Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91987 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]áCan't run anti-spyware + rogue infection


  • This topic is locked This topic is locked
25 replies to this topic

#16 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 04 October 2009 - 11:46 AM

Hi

Any problems?

One more scan to check our handiwork.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Go here to run an online scannner from ESET:
http://www.eset.eu/online-scanner

(Note: You must use Internet Explorer for this scan.)

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. We will need this later.

    Please download DDS and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.scr to run the tool.
    • When done, DDS.txt will open.
    • A file called Attatch.txt will also be produced, we don't need it at this time.
    • Save both reports to your desktop.
    ---------------------------------------------------

    Please include the contents of the following in your next reply:

    DDS.txt

    Please post back with the
  • Eset log
  • DDS.txt taken after the ESET scan

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#17 nffc86

nffc86

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 04 October 2009 - 12:57 PM

Eset scan: C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch application C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Documents and Settings\Helen Melon\Application Data\lizkavd.exe.vir a variant of Win32/Kryptik.APO trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir a variant of Win32/Kryptik.YQ trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETmlwapboe.dll.vir Win32/Olmarik.KW trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETnnowxrsm.dll.vir Win32/Olmarik.MF trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETwfvpijtv.dll.vir Win32/Olmarik.KW trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\UACltyblwhdnq.dll.vir Win32/Olmarik.KI trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqowyerbnep.dll.vir Win32/Olmarik.IJ trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\SKYNETbqbuypib.sys.vir Win32/Olmarik.KW trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UAChrxoirrslk.sys.vir a variant of Win32/Olmarik.HI trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir a variant of Win32/Kryptik.APO trojan C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JHMM4TBB\down[1].exe a variant of Win32/Agent.PKQ trojan C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T4QJZ1HQ\down[1].exe a variant of Win32/Agent.PKQ trojan C:\_OTM\MovedFiles\10032009_135631\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe a variant of Win32/Kryptik.APO trojan DDS (Ver_09-09-29.01) - NTFSx86 Run by Helen Melon at 19:53:27.70 on 04/10/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.222 [GMT 1:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Documents and Settings\Helen Melon\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/en/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - No File BHO: {C2CEB3AB-FEEC-45F5-8ADE-B2C33A60D85D} - No File TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [kdx] c:\program files\kontiki\KHost.exe -all uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe" mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [PDService.exe] c:\program files\utimaco\safeguard privatedisk\pdservice.exe mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe mRun: [Mouse Suite 98 Daemon] ICO.EXE mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: sony-europe.com Trusted Zone: sonystyle-europe.com Trusted Zone: vaio-link.com DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\helenm~1\applic~1\mozilla\firefox\profiles\964kqff7.default\ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-15 64160] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-3 206256] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-14 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-8-20 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-14 108552] R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [2004-7-6 45627] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-14 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-14 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-22 1174152] S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\helenm~1\locals~1\temp\dmskssrh.sys --> c:\docume~1\helenm~1\locals~1\temp\DMSKSSRh.sys [?] S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2006-8-2 395224] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-3 348824] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-10-3 1097096] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?] S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?] =============== Created Last 30 ================ 2009-10-04 19:07 <DIR> --d----- c:\program files\ESET 2009-10-04 01:08 50,176 a------- c:\windows\system32\proquota.exe 2009-10-04 00:51 <DIR> a-dshr-- C:\cmdcons 2009-10-04 00:49 229,888 a------- c:\windows\PEV.exe 2009-10-04 00:49 161,792 a------- c:\windows\SWREG.exe 2009-10-04 00:49 98,816 a------- c:\windows\sed.exe 2009-10-03 14:09 <DIR> --d----- c:\windows\ERUNT 2009-10-03 14:01 <DIR> --d----- C:\SDFix 2009-10-03 13:56 <DIR> --d----- C:\_OTM 2009-10-03 13:32 293 a------- C:\MGlogs.zip 2009-10-03 13:32 <DIR> --d----- C:\MGtools 2009-10-03 03:26 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys 2009-10-03 03:26 206,256 a------- c:\windows\system32\drivers\PCTCore.sys 2009-10-03 03:26 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-03 03:26 7,396 a------- c:\windows\system32\drivers\pctcore.cat 2009-10-03 03:25 <DIR> --d----- c:\program files\common files\PC Tools 2009-10-03 03:25 64,392 a------- c:\windows\system32\drivers\pctplsg.sys 2009-10-03 03:25 <DIR> --d----- c:\program files\Spyware Doctor 2009-10-03 03:25 <DIR> --d----- c:\docume~1\helenm~1\applic~1\PC Tools 2009-10-03 03:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools 2009-10-03 02:48 <DIR> --dsh--- c:\documents and settings\helen melon\PrivacIE 2009-10-03 02:48 18,300 a------- c:\windows\system32\klin 2009-10-03 01:48 <DIR> --d----- c:\program files\Wise Registry Cleaner 2009-10-03 01:42 <DIR> --d----- c:\program files\Wise Disk Cleaner 2009-09-29 00:24 <DIR> --d----- c:\program files\VideoLAN 2009-09-19 02:03 <DIR> --d----- c:\docume~1\helenm~1\applic~1\Spotify 2009-09-19 02:03 <DIR> --d----- c:\program files\Spotify 2009-09-15 23:45 20,635 a------- c:\windows\system32\hfxsd 2009-09-11 01:46 153,088 -c------ c:\windows\system32\dllcache\triedit.dll ==================== Find3M ==================== 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-26 01:26 4,780,600 a------- C:\DivXWebPlayerInstaller.exe 2009-08-25 02:38 155,400 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat 2009-08-23 15:24 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-23 14:59 267,152 a------- C:\zaSetup_en.exe 2009-08-17 01:15 1,144,168 a------- C:\wlsetup-custom.exe 2009-08-16 17:59 6,881,824 a------- C:\SAS.exe 2009-08-16 17:54 1,343,913 a------- C:\MGtools.exe 2009-08-16 17:54 464,491 a------- C:\RootRepeal.zip 2009-08-16 17:28 411,368 a------- c:\windows\system32\deploytk.dll 2009-08-14 01:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-08-14 01:14 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-14 01:14 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll 2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-05-05 01:36 21,056 a------- c:\docume~1\helenm~1\applic~1\wklnhst.dat ============= FINISH: 19:54:14.78 ===============

