Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect [Solved]

Started by gz99 , Mar 31 2009 05:35 PM

  • This topic is locked This topic is locked

#1
gz99
Posted 31 March 2009 - 05:35 PM

gz99

    Member

  • Member
  • PipPip
  • 12 posts
Hi !

I'm having a problem which started with google redirect 2 days ago. My searches in google and firefox have been redirected to different ad sites. Sometimes, there is usually a sentence that states that I am being redirected and then the world "Jump". I have tried 5 full scans on Ad-Aware, Malware bytes, Symantec Antivirus, Spybot search and destroy and Spyware Doctor but to no avail. I noticed my system is running slower although I can't detect anything on CPU usage. Firefox does seem to be closing down on me more often too. I've read other similar posts like mine but I probably have a different version of this virus. Any help would be really appreciated!
  • 0

Advertisements

#2
Jimmy2012
Posted 10 April 2009 - 12:09 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello gz99 and welcome to Geeks to go. :)
Sorry about the delay.



  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
gz99
Posted 10 April 2009 - 12:42 PM

gz99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi! I did what you told me to do and this is my result for the QTListIT.Txt file

OTListIt logfile created on: 4/10/2009 2:37:30 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\Charlene\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 427.67 Mb Available Physical Memory | 42.17% Memory free
2.40 Gb Paging File | 1.69 Gb Available in Paging File | 70.53% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 0.39 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
Drive D: | 32.59 Gb Total Space | 24.65 Gb Free Space | 75.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 19.52 Gb Total Space | 19.52 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 54.99 Gb Total Space | 13.43 Gb Free Space | 24.43% Space Free | Partition Type: NTFS

Computer Name: YOUR-85192F2E0D
Current User Name: Charlene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - D:\Java\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (Sony Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Charlene\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor4.0 [Auto | Stopped]) -- File not found
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment [On_Demand | Stopped]) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- D:\Java\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (VAIO Entertainment Aggregation and Control Service [On_Demand | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (Sony Corporation)
SRV - (VAIO Entertainment Task Scheduler [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (Vcsw [On_Demand | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IFXTPM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS (Infineon Technologies AG)
DRV - (IKFileSec [Boot | Running]) -- C:\WINDOWS\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt [System | Running]) -- C:\WINDOWS\system32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKSysSec [System | Running]) -- C:\WINDOWS\system32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Mvc25U870_VID_1262&PID_25FD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Mvc25U870.sys (Micro Vision Co.,Ltd)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090403.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090403.004\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (shpf [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (SNC [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SonyNC.sys (Sony Corporation)
DRV - (SonyImgF [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SonyImgF.sys (Sony Corporation)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SPI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SonyPI.sys (Sony Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (TcUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (ti21sony [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (toshidpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: filtersetg@updater:0.3.1.3
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\JAVA\LIB\DEPLOY\JQS\FF [2009/03/07 15:08:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 17:31:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/03 10:10:28 | 00,000,000 | ---D | M]

