14:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-29 14:32 . 2009-06-29 14:32 -------- d-----w- c:\documents and settings\user\Application Data\Virgin Broadband
2009-06-29 14:32 . 2009-06-29 14:32 -------- d-----w- c:\program files\Virgin Broadband
2009-06-29 14:32 . 2009-06-29 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-06-27 15:47 . 2009-06-27 15:47 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 14:13 . 2006-04-09 19:03 -------- d-----w- c:\program files\Electronic Arts
2009-07-18 14:10 . 2007-09-15 15:04 -------- d-----w- c:\documents and settings\user\Application Data\Teleca
2009-07-18 14:10 . 2006-06-28 16:18 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-07-18 14:03 . 2007-12-27 09:05 -------- d-----w- c:\documents and settings\user\Application Data\Samsung
2009-07-18 07:19 . 2009-03-06 20:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 07:19 . 2005-07-02 11:54 -------- d-----w- c:\program files\Java
2009-07-18 06:52 . 2002-08-23 01:02 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-18 06:29 . 2002-08-23 00:46 -------- d-----w- c:\program files\Common Files\Real
2009-07-16 16:34 . 2009-02-27 08:44 -------- d-----w- c:\documents and settings\user\Application Data\Spotify
2009-07-14 20:27 . 2007-07-26 00:13 -------- d-----w- c:\program files\DivX
2009-07-14 16:29 . 2005-07-01 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-14 16:29 . 2005-07-01 21:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-11 19:31 . 2008-12-08 09:41 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-07 14:38 . 2008-12-08 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-02 08:00 . 2008-12-08 09:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 08:00 . 2006-12-05 17:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2002-08-23 10:25 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2002-08-23 10:24 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 07:12 . 2005-07-11 18:11 -------- d-----w- c:\program files\Google
2009-06-07 13:53 . 2005-11-22 16:43 -------- d-----w- c:\documents and settings\user\Application Data\PC Suite
2009-06-03 19:27 . 2002-08-23 10:25 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:15 . 2002-08-29 06:14 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 08:57 . 2008-12-08 09:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:44 . 2002-08-23 10:24 344064 ----a-w- c:\windows\system32\localspl.dll
2005-05-11 18:39 . 2005-07-01 11:23 41578 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2005-05-11 18:40 . 2005-07-01 11:23 48228 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2005-05-11 18:39 . 2005-07-01 11:23 159340 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-17_12.08.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 07:36 . 2009-07-21 07:36 40960 c:\windows\temp\rtdrvmon.exe
+ 2009-07-21 07:36 . 2009-07-21 07:36 16384 c:\windows\temp\Perflib_Perfdata_508.dat
+ 2009-07-18 15:42 . 2009-07-18 15:42 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2009-03-06 20:41 . 2009-03-06 20:41 148888 c:\windows\system32\javaws.exe
+ 2009-07-18 07:19 . 2009-07-18 07:19 148888 c:\windows\system32\javaws.exe
+ 2009-07-18 07:19 . 2009-07-18 07:19 144792 c:\windows\system32\javaw.exe
- 2009-03-06 20:41 . 2009-03-06 20:41 144792 c:\windows\system32\javaw.exe
+ 2009-07-18 07:19 . 2009-07-18 07:19 144792 c:\windows\system32\java.exe
- 2009-03-06 20:41 . 2009-03-06 20:41 144792 c:\windows\system32\java.exe
+ 2009-07-18 07:19 . 2009-07-18 07:19 1563648 c:\windows\Installer\9fa55.msi
+ 2009-07-18 06:53 . 2009-07-18 06:53 3938816 c:\windows\Installer\1e472.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 08:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorrectConnect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorrectConnect.lnk
backup=c:\windows\pss\CorrectConnect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashden^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\Ashden\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\NETGEAR\\WG111v2\\WG111v2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/12/2008 10:41 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/12/2008 10:41 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/12/2008 10:41 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/12/2008 10:41 298776]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [06/10/2007 09:05 729416]
S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [11/10/2007 21:46 61600]
S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [12/10/2007 17:58 9392]
S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [12/10/2007 17:58 97152]
S3 sea3mgmt;Sony Ericsson Device 0A3 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea3mgmt.sys [29/10/2007 17:32 88656]
S3 sea3obex;Sony Ericsson Device 0A3 USB WMC OBEX Interface;c:\windows\system32\drivers\sea3obex.sys [28/10/2007 00:08 86464]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-07-21 c:\windows\Tasks\User_Feed_Synchronization-{714F03FE-5240-49DC-A08A-034F406D58A1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
IE: &Search - ?p=ZUman000
Trusted Zone: bet365.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} - hxxp://www.riverbelle.co.uk/download_helper/Nyoko.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\yeh0ch5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 08:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(492)
c:\windows\system32\RtlGina2.dll
c:\windows\system32\WlNotify.dll