#18 nffc86

nffc86

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 04 October 2009 - 01:03 PM

I can now run all my programs fine now, but I'm not sure about these logs, if this is good or bad!

#19 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 04 October 2009 - 03:04 PM

Hi nffc86,

Two of the files are false positives by ESET, two are in a temp folder, the rest we have already quarantined and will be removed when the tools are removed.

We have a few little things to clean up along with some of the tools you downloaded before coming to this forum. All in all it's looking pretty good.

Did you place these items in the Trusted Zone and for any particular reason?

Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com


Download OTListIt2 to your desktop.
  • Double click on OTL.exe to run it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A249BC15-23F2-42AD-F4E4-00AAC39C0004}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2CEB3AB-FEEC-45F5-8ADE-B2C33A60D85D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C4069E3A-68F1-403E-B40E-20066696354B}"=-

:Files
C:\SDFix
C:\MGlogs.zip
C:\MGtools
c:\windows\system32\klin
c:\windows\system32\hfxsd
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JHMM4TBB\down[1].exe 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T4QJZ1HQ\down[1].exe 

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.

Next
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check .
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt This is saved in the same location as OTL.

Please post back with
  • OTL fix log
  • OTL.txt

Any remaining issues? If not we will clean up our tools after you reply.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#20 nffc86

nffc86

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 04 October 2009 - 04:04 PM

Those things you mentioned are not in the Trusted Zone for any reason. There are no more issues that I am having with my laptop, so thanks ever so much :) Here are the txt files you asked for:




All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A249BC15-23F2-42AD-F4E4-00AAC39C0004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A249BC15-23F2-42AD-F4E4-00AAC39C0004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2CEB3AB-FEEC-45F5-8ADE-B2C33A60D85D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2CEB3AB-FEEC-45F5-8ADE-B2C33A60D85D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
========== FILES ==========
C:\SDFix\backups moved successfully.
C:\SDFix\backupreg moved successfully.
C:\SDFix\apps\Replace\xp moved successfully.
C:\SDFix\apps\Replace\w2k moved successfully.
C:\SDFix\apps\Replace moved successfully.
C:\SDFix\apps moved successfully.
C:\SDFix moved successfully.
C:\MGlogs.zip moved successfully.
C:\MGtools\temp moved successfully.
C:\MGtools moved successfully.
c:\windows\system32\klin moved successfully.
c:\windows\system32\hfxsd moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JHMM4TBB\down[1].exe moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T4QJZ1HQ\down[1].exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: ALLUSE~

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Helen Melon
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\Helen Melon\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 4029834 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 32763390 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\JET431.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 17048 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35.17 mb


OTL by OldTimer - Version 3.0.18.3 log created on 10042009_224506

Files\Folders moved on Reboot...
C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Mozilla\Firefox\Profiles\964kqff7.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\JET431.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_fc.dat not found!

Registry entries deleted on Reboot...





OTL logfile created on: 04/10/2009 22:54:35 - Run 1
OTL by OldTimer - Version 3.0.18.3 Folder = C:\Documents and Settings\Helen Melon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.42 Mb Total Physical Memory | 371.17 Mb Available Physical Memory | 36.59% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 76.10% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 11.03 Gb Free Space | 29.60% Space Free | Partition Type: NTFS
Drive D: | 30.28 Gb Total Space | 30.27 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HELEN
Current User Name: Helen Melon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\igfxext.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Documents and Settings\Helen Melon\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment [On_Demand | Stopped]) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (KService [Auto | Running]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (MSSQL$VAIO_VEDB [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SQLAgent$VAIO_VEDB [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VCI [Auto | Stopped]) -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe (Sony Corporation)
SRV - (Vcsw [On_Demand | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LEX_AS_NIC_SERVICE_YNOS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ExpasAG.sys (Atheros Communications, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (P1001VID [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\P1001Vid.sys (Creative Technology Ltd.)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PrivateDisk [System | Running]) -- C:\WINDOWS\System32\Drivers\PrivateDiskM.sys (Utimaco Safeware AG)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SNC [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SonyNC.sys (Sony Corporation)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (tifmsony [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifmsony.sys (Texas Instruments)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel« Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/14 01:14:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 02:01:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/03 01:15:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/03 01:15:27 | 00,000,000 | ---D | M]

