Can anyone help? Uploading lots again

mrsJeckyl

In the "add or remove programs" it also lists "Nvidia drivers". In the control panel it also mentions "Nvidia Control panel" and "Nvidia nview desktop manager"

gaming_guy

Just uninstall the network access manager...the other nvidia bits and bobs are to do with the graphics card

mrsJeckyl

Ok, I have left the other bits. Just waiting for Malware to finish

mrsJeckyl

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4169
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
04/06/2010 17:15:53
mbam-log-2010-06-04 (17-15-53).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 277358
Time elapsed: 59 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\dpnwhdtm.sys (Rootkit.Agent) -> Delete on reboot.

will reboot computer now.

mrsJeckyl

Then you can begin removing the Toolbars.. and fixing this: O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

It won't let me delete this file.

aliEnRIK

Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)

mrsJeckyl

Sorry, I went out last night.

ComboFix 10-06-03.01 - owner 05/06/2010 17:18:25.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1243 [GMT 1:00]
Running from: c:\documents and settings\owner\Desktop\qwerty.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
c:\windows\system32\driVERs\dpnwhdtm.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

\Legacy_dpnwhdtm

---

\Service_dpnwhdtm

((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.
2010-06-03 19:29 . 2010-06-03 19:29

---

d

---

w- c:\documents and settings\owner\Application Data\Skinux
2010-06-03 18:14 . 2010-06-03 18:14

---

d

---

w- c:\program files\Common Files\Scanner
2010-06-03 18:14 . 2010-06-03 18:17

---

d

---

w- c:\program files\CA Yahoo! Anti-Spy
2010-06-03 08:09 . 2010-06-03 08:09

---

d

---

w- C:\$AVG
2010-06-03 07:54 . 2010-06-03 07:54 29512 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-03 07:54 . 2010-06-03 07:54 242896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 07:33 . 2010-06-05 16:09

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9
2010-05-30 17:35 . 2010-05-30 17:35 61440 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1b9f6725-n\decora-sse.dll
2010-05-30 17:35 . 2010-05-30 17:35 503808 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d4f3fa9-n\msvcp71.dll
2010-05-30 17:35 . 2010-05-30 17:35 499712 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d4f3fa9-n\jmc.dll
2010-05-30 17:35 . 2010-05-30 17:35 348160 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d4f3fa9-n\msvcr71.dll
2010-05-30 17:35 . 2010-05-30 17:35 12800 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1b9f6725-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 16:29 . 2007-03-09 14:59

---

d

---

w- c:\program files\Lx_cats
2010-06-05 16:28 . 2010-01-19 14:08 720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-06-04 15:35 . 2006-10-23 09:43

---

d

---

w- c:\program files\InstallShield Installation Information
2010-06-03 07:33 . 2008-08-28 14:01

---

d

---

w- c:\program files\AVG
2010-06-03 07:22 . 2010-02-16 09:46

---

d

---

w- c:\documents and settings\owner\Application Data\Virgin Media
2010-06-03 07:22 . 2010-02-16 09:46

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Virgin Media
2010-06-03 07:22 . 2010-02-16 09:46

---

d

---

w- c:\program files\Virgin Media
2010-06-01 05:32 . 2010-02-16 09:46

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Radialpoint
2010-05-26 14:08 . 2009-05-28 16:40

---

d

---

w- c:\program files\CCleaner
2010-05-12 10:42 . 2010-01-16 11:40

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-05-06 14:31 . 2010-05-06 13:45

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2010-05-06 13:45 . 2010-05-06 13:45

---

d

---

w- c:\documents and settings\owner\Application Data\Yahoo!
2010-05-06 11:20 . 2010-05-06 11:20 388096 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-06 11:20 . 2010-05-06 11:20

---

d

---

w- c:\program files\Trend Micro
2010-05-06 09:24 . 2010-05-06 09:24

---

d

---

w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-05-06 09:24 . 2010-05-06 09:24

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 09:24 . 2010-05-06 09:24

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-04-29 14:39 . 2010-05-06 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-05-06 09:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 17:24 . 2006-10-23 09:28

---

d

---

w- c:\program files\Common Files\Java
2010-04-21 16:49 . 2010-04-21 16:49 503808 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\msvcp71.dll
2010-04-21 16:49 . 2010-04-21 16:49 499712 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\jmc.dll
2010-04-21 16:49 . 2010-04-21 16:49 348160 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\msvcr71.dll
2010-04-21 16:49 . 2010-04-21 16:49 12800 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56acedb4-n\decora-d3d.dll
2010-04-21 16:49 . 2010-04-21 16:49 61440 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56acedb4-n\decora-sse.dll
2010-04-21 16:48 . 2006-10-23 09:28