- - - - - - - > 'explorer.exe'(832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-21 8:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-21 07:46
ComboFix2.txt 2009-07-21 06:30
ComboFix3.txt 2009-07-19 15:25
ComboFix4.txt 2009-07-18 07:41
ComboFix5.txt 2009-07-21 07:20

Pre-Run: 35,152,883,712 bytes free
Post-Run: 35,047,350,272 bytes free

1057 --- E O F --- 2009-07-15 06:32

 

[Blade81]

Good. Looks like something was wrong in earlier runs since this script, that I provided, gave the results I was expecting to see . Please post a fresh dds.txt log too.

 

[8abcbp]

DDS (Ver_09-06-26.01) - NTFSx86
Run by user at 17:07:52.12 on 21/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.571 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
IE: &Search - ?p=ZUman000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: bet365.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://www.cult3d.com/download/cult.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} - hxxp://www.riverbelle.co.uk/download_helper/Nyoko.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://sell-vehicle.ebay.co.uk/images/eps/eBay_Enhanced_Picture_Control_v1-0-3-50.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120217688859
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup160.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yeh0ch5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-8 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-8 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-8 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-8 298776]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-10-6 40264]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-10-6 57672]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-10-6 82248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2007-10-6 729416]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\swdsvc.exe [2007-10-6 1407816]
S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-10-11 61600]
S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-10-12 9392]
S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-10-12 97152]
S3 sea3mgmt;Sony Ericsson Device 0A3 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea3mgmt.sys [2007-10-29 88656]
S3 sea3obex;Sony Ericsson Device 0A3 USB WMC OBEX Interface;c:\windows\system32\drivers\sea3obex.sys [2007-10-28 86464]

=============== Created Last 30 ================

2009-07-18 14:47 <DIR> --d----- c:\program files\Trend Micro
2009-07-18 08:19 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-17 13:09 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-17 12:44 <DIR> a-dshr-- C:\cmdcons
2009-07-17 12:41 219,648 a------- c:\windows\PEV.exe
2009-07-17 12:41 161,792 a------- c:\windows\SWREG.exe
2009-07-17 12:41 98,816 a------- c:\windows\sed.exe
2009-07-15 07:28 1,374 a------- c:\windows\imsins.BAK
2009-07-14 16:56 <DIR> --d----- C:\Rooter$
2009-07-07 15:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\14334684
2009-06-29 15:32 <DIR> --d----- c:\docume~1\user\applic~1\Virgin Broadband
2009-06-29 15:32 <DIR> --d----- c:\program files\Virgin Broadband
2009-06-29 15:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Virgin Broadband
2009-06-27 16:47 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-22 14:42 26 a------- c:\windows\Zone.Identifier

==================== Find3M ====================

2009-07-18 08:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-11 20:31 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 09:00 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 15:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 20:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 16:44 344,064 a------- c:\windows\system32\localspl.dll
2009-02-15 12:22 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-02-15 12:22 88 ---shr-- c:\docume~1\alluse~1\applic~1\15597652B6.sys
2008-11-10 16:11 148 a------- c:\documents and settings\user\delself.bat
2008-03-03 20:16 606 a------- c:\docume~1\user\applic~1\filterclsid.dat
2008-09-18 17:58 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 17:09:09.35 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 01/07/2005 11:50:30
System Uptime: 21/07/2009 13:30:30 (4 hours ago)

Motherboard: TriGem Computer, Inc. | | Imperial
Processor: Intel(R) Celeron(R) CPU 2.00GHz | WMT478/NWD | 1993/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 32.58 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N80
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6230i
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0002
Manufacturer: Nokia
Name: Nokia 6500s-1
PNP Device ID: ROOT\WPD\0002
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0003
Manufacturer: Nokia
Name: Nokia 6500c
PNP Device ID: ROOT\WPD\0003
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0004
Manufacturer: Nokia
Name: Nokia 6500s-1
PNP Device ID: ROOT\WPD\0004
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0005
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0005
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6300
Device ID: ROOT\WPD\0006
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0006
Service: WUDFRd