[2008/08/29 15:27:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Extensions
[2008/08/29 15:27:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/04 15:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Firefox\Profiles\964kqff7.default\extensions
[2009/09/09 01:43:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Firefox\Profiles\964kqff7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/17 00:19:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Firefox\Profiles\964kqff7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/03 03:19:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/03 01:15:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 21:17:45 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 21:17:45 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/02/27 18:57:38 | 00,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/08/16 17:28:08 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/08/24 21:17:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/06/26 16:29:34 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll
[2009/09/03 11:53:00 | 00,030,912 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 20:10:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 20:10:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 20:10:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 20:10:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 20:10:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamesp...nch/alaunch.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/22 13:47:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/17 00:19:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/03 03:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/03 03:25:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/03 03:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Application Data\PC Tools
[2009/09/19 02:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Application Data\Spotify
[2009/09/29 00:26:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Application Data\vlc
[2009/09/19 02:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Spotify
[2009/10/03 03:25:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/04 19:07:09 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/09/19 02:03:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spotify
[2009/10/03 03:25:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/09/29 00:24:42 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/03 01:42:23 | 00,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2009/10/03 01:48:12 | 00,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2009/10/04 22:45:06 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/04 22:44:02 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\OTL.exe
[2009/10/04 18:56:52 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/04 18:52:53 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\TFC.exe
[2009/10/04 15:45:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Desktop\user
[2009/10/04 01:08:39 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/04 00:51:39 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/04 00:49:25 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/04 00:49:25 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/04 00:49:25 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/04 00:49:25 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/04 00:48:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/04 00:45:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/03 15:25:59 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Helen Melon\Desktop\RootRepeal.exe
[2009/10/03 14:09:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/10/03 13:56:31 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/03 13:56:07 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\OTM.exe
[2009/10/03 13:50:52 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Helen Melon\My Documents\mb.exe
[2009/10/03 13:36:56 | 03,309,072 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Helen Melon\My Documents\ccsetup224.exe
[2009/10/03 03:26:48 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/03 03:26:24 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/03 03:26:24 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/03 03:25:50 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/03 03:24:26 | 26,733,120 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Helen Melon\My Documents\sdsetup_aff.exe
[2009/10/03 03:21:43 | 18,610,456 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Helen Melon\My Documents\6.1.0.448b-sdrevenue-setup.exe
[2009/10/03 02:07:42 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/09/29 00:10:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Desktop\Private Practice Season 2 Ep 12-22
[2009/09/19 23:57:00 | 01,146,696 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Helen Melon\My Documents\wlsetup-custom.exe
[2009/09/11 01:46:39 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll

========== Files - Modified Within 30 Days ==========

[2009/10/04 22:49:21 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/04 22:47:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/04 22:46:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 22:46:53 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/04 22:44:12 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\OTL.exe
[2009/10/04 19:52:56 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\dds.scr
[2009/10/04 18:52:54 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\TFC.exe
[2009/10/04 18:07:34 | 00,085,504 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\Inherit.exe
[2009/10/04 17:38:26 | 42,259,529 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/04 17:37:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/04 15:44:50 | 00,046,415 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\user.zip
[2009/10/04 15:37:15 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/04 00:51:47 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/04 00:43:08 | 03,324,455 | R--- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\jgh.exe
[2009/10/03 20:04:58 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\Win32kDiag.exe
[2009/10/03 20:03:12 | 00,284,160 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\exeHelper.com
[2009/10/03 15:26:01 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Helen Melon\Desktop\RootRepeal.exe
[2009/10/03 14:01:44 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\SDFix.exe
[2009/10/03 13:57:49 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MBAM.lnk
[2009/10/03 13:56:07 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\OTM.exe
[2009/10/03 13:51:05 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Helen Melon\My Documents\mb.exe
[2009/10/03 13:37:24 | 00,001,552 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\CCleaner.lnk
[2009/10/03 13:37:01 | 03,309,072 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Helen Melon\My Documents\ccsetup224.exe
[2009/10/03 13:21:12 | 00,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Wise Registry Cleaner 4.job
[2009/10/03 13:09:05 | 00,000,606 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/03 13:09:05 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/03 03:25:58 | 00,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/03 03:25:06 | 18,610,456 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Helen Melon\My Documents\6.1.0.448b-sdrevenue-setup.exe
[2009/10/03 03:25:05 | 26,733,120 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Helen Melon\My Documents\sdsetup_aff.exe
[2009/10/03 03:03:12 | 00,004,566 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/03 02:49:04 | 00,018,717 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\zesonoto.lib
[2009/10/03 02:49:04 | 00,013,129 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\favumuzu.db
[2009/10/03 02:49:04 | 00,011,786 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qejam.db
[2009/10/03 02:27:48 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/03 01:48:12 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk
[2009/10/03 01:48:12 | 00,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner 4.lnk
[2009/10/03 01:15:31 | 00,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/01 11:32:30 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/29 00:34:15 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/29 00:25:22 | 00,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/09/29 00:23:55 | 18,527,244 | ---- | M] () -- C:\Documents and Settings\Helen Melon\My Documents\vlc-1.0.2-win32.exe
[2009/09/28 00:34:06 | 00,234,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/26 20:08:50 | 00,049,544 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/26 19:56:42 | 01,146,696 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Helen Melon\My Documents\wlsetup-custom.exe
[2009/09/20 00:32:21 | 00,547,896 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/20 00:32:21 | 00,460,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/20 00:32:21 | 00,080,122 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/19 02:03:52 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\Spotify.lnk
[2009/09/19 02:03:37 | 02,709,400 | ---- | M] () -- C:\Documents and Settings\Helen Melon\My Documents\Spotify Installer.exe
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/10/04 19:52:54 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\dds.scr
[2009/10/04 18:07:34 | 00,085,504 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\Inherit.exe
[2009/10/04 15:44:49 | 00,046,415 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\user.zip
[2009/10/04 00:51:46 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/04 00:51:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/04 00:49:25 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/04 00:49:25 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/04 00:49:25 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/04 00:49:25 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/04 00:43:06 | 03,324,455 | R--- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\jgh.exe
[2009/10/03 20:03:40 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\Win32kDiag.exe
[2009/10/03 20:00:04 | 00,284,160 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\exeHelper.com
[2009/10/03 15:14:01 | 10,637,68064 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/03 14:01:30 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\SDFix.exe
[2009/10/03 13:51:48 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MBAM.lnk
[2009/10/03 13:37:24 | 00,001,552 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\CCleaner.lnk
[2009/10/03 13:21:12 | 00,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Wise Registry Cleaner 4.job
[2009/10/03 03:26:24 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/03 03:25:58 | 00,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/03 02:49:04 | 00,018,717 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\zesonoto.lib