---

d

---

w- c:\program files\Java
2010-04-21 07:07 . 2009-07-31 16:50

---

d

---

w- c:\program files\thinkbroadband.com
2010-04-12 16:29 . 2010-04-21 16:49 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-11 21:45 . 2010-04-11 21:45 16 ----a-w- c:\documents and settings\owner\Application Data\jasltw.dat
2010-04-04 06:28 . 2010-04-04 06:27 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
2010-04-02 21:12 . 2010-04-02 21:12 16 ----a-w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\jasltw.dat
2010-03-10 06:15 . 2008-04-15 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-05-06_14.22.48"]SnapShot@2010-05-06_14.22.48[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-05 16:28 . 2010-06-05 16:28 16384 c:\windows\Temp\Perflib_Perfdata_130.dat
+ 2008-04-15 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-04-15 12:00 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2010-05-14 06:01 . 2010-05-14 06:01 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-15 16:58 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2010-01-15 16:58 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
- 2010-01-15 16:58 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-01-15 16:58 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-06-03 07:33 . 2010-06-03 07:33 424448 c:\windows\Installer\90067.msi
- 2010-01-16 11:42 . 2010-04-15 02:04 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2006-04-14 12:09 . 2006-04-14 12:09 188968 c:\windows\Downloaded Program Files\yinsthelper.dll
+ 2004-08-09 21:00 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2004-08-09 21:00 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-10-16 06:08 . 2009-10-16 06:08 2237952 c:\windows\Installer\11323ab.msp
- 2010-01-16 11:42 . 2010-04-15 02:04 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-16 17:27 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"nwiz"="nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LXCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="c:\program files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="c:\program files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"tbbMeter"="c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe" [2009-11-22 688648]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-01-22 10:16 33603584 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [16/02/2010 10:46 668912]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [27/03/2009 01:25 1086208]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 01:44 135664]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 14:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 14:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 14:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 14:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 14:54 98568]
.
Contents of the 'Scheduled Tasks' folder
2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:44]
2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:44]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://uk.yahoo.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.

---

Other Running Processes

---

.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\windows\system32\lxcdcoms.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2010-06-05 17:33:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-05 16:33
ComboFix2.txt 2010-05-06 14:24
ComboFix3.txt 2010-05-06 12:35
Pre-Run: 145,151,574,016 bytes free
Post-Run: 145,398,239,232 bytes free
- - End Of File - - EBD3DF855216371C0F978A39EC5AF66C

Thanks

aliEnRIK

Open notepad and copy/paste the text in RED below

File::
c:\documents and settings\owner\Application Data\jasltw.dat
c:\windows\system32\config\systemprofile\Applicati on Data\jasltw.dat
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\jasltw.dat

Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

mrsJeckyl

Done,

ComboFix 10-06-06.03 - owner 07/06/2010 7:40.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1235 [GMT 1:00]
Running from: c:\documents and settings\owner\Desktop\qwerty.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
FILE ::
"c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\jasltw.dat"
"c:\documents and settings\owner\Application Data\jasltw.dat"
"c:\windows\system32\config\systemprofile\Applicati on Data\jasltw.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\jasltw.dat
c:\documents and settings\owner\Application Data\jasltw.dat
.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.
2010-06-05 17:01 . 2010-06-05 17:01

---

d

---

w- c:\program files\Alwil Software
2010-06-05 17:01 . 2010-06-05 17:01

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-06-05 16:14 . 2010-06-05 16:33

---

d

---

w- C:\qwerty
2010-06-03 19:29 . 2010-06-03 19:29

---

d

---

w- c:\documents and settings\owner\Application Data\Skinux
2010-06-03 18:14 . 2010-06-03 18:14

---

d

---

w- c:\program files\Common Files\Scanner
2010-06-03 18:14 . 2010-06-03 18:17

---

d

---

w- c:\program files\CA Yahoo! Anti-Spy
2010-06-03 08:09 . 2010-06-03 08:09

---

d

---

w- C:\$AVG
2010-06-03 07:54 . 2010-06-03 07:54 29512 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-03 07:54 . 2010-06-03 07:54 242896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 07:33 . 2010-06-05 16:09

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9
2010-05-30 17:35 . 2010-05-30 17:35 61440 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1b9f6725-n\decora-sse.dll
2010-05-30 17:35 . 2010-05-30 17:35 503808 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d4f3fa9-n\msvcp71.dll
2010-05-30 17:35 . 2010-05-30 17:35 499712 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d4f3fa9-n\jmc.dll
2010-05-30 17:35 . 2010-05-30 17:35 348160 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d4f3fa9-n\msvcr71.dll
2010-05-30 17:35 . 2010-05-30 17:35 12800 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1b9f6725-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 05:44 . 2010-01-19 14:08 720 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-06-05 16:29 . 2007-03-09 14:59

---

d

---

w- c:\program files\Lx_cats
2010-06-04 15:35 . 2006-10-23 09:43

---

d

---

w- c:\program files\InstallShield Installation Information
2010-06-03 07:33 . 2008-08-28 14:01