[2008/09/01 11:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\mozilla\Extensions
[2008/09/01 11:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/09 22:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\mozilla\Firefox\Profiles\q6zillkn.default\extensions
[2009/01/07 10:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\mozilla\Firefox\Profiles\q6zillkn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/10/20 11:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\mozilla\Firefox\Profiles\q6zillkn.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2009/03/29 12:19:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\mozilla\Firefox\Profiles\q6zillkn.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2007/12/25 09:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\mozilla\Firefox\Profiles\q6zillkn.default\extensions\filtersetg@updater
[2009/04/09 22:39:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/06/18 07:59:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/29 17:31:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/07 14:48:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/07 15:08:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/02 13:06:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "D:\adobephotoshop\apdproxy.exe" File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "D:\Java\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" (Sony Corporation)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Charlene\Start Menu\Programs\Startup\VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 94 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148731601796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1169485468234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - I:\autorun.inf () - [ NTFS ]
O33 - MountPoints2\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\Shell - "" = Autorun
O33 - MountPoints2\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\Shell\Open\command - "" = Boot.exe e
O33 - MountPoints2\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\Shell - "" = Autorun
O33 - MountPoints2\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\Shell\Open\command - "" = Boot.exe e
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/04/10 14:34:14 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charlene\Desktop\OTListIt2.exe
[2009/03/31 12:25:33 | 10,633,74848 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/31 11:48:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charlene\Desktop\backups
[2009/03/31 11:46:00 | 00,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Charlene\Desktop\HijackThis.exe
[2009/03/31 11:39:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charlene\Application Data\HouseCall 6.6
[2009/03/31 11:39:08 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/31 11:32:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/03/31 11:18:34 | 00,016,481 | ---- | C] () -- C:\Documents and Settings\Charlene\Desktop\Bookmarks 2009-03-31.json
[2009/03/29 19:03:28 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\Charlene\Desktop\Spybot - Search & Destroy.lnk
[2009/03/29 16:26:09 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/29 16:19:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/29 02:35:31 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\Charlene\Desktop\Shortcut to msnmsgr.lnk
[2009/03/29 02:31:47 | 00,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/03/29 02:31:45 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2009/03/29 02:31:45 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2009/03/29 02:31:45 | 00,040,840 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2009/03/29 02:31:45 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2009/03/29 02:31:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/03/29 02:31:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Charlene\Application Data\PC Tools
[2009/03/19 18:33:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/03/19 18:33:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/03/19 18:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/03/18 20:17:22 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/18 20:16:46 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/18 20:16:36 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/18 20:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/18 20:12:51 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/18 14:34:02 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/05/28 11:18:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/05/18 09:29:24 | 00,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007/04/14 18:32:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/03/27 03:55:48 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/09 18:45:34 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007/02/09 18:45:34 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/02/09 14:56:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/12/12 12:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/10/11 23:55:11 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/10/11 23:49:39 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/09/10 18:44:39 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/05/27 06:31:58 | 00,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/05/27 06:27:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/19 15:38:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/04/19 15:38:19 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/09 17:18:08 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/09 16:07:20 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/09 16:07:20 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/09 16:07:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/09 16:07:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/09 16:07:20 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/09 16:07:20 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/09 16:07:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/01/06 23:58:36 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/06 05:49:20 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/01/06 05:49:12 | 00,003,744 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/06 05:48:47 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/01/06 05:48:43 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/11/01 04:53:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 17:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 00:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 06:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 03:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/10 14:34:15 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlene\Desktop\OTListIt2.exe
[2009/04/10 12:05:59 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/10 10:57:12 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/10 10:56:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/10 10:56:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/10 10:56:29 | 10,633,74848 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/09 22:41:41 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/09 20:42:02 | 00,186,880 | ---- | M] () -- C:\Documents and Settings\Charlene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 16:15:17 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Charlene\Desktop\Microsoft Office Word 2003.lnk
[2009/04/02 00:56:06 | 00,017,408 | -HS- | M] () -- C:\Documents and Settings\Charlene\Desktop\Thumbs.db
[2009/03/31 11:52:59 | 02,392,432 | -H-- | M] () -- C:\Documents and Settings\Charlene\Local Settings\Application Data\IconCache.db
[2009/03/31 11:39:08 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/31 11:18:34 | 00,016,481 | ---- | M] () -- C:\Documents and Settings\Charlene\Desktop\Bookmarks 2009-03-31.json
[2009/03/31 10:44:15 | 00,350,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/30 22:35:58 | 00,086,080 | ---- | M] () -- C:\Documents and Settings\Charlene\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/29 19:03:28 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\Charlene\Desktop\Spybot - Search & Destroy.lnk
[2009/03/29 17:31:16 | 00,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/29 16:26:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/29 11:47:51 | 00,409,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/29 11:47:51 | 00,064,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/29 11:47:50 | 00,481,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 02:35:31 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\Charlene\Desktop\Shortcut to msnmsgr.lnk
[2009/03/29 02:34:34 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2009/03/29 02:34:34 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2009/03/29 02:34:33 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2009/03/29 02:31:47 | 00,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/03/19 18:34:35 | 00,000,916 | ---- | M] () -- C:\Documents and Settings\Charlene\My Documents\My Sharing Folders.lnk
[2009/03/12 02:05:22 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== LOP Check ==========