[2009/10/03 02:49:04 | 00,013,129 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\favumuzu.db
[2009/10/03 02:49:04 | 00,011,786 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qejam.db
[2009/10/03 02:39:51 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Application Data\iniasd.txt
[2009/10/03 01:48:12 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk
[2009/10/03 01:48:12 | 00,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner 4.lnk
[2009/10/03 01:15:31 | 00,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/29 00:25:22 | 00,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/09/29 00:21:09 | 18,527,244 | ---- | C] () -- C:\Documents and Settings\Helen Melon\My Documents\vlc-1.0.2-win32.exe
[2009/09/19 02:03:52 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\Spotify.lnk
[2009/09/19 02:03:37 | 02,709,400 | ---- | C] () -- C:\Documents and Settings\Helen Melon\My Documents\Spotify Installer.exe
[2008/03/22 00:33:33 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/12/11 20:35:40 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/12/11 20:35:40 | 00,000,340 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/12/11 20:35:03 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/12/11 20:35:03 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/12/11 20:35:03 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/05/16 20:55:56 | 00,010,240 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/01 13:58:42 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/05/01 13:58:00 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/03/23 18:14:21 | 02,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2007/01/17 12:49:27 | 00,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2006/09/21 15:57:26 | 00,010,600 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/09/13 10:43:21 | 00,003,039 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2006/08/06 17:19:10 | 02,109,282 | -H-- | C] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\IconCache.db
[2006/08/05 21:40:04 | 00,021,056 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Application Data\wklnhst.dat
[2006/08/05 21:38:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/05 12:57:48 | 00,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/02 14:09:52 | 00,000,055 | R--- | C] () -- C:\WINDOWS\System32\P1001Sti.ini
[2006/08/01 14:15:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/08/01 14:02:18 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/08/01 14:02:18 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/08/01 14:02:18 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/07/30 15:02:02 | 00,049,544 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/07/30 12:38:19 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\fusioncache.dat
[2006/07/29 16:41:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Helen Melon\Application Data\desktop.ini
[2006/04/04 18:17:42 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/04/04 18:15:18 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/22 22:18:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/22 19:36:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/22 19:36:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/22 19:36:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/22 19:36:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/22 19:36:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/22 19:36:07 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/22 19:23:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/02/22 15:53:43 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2006/02/22 14:03:33 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/22 13:39:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/02/22 04:33:37 | 00,003,822 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/22 04:33:14 | 00,000,606 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/22 04:33:10 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/11/01 09:53:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2009/10/04 01:08:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/15 01:26:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/02/06 00:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2007/11/29 13:10:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2006/02/22 15:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/10/04 22:57:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2007/11/12 18:43:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/02/22 14:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/10/03 03:49:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/04 15:35:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Helen Melon\Application Data
[2006/11/07 23:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\InterVideo
[2006/10/11 16:04:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\Leadertech
[2007/01/02 20:44:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\OfficeUpdate12
[2006/09/18 08:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\sony
[2009/09/19 02:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\Spotify
[2006/08/17 19:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\Teleca
[2009/06/17 17:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\U3
[2007/10/26 20:06:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\uTorrent
[2008/04/12 12:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\Ventrilo
[2009/10/03 02:27:48 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/04 22:47:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/03 13:21:12 | 00,000,476 | ---- | M] () -- C:\WINDOWS\Tasks\Wise Registry Cleaner 4.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#21 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 04 October 2009 - 11:00 PM