==== System Restore Points ===================

RP1: 17/07/2009 18:53:38 - System Checkpoint
RP2: 18/07/2009 07:25:11 - Removed Adobe Flash Player 10 Plugin.
RP3: 18/07/2009 07:25:57 - Removed Adobe Reader 7.0.9
RP4: 18/07/2009 07:27:14 - Removed ABBYY FineReader 5.0 Sprint
RP5: 18/07/2009 07:47:33 - Removed Sony Ericsson PC Suite
RP6: 18/07/2009 07:50:43 - Installed Adobe Reader 9.1.
RP7: 18/07/2009 08:01:34 - Removed J2SE Runtime Environment 5.0 Update 1
RP8: 18/07/2009 08:02:32 - Removed J2SE Runtime Environment 5.0 Update 2
RP9: 18/07/2009 08:04:05 - Removed Java(TM) 6 Update 11
RP10: 18/07/2009 08:05:22 - Removed J2SE Runtime Environment 5.0 Update 6
RP11: 18/07/2009 08:06:32 - Removed J2SE Runtime Environment 5.0 Update 4
RP12: 18/07/2009 08:19:05 - Installed Java(TM) 6 Update 14
RP13: 18/07/2009 15:02:36 - Removed Samsung PC Studio 3
RP14: 18/07/2009 15:03:52 - Removed Samsung PC Studio 3 USB Driver Installer
RP15: 18/07/2009 15:06:16 - Removed Sony Ericsson PC Suite
RP16: 19/07/2009 12:01:34 - Avg8 Update
RP17: 20/07/2009 14:24:48 - System Checkpoint

==== Installed Programs ======================

Abacast Client
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Apple Mobile Device Support
Apple Software Update
Avance AC'97 Audio
AVG Free 8.5
CCleaner (remove only)
Conexant SoftK56 Modem(M)
Critical Update for Windows Media Player 11 (KB959772)
ERUNT 1.1j
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Image Resizer Powertoy for Windows XP
iTunes
Java(TM) 6 Update 14
Lexmark 1200 Series
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My DSC
Nero Suite
NETGEAR WG111v2 wireless USB 2.0 adapter
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
PC Connectivity Solution
PL-2303 USB-to-Serial
QuickTime
SAMSUNG CDMA Modem Driver Set
Samsung PC Studio
Search Settings
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Spotify
Spyware Doctor 5.0
TomTom HOME
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Virgin Broadband advisor 1.5.24
WebFldrs XP
Windows Defender Signatures
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

==== Event Viewer Messages From Past Week ========

21/07/2009 13:38:56, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
21/07/2009 08:29:51, error: Service Control Manager [7034] - The fsbwsys service terminated unexpectedly. It has done this 1 time(s).
21/07/2009 07:30:23, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
21/07/2009 07:08:31, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
21/07/2009 07:07:18, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip
21/07/2009 07:07:18, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 07:07:18, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 07:07:18, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 07:07:18, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2009 07:06:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/07/2009 06:34:24, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the F-Secure Anti-Virus 2006 service to connect.
20/07/2009 06:34:24, error: Service Control Manager [7000] - The F-Secure Anti-Virus 2006 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

 

[Blade81]

Hi,

Install update 9.1.2 for Adobe Reader from here. How's the system running now?

 

[8abcbp]

Hi, PC is running superbly now, prbably better than it ever has. Also bear in mind it is about five years old and has never had anything done to it like this before, so thank you very very much.

regatrds

PSL

 

[Blade81]

Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

• Click START then RUN
• Now type "c:\documents and settings\user\Desktop\CF.exe" /u in the runbox and click OK

DDS and related logs can be removed too.

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
  If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!). Both providers have support forums that help with configuration related questions.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

 

[8abcbp]

Hi,

Many thanks again for what you've done. Have gone through the last set of instructions but there seems to be a problem in updating from Microsoft. in the set of updates available after installing service pack 3, on restart IE reverted back to version 7 and all my settings passwords & email were lost. So I did a system restore which put everything back tothe way it was in IE v.8. Should I have just continued updating?

NB. PC still running super fast!

 

[Blade81]

You're welcome

Should I have just continued updating?

I recommend to have those passwords etc backuped and then attempt to install the updates available.

 

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.