---

d

---

w- c:\program files\AVG
2010-06-03 07:22 . 2010-02-16 09:46

---

d

---

w- c:\documents and settings\owner\Application Data\Virgin Media
2010-06-03 07:22 . 2010-02-16 09:46

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Virgin Media
2010-06-03 07:22 . 2010-02-16 09:46

---

d

---

w- c:\program files\Virgin Media
2010-06-01 05:32 . 2010-02-16 09:46

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Radialpoint
2010-05-26 14:08 . 2009-05-28 16:40

---

d

---

w- c:\program files\CCleaner
2010-05-12 10:42 . 2010-01-16 11:40

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-05-06 14:31 . 2010-05-06 13:45

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2010-05-06 13:45 . 2010-05-06 13:45

---

d

---

w- c:\documents and settings\owner\Application Data\Yahoo!
2010-05-06 11:20 . 2010-05-06 11:20 388096 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-06 11:20 . 2010-05-06 11:20

---

d

---

w- c:\program files\Trend Micro
2010-05-06 09:24 . 2010-05-06 09:24

---

d

---

w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-05-06 09:24 . 2010-05-06 09:24

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 09:24 . 2010-05-06 09:24

---

d

---

w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-04-29 14:39 . 2010-05-06 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-05-06 09:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 17:24 . 2006-10-23 09:28

---

d

---

w- c:\program files\Common Files\Java
2010-04-21 16:49 . 2010-04-21 16:49 503808 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\msvcp71.dll
2010-04-21 16:49 . 2010-04-21 16:49 499712 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\jmc.dll
2010-04-21 16:49 . 2010-04-21 16:49 348160 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3305f280-n\msvcr71.dll
2010-04-21 16:49 . 2010-04-21 16:49 12800 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56acedb4-n\decora-d3d.dll
2010-04-21 16:49 . 2010-04-21 16:49 61440 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56acedb4-n\decora-sse.dll
2010-04-21 16:48 . 2006-10-23 09:28

---

d

---

w- c:\program files\Java
2010-04-21 07:07 . 2009-07-31 16:50

---

d

---

w- c:\program files\thinkbroadband.com
2010-04-12 16:29 . 2010-04-21 16:49 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-04 06:28 . 2010-04-04 06:27 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
2010-03-10 06:15 . 2008-04-15 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-05-06_14.22.48"]SnapShot@2010-05-06_14.22.48[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-06-07 05:44 . 2010-06-07 05:44 16384 c:\windows\Temp\Perflib_Perfdata_818.dat
+ 2008-04-15 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-04-15 12:00 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2010-05-14 06:01 . 2010-05-14 06:01 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-01-15 16:58 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2010-01-15 16:58 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
- 2010-01-15 16:58 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-01-15 16:58 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-06-03 07:33 . 2010-06-03 07:33 424448 c:\windows\Installer\90067.msi
+ 2010-06-05 17:02 . 2010-06-05 17:02 219648 c:\windows\Installer\1efcd1.msi
- 2010-01-16 11:42 . 2010-04-15 02:04 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-16 11:42 . 2010-04-15 02:04 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2006-04-14 12:09 . 2006-04-14 12:09 188968 c:\windows\Downloaded Program Files\yinsthelper.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2004-08-09 21:00 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2004-08-09 21:00 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-10-16 06:08 . 2009-10-16 06:08 2237952 c:\windows\Installer\11323ab.msp
- 2010-01-16 11:42 . 2010-04-15 02:04 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-16 11:42 . 2010-05-12 10:42 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-16 17:27 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"nwiz"="nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"lxcdmon.exe"="c:\program files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="c:\program files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"tbbMeter"="c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe" [2009-11-22 688648]
"LXCDCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-01-22 10:16 33603584 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [16/02/2010 10:46 668912]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [27/03/2009 01:25 1086208]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 01:44 135664]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 14:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 14:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 14:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 14:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 14:54 98568]
.
Contents of the 'Scheduled Tasks' folder
2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:44]
2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:44]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://uk.yahoo.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 07:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCDCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-06-07 07:48:37
ComboFix-quarantined-files.txt 2010-06-07 06:48
ComboFix2.txt 2010-06-05 16:33
ComboFix3.txt 2010-05-06 14:24
ComboFix4.txt 2010-05-06 12:35
Pre-Run: 145,086,730,240 bytes free
Post-Run: 145,251,749,888 bytes free
- - End Of File - - 11934A0FCC55F962C683322C5310F0C6


Thanks everyone for all your help. It all appears to be running fine now. Going to do a Ccleaner and load up a new antivirus. Think I am going to try avast this time.

aliEnRIK

Manually remove this file ~
c:\windows\system32\config\systemprofile\Applicati on Data\jasltw.dat

To remove AVG use the removal tool ~
Use the 32 bit AVG removal tool
http://www.avg.com/download-tools