[2009/03/30 10:20:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/18 20:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/12/04 02:33:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/09/21 22:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/09/24 22:32:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/08/20 06:15:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/12/04 02:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/07/12 09:24:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/09/10 18:50:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2006/01/07 01:16:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/03/30 02:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/27 13:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/19 18:29:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/01/07 00:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/10/10 11:43:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2006/01/09 16:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2009/03/29 20:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/05/28 11:13:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/10 11:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/20 06:15:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2006/04/19 15:34:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
[2006/05/27 08:11:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/03/16 13:44:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/03/31 11:39:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Charlene\Application Data
[2009/02/27 01:11:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Adobe
[2006/08/20 06:12:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\AdobeAUM
[2007/01/29 16:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\AdobeUM
[2006/07/30 01:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Apple Computer
[2006/06/14 06:25:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Azureus
[2006/10/08 00:15:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\DivX
[2008/05/31 15:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Esha Research
[2009/02/27 13:30:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Google
[2009/02/25 13:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Help
[2009/03/31 11:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\HouseCall 6.6
[2007/03/06 22:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\HP
[2006/01/06 23:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Identities
[2007/05/07 22:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Image Zone Express
[2006/06/16 02:12:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\InterVideo
[2006/09/13 21:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Leadertech
[2006/05/27 07:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Macromedia
[2009/02/27 13:13:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Malwarebytes
[2008/11/18 20:11:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Charlene\Application Data\Microsoft
[2006/05/28 02:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Mozilla
[2006/09/06 16:34:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Nikon
[2008/11/18 14:41:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Opera
[2009/03/29 02:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\PC Tools
[2007/02/09 18:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Simply Super Software
[2009/04/10 00:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Skype
[2009/04/09 00:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\skypePM
[2008/10/04 20:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Smilebox
[2008/11/17 02:10:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Sony Corporation
[2006/05/27 09:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Sun
[2006/05/27 06:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\Symantec
[2006/11/19 00:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\vlc
[2009/03/29 16:26:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2008/11/12 14:20:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/10 10:56:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#4
gz99
Posted 10 April 2009 - 12:44 PM

gz99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
And this is my result for the extras.txt file

OTListIt Extras logfile created on: 4/10/2009 2:37:30 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\Charlene\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 427.67 Mb Available Physical Memory | 42.17% Memory free
2.40 Gb Paging File | 1.69 Gb Available in Paging File | 70.53% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 0.39 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
Drive D: | 32.59 Gb Total Space | 24.65 Gb Free Space | 75.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 19.52 Gb Total Space | 19.52 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 54.99 Gb Total Space | 13.43 Gb Free Space | 24.43% Space Free | Partition Type: NTFS

Computer Name: YOUR-85192F2E0D
Current User Name: Charlene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
%windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus File not found
C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ File not found
D:\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ (ApexDC++ Development Team)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
%windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free. (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01AE599F-7B72-4135-8C56-9191F4ACBA88}" = VAIO Edit Components
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{582C5C46-399D-4A9D-AB9F-C36F6FEC85EA}" = VAIO CameraVJ Screen Saver
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7998F67D-655B-42E3-B651-18D96DD17268}" = Adobe Premiere Standard
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A43F939E-A863-433D-AC78-0897E44CFEB2}" = VAIO Launcher
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{AA171A69-F942-40DA-AE3A-EA91026A1CAE}" = VAIO Manual
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}" = Spelling Dictionaries For Adobe Reader Package
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}" = VAIO Long Battery Life Wallpaper
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-in 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8}" = Microsoft GB18030 Support Package
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}" = VAIO Zone
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"ApexDC++" = ApexDC++ 1.2.0
"CGPA Calculator_is1" = CGPA Calculator 2.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Content Uploader" = DivX Content Uploader
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"ProInst" = Intel® PROSet/Wireless Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Doctor" = Spyware Doctor 6.0
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2009 2:55:53 AM | Computer Name = YOUR-85192F2E0D | Source = ESENT | ID = 482
Description = wlcomm (2144) An attempt to write to the file "C:\Documents and Settings\Charlene\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{a332903c-7f67-4d57-ac7e-77a30aba1e60}\DBStore\LogFiles\res2.log"
at offset 1048576 (0x0000000000100000) for 1048576 (0x00100000) bytes failed with
system error 112 (0x00000070): "There is not enough space on the disk. ". The
write operation will fail with error -1808 (0xfffff8f0). If this error persists
then the file may be damaged and may need to be restored from a previous backup.