Hi nffc86,

Ok, we'll remove those entries from the Trusted Zone.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:OTL
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
[2009/10/03 02:49:04 | 00,018,717 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\zesonoto.lib
[2009/10/03 02:49:04 | 00,013,129 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\favumuzu.db
[2009/10/03 02:49:04 | 00,011,786 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qejam.db
[2009/10/03 02:39:51 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Application Data\iniasd.txt

:Commands
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
After your computer has restarted, please obtain a new OTL scan log. This time UNcheck Lop and Purity. Please post that log.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#22 nffc86

nffc86

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 05 October 2009 - 05:47 AM

OTL logfile created on: 05/10/2009 12:37:48 - Run 2
OTL by OldTimer - Version 3.0.18.3 Folder = C:\Documents and Settings\Helen Melon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.42 Mb Total Physical Memory | 312.86 Mb Available Physical Memory | 30.84% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.91 Gb Free Space | 29.28% Space Free | Partition Type: NTFS
Drive D: | 30.28 Gb Total Space | 30.27 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HELEN
Current User Name: Helen Melon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\igfxext.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Documents and Settings\Helen Melon\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment [On_Demand | Stopped]) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (KService [Auto | Running]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (MSSQL$VAIO_VEDB [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SQLAgent$VAIO_VEDB [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VCI [Auto | Stopped]) -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe (Sony Corporation)
SRV - (Vcsw [On_Demand | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LEX_AS_NIC_SERVICE_YNOS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ExpasAG.sys (Atheros Communications, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (P1001VID [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\P1001Vid.sys (Creative Technology Ltd.)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PrivateDisk [System | Running]) -- C:\WINDOWS\System32\Drivers\PrivateDiskM.sys (Utimaco Safeware AG)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SNC [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SonyNC.sys (Sony Corporation)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (tifmsony [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifmsony.sys (Texas Instruments)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel« Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/14 01:14:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 02:01:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/03 01:15:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/03 01:15:27 | 00,000,000 | ---D | M]