Error - 3/30/2009 7:03:39 PM | Computer Name = YOUR-85192F2E0D | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 3/30/2009 7:04:08 PM | Computer Name = YOUR-85192F2E0D | Source = Application Error | ID = 1001
Description = Fault bucket 1204584019.

Error - 3/31/2009 6:27:13 PM | Computer Name = YOUR-85192F2E0D | Source = Windows Live Messenger | ID = 1000
Description =

Error - 4/2/2009 10:18:01 PM | Computer Name = YOUR-85192F2E0D | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.6.0.248, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/4/2009 11:58:10 PM | Computer Name = YOUR-85192F2E0D | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.6.0.248, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/4/2009 11:58:19 PM | Computer Name = YOUR-85192F2E0D | Source = Application Error | ID = 1001
Description = Fault bucket 1205367702.

Error - 4/5/2009 2:09:34 PM | Computer Name = YOUR-85192F2E0D | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/5/2009 2:09:48 PM | Computer Name = YOUR-85192F2E0D | Source = Application Error | ID = 1001
Description = Fault bucket 1204584019.

Error - 4/9/2009 2:14:10 AM | Computer Name = YOUR-85192F2E0D | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.6.0.248, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

[ System Events ]
Error - 4/7/2009 3:11:08 PM | Computer Name = YOUR-85192F2E0D | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 142.151.157.75
on the Network Card with network address 0013A92A7551.

Error - 4/7/2009 7:59:42 PM | Computer Name = YOUR-85192F2E0D | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 142.151.157.75
on the Network Card with network address 0013A92A7551.

Error - 4/8/2009 10:05:29 AM | Computer Name = YOUR-85192F2E0D | Source = Service Control Manager | ID = 7000
Description = The Adobe Active File Monitor V4 service failed to start due to the
following error: %%3

Error - 4/8/2009 3:12:10 PM | Computer Name = YOUR-85192F2E0D | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 142.151.157.75
on the Network Card with network address 0013A92A7551.

Error - 4/8/2009 6:55:49 PM | Computer Name = YOUR-85192F2E0D | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/9/2009 12:38:59 AM | Computer Name = YOUR-85192F2E0D | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 142.151.157.75
on the Network Card with network address 0013A92A7551.

Error - 4/9/2009 12:16:10 PM | Computer Name = YOUR-85192F2E0D | Source = Service Control Manager | ID = 7000
Description = The Adobe Active File Monitor V4 service failed to start due to the
following error: %%3

Error - 4/9/2009 8:25:16 PM | Computer Name = YOUR-85192F2E0D | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 142.151.157.75
on the Network Card with network address 0013A92A7551.

Error - 4/9/2009 10:27:56 PM | Computer Name = YOUR-85192F2E0D | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 142.151.157.75
on the Network Card with network address 0013A92A7551.

Error - 4/10/2009 10:57:09 AM | Computer Name = YOUR-85192F2E0D | Source = Service Control Manager | ID = 7000
Description = The Adobe Active File Monitor V4 service failed to start due to the
following error: %%3


< End of report >
  • 0

#5
Jimmy2012
Posted 10 April 2009 - 03:13 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello gz99,

  • Please open OTListIt2.exe
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTLI
O33 - MountPoints2\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\Shell - "" = Autorun
O33 - MountPoints2\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\Shell\Open\command - "" = Boot.exe e
O33 - MountPoints2\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\Shell - "" = Autorun
O33 - MountPoints2\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\Shell\Open\command - "" = Boot.exe e

:Commands
[purity]
[emptytemp]
[reboot]
  • Return to OTListIt2, right click in the "Custom Scans/fixes" window (under the light blue bar) and choose Paste.
  • Click the Run Fix button.
  • Let the program run until it is finished, reboot when it is done.
  • It will produce a log for you on reboot, please post that log in your next reply.






Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.
~~~~~~~~~~~~~
In your next reply please have these logs.
The OTListIt2 log
And the GooredFix log
  • 0

#6
gz99
Posted 10 April 2009 - 07:45 PM

gz99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi there! This is my QTlistIT2 log as follows (produced after reboot)

========== OTLISTIT ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251bf9e0-fb8a-11da-82ed-0013a92a7551}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251bf9e1-fb8a-11da-82ed-0013a92a7551}\ not found.
File not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Charlene\Local Settings\Temp\etilqs_jJZMjVh5jE98HmtzFr3r scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Charlene\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET2E7D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JET3AF1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_300.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Charlene\Local Settings\Application Data\Mozilla\Firefox\Profiles\q6zillkn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Charlene\Local Settings\Application Data\Mozilla\Firefox\Profiles\q6zillkn.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.12.2 log created on 04102009_213210

Files moved on Reboot...
File C:\Documents and Settings\Charlene\Local Settings\Temp\etilqs_jJZMjVh5jE98HmtzFr3r not found!
File C:\WINDOWS\temp\JET2E7D.tmp not found!
File C:\WINDOWS\temp\JET3AF1.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_300.dat not found!
C:\Documents and Settings\Charlene\Local Settings\Application Data\Mozilla\Firefox\Profiles\q6zillkn.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Charlene\Local Settings\Application Data\Mozilla\Firefox\Profiles\q6zillkn.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...
  • 0

#7
gz99
Posted 10 April 2009 - 07:47 PM

gz99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
And this is my GooedLog

GooredFix v1.92 by jpshortstuff
Log created at 21:46 on 10/04/2009 running Option #1 (Charlene)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="D:\Java\lib\deploy\jqs\ff"
  • 0

#8
Jimmy2012
Posted 10 April 2009 - 11:57 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello gz99,

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
gz99
Posted 11 April 2009 - 08:33 PM

gz99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi there! This is my log file from combo fix as follows below. In the meantime, thanks a lot for helping me all this while, I really appreciate it! :)

2009-03-29 16:19 . 2009-03-30 02:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-29 02:31 . 2009-04-10 11:11 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-29 02:31 . 2009-03-29 02:31 <DIR> d-------- c:\documents and settings\Charlene\Application Data\PC Tools
2009-03-29 02:31 . 2009-03-29 02:34 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-03-29 02:31 . 2009-03-29 02:34 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-03-29 02:31 . 2009-03-29 02:34 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-03-29 02:31 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-03-19 18:35 . 2009-04-11 22:21 <DIR> d-------- c:\documents and settings\Charlene\Tracing
2009-03-19 18:33 . 2009-03-19 18:33 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-19 18:33 . 2009-03-19 18:33 <DIR> d-------- c:\program files\Microsoft
2009-03-19 18:29 . 2009-03-19 18:29 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-18 20:16 . 2009-03-18 20:17 <DIR> d-------- c:\program files\iTunes
2009-03-18 20:16 . 2009-03-18 20:16 <DIR> d-------- c:\program files\iPod
2009-03-18 20:16 . 2009-03-18 20:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-18 20:12 . 2009-03-18 20:13 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 02:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-12 02:23 --------- d-----w c:\program files\Symantec AntiVirus
2009-04-12 02:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-11 17:50 --------- d-----w c:\documents and settings\Charlene\Application Data\Skype
2009-04-11 16:28 --------- d-----w c:\documents and settings\Charlene\Application Data\skypePM
2009-03-29 23:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-19 22:34 --------- d-----w c:\program files\Windows Live
2009-03-19 00:16 --------- d-----w c:\program files\Common Files\Apple
2009-03-07 18:48 --------- d-----w c:\program files\Java
2009-02-27 17:13 --------- d-----w c:\documents and settings\Charlene\Application Data\Malwarebytes
2009-02-27 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-03-04 02:26 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-05 12:34 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-10-09 02:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100820081009\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-24 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-24 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-04 7340032]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-20 167936]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-03-29 1168264]
"SunJavaUpdateSched"="d:\java\bin\jusched.exe" [2009-03-09 148888]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-01-09 491520]
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-04-19 778240]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-01-09 491520]

c:\documents and settings\Charlene\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-04-19 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-10-11 1724416]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 21:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-01-06 9216]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-29 356920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-01-06 29312]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-01-06 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-01-06 217472]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-01-06 36352]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Adobe Photo Downloader - d:\adobephotoshop\apdproxy.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://vaio-online.sony.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: plaxo.com\www
FF - ProfilePath - c:\documents and settings\Charlene\Application Data\Mozilla\Firefox\Profiles\q6zillkn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: d:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\java\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 22:23:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\VESWinlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
d:\java\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-11 22:29:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-12 02:29:20

Pre-Run: 1,409,675,264 bytes free
Post-Run: 1,637,650,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

208 --- E O F --- 2009-03-21 05:48:23
  • 0

#10
Jimmy2012
Posted 12 April 2009 - 12:29 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello gz99,
No problem. :)



It does not look like you posted the whole ComboFix log (it is missing the start of it), could you please re-post it in your next reply.
  • 0

Advertisements

#11
gz99
Posted 12 April 2009 - 11:41 AM

gz99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Jimmy! :) Sorry I have no idea how that happened, anyhow i looked for it and I think this is the right one. Please tell me if it isn't and thanks a lot for your patience!

ComboFix 09-04-04.01 - Charlene 2009-04-11 22:13:27.1 - NTFSx86
Running from: c:\documents and settings\Charlene\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Charlene\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\jqchshn.cco
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.

2009-04-11 22:09 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-10 21:32 . 2009-04-10 21:32 <DIR> d-------- C:\_OTListIt
2009-03-31 11:39 . 2009-03-31 11:52 <DIR> d-------- c:\documents and settings\Charlene\Application Data\HouseCall 6.6
2009-03-31 11:39 . 2009-03-31 11:39 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-29 16:19 . 2009-03-30 02:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-29 02:31 . 2009-04-10 11:11 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-29 02:31 . 2009-03-29 02:31 <DIR> d-------- c:\documents and settings\Charlene\Application Data\PC Tools
2009-03-29 02:31 . 2009-03-29 02:34 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-03-29 02:31 . 2009-03-29 02:34 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-03-29 02:31 . 2009-03-29 02:34 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-03-29 02:31 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-03-19 18:35 . 2009-04-11 22:21 <DIR> d-------- c:\documents and settings\Charlene\Tracing
2009-03-19 18:33 . 2009-03-19 18:33 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-19 18:33 . 2009-03-19 18:33 <DIR> d-------- c:\program files\Microsoft
2009-03-19 18:29 . 2009-03-19 18:29 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-18 20:16 . 2009-03-18 20:17 <DIR> d-------- c:\program files\iTunes
2009-03-18 20:16 . 2009-03-18 20:16 <DIR> d-------- c:\program files\iPod
2009-03-18 20:16 . 2009-03-18 20:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-18 20:12 . 2009-03-18 20:13 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 02:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-12 02:23 --------- d-----w c:\program files\Symantec AntiVirus
2009-04-12 02:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-11 17:50 --------- d-----w c:\documents and settings\Charlene\Application Data\Skype
2009-04-11 16:28 --------- d-----w c:\documents and settings\Charlene\Application Data\skypePM
2009-03-29 23:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-19 22:34 --------- d-----w c:\program files\Windows Live
2009-03-19 00:16 --------- d-----w c:\program files\Common Files\Apple
2009-03-07 18:48 --------- d-----w c:\program files\Java
2009-02-27 17:13 --------- d-----w c:\documents and settings\Charlene\Application Data\Malwarebytes
2009-02-27 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-03-04 02:26 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-05 12:34 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-10-09 02:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100820081009\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-24 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-24 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-04 7340032]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-20 167936]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-03-29 1168264]
"SunJavaUpdateSched"="d:\java\bin\jusched.exe" [2009-03-09 148888]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-01-09 491520]