[2008/08/29 15:27:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Extensions
[2008/08/29 15:27:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/04 15:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Firefox\Profiles\964kqff7.default\extensions
[2009/09/09 01:43:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Firefox\Profiles\964kqff7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/17 00:19:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Helen Melon\Application Data\mozilla\Firefox\Profiles\964kqff7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/03 03:19:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/03 01:15:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 21:17:45 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 21:17:45 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/02/27 18:57:38 | 00,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/08/16 17:28:08 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/08/24 21:17:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/06/26 16:29:34 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll
[2009/09/03 11:53:00 | 00,030,912 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 20:10:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 20:10:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 20:10:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 20:10:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 20:10:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamesp...nch/alaunch.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/22 13:47:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/17 00:19:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/03 03:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/03 03:25:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/03 03:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Application Data\PC Tools
[2009/09/19 02:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Application Data\Spotify
[2009/09/29 00:26:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Application Data\vlc
[2009/09/19 02:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\Spotify
[2009/10/03 03:25:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/04 19:07:09 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/09/19 02:03:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spotify
[2009/10/03 03:25:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/09/29 00:24:42 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/03 01:42:23 | 00,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2009/10/03 01:48:12 | 00,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2009/10/04 22:45:06 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/04 22:44:02 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\OTL.exe
[2009/10/04 18:56:52 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/04 18:52:53 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\TFC.exe
[2009/10/04 15:45:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Desktop\user
[2009/10/04 01:08:39 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/04 00:51:39 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/04 00:49:25 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/04 00:49:25 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/04 00:49:25 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/04 00:49:25 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/04 00:48:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/04 00:45:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/03 15:25:59 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Helen Melon\Desktop\RootRepeal.exe
[2009/10/03 14:09:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/10/03 13:56:31 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/03 13:56:07 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\OTM.exe
[2009/10/03 13:50:52 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Helen Melon\My Documents\mb.exe
[2009/10/03 13:36:56 | 03,309,072 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Helen Melon\My Documents\ccsetup224.exe
[2009/10/03 03:26:48 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/03 03:26:24 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/03 03:26:24 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/03 03:25:50 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/03 03:24:26 | 26,733,120 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Helen Melon\My Documents\sdsetup_aff.exe
[2009/10/03 03:21:43 | 18,610,456 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Helen Melon\My Documents\6.1.0.448b-sdrevenue-setup.exe
[2009/10/03 02:07:42 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/09/29 00:10:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Helen Melon\Desktop\Private Practice Season 2 Ep 12-22
[2009/09/19 23:57:00 | 01,146,696 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Helen Melon\My Documents\wlsetup-custom.exe
[2009/09/11 01:46:39 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll

========== Files - Modified Within 30 Days ==========

[2009/10/05 12:34:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/05 12:31:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/05 12:31:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/05 12:31:26 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/05 12:28:59 | 42,285,522 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/05 01:26:13 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/04 22:44:12 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\OTL.exe
[2009/10/04 19:52:56 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\dds.scr
[2009/10/04 18:52:54 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\TFC.exe
[2009/10/04 18:07:34 | 00,085,504 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\Inherit.exe
[2009/10/04 17:37:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/04 15:44:50 | 00,046,415 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\user.zip
[2009/10/04 15:37:15 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/04 00:51:47 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/04 00:43:08 | 03,324,455 | R--- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\jgh.exe
[2009/10/03 20:04:58 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\Win32kDiag.exe
[2009/10/03 20:03:12 | 00,284,160 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\exeHelper.com
[2009/10/03 15:26:01 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Helen Melon\Desktop\RootRepeal.exe
[2009/10/03 14:01:44 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\SDFix.exe
[2009/10/03 13:57:49 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MBAM.lnk
[2009/10/03 13:56:07 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helen Melon\Desktop\OTM.exe
[2009/10/03 13:51:05 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Helen Melon\My Documents\mb.exe
[2009/10/03 13:37:24 | 00,001,552 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\CCleaner.lnk
[2009/10/03 13:37:01 | 03,309,072 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Helen Melon\My Documents\ccsetup224.exe
[2009/10/03 13:21:12 | 00,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Wise Registry Cleaner 4.job
[2009/10/03 13:09:05 | 00,000,606 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/03 13:09:05 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/10/03 03:25:58 | 00,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/03 03:25:06 | 18,610,456 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Helen Melon\My Documents\6.1.0.448b-sdrevenue-setup.exe
[2009/10/03 03:25:05 | 26,733,120 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Helen Melon\My Documents\sdsetup_aff.exe
[2009/10/03 03:03:12 | 00,004,566 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/03 01:48:12 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk
[2009/10/03 01:48:12 | 00,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner 4.lnk
[2009/10/03 01:15:31 | 00,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/01 11:32:30 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/29 00:34:15 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/29 00:25:22 | 00,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/09/29 00:23:55 | 18,527,244 | ---- | M] () -- C:\Documents and