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-04-19 778240]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-01-09 491520]

c:\documents and settings\Charlene\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-04-19 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-10-11 1724416]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 21:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-01-06 9216]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-29 356920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-01-06 29312]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-01-06 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-01-06 217472]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-01-06 36352]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Adobe Photo Downloader - d:\adobephotoshop\apdproxy.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://vaio-online.sony.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: plaxo.com\www
FF - ProfilePath - c:\documents and settings\Charlene\Application Data\Mozilla\Firefox\Profiles\q6zillkn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: d:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\java\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 22:23:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\VESWinlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
d:\java\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-11 22:29:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-12 02:29:20

Pre-Run: 1,409,675,264 bytes free
Post-Run: 1,637,650,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

208 --- E O F --- 2009-03-21 05:48:23
  • 0

#12
Jimmy2012
Posted 12 April 2009 - 04:13 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello gz99,
No problem, you posted it fine this time. :)



  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.








Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log
  • 0

#13
gz99
Posted 12 April 2009 - 08:22 PM

gz99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Jimmy! I did the Malwarebytes Anti-Malware and no malicious items were detected so i didn't have to remove anything. But anyhow, here is my log of the scan:

Malwarebytes' Anti-Malware 1.36
Database version: 1971
Windows 5.1.2600 Service Pack 3

4/12/2009 10:20:54 PM
mbam-log-2009-04-12 (22-20-54).txt

Scan type: Quick Scan
Objects scanned: 78640
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
gz99
Posted 12 April 2009 - 11:18 PM

gz99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
And here is my kaspersky online scan report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, April 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, April 13, 2009 03:36:29
Records in database: 2039470
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 81215
Threat name: 7
Infected objects: 21
Suspicious objects: 0
Duration of the scan: 02:37:43


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\040C0000\4D4D4C5F.VBN Infected: Packed.Win32.Krap.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07840000\4F872B95.VBN Infected: Trojan-GameThief.Win32.Magania.akrq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A40000\49B417E8.VBN Infected: IM-Worm.Win32.Sohanad.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09AC0000\49BCC769.VBN Infected: Worm.Win32.AutoRun.tfo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AE80000\4BF9DA93.VBN Infected: Packed.Win32.Krap.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B100001\4B3B033C.VBN Infected: Packed.Win32.Krap.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B200000\4BE080A0.VBN Infected: EICAR-Test-File 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B200001\4BE08186.VBN Infected: EICAR-Test-File 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B540000\4B756647.VBN Infected: Packed.Win32.Krap.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000\4C2C9C39.VBN Infected: EICAR-Test-File 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE40000\4FE54466.VBN Infected: EICAR-Test-File 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF40000\4DF62758.VBN Infected: Packed.Win32.Krap.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640000\4DF7BBB0.VBN Infected: Trojan-GameThief.Win32.Magania.akrq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD40000\4DDCA72A.VBN Infected: EICAR-Test-File 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4FFCCB9F.VBN Infected: EICAR-Test-File 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DEC0000\4DFC9DF6.VBN Infected: EICAR-Test-File 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E280000\4FAAFB59.VBN Infected: EICAR-Test-File 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E540000\4FDFC875.VBN Infected: Trojan-GameThief.Win32.Magania.akrq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380000\4FFE03BA.VBN Infected: EICAR-Test-File 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FC40000\4FEC2A0D.VBN Infected: Packed.Win32.Krap.b 1
C:\Documents and Settings\Charlene\.housecall6.6\Quarantine\dydhcp.exe.bac_a01924 Infected: Backdoor.Win32.IRCBot.yc 1

The selected area was scanned.
  • 0

#15
Jimmy2012
Posted 13 April 2009 - 11:09 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello gz99,

How is your computer running now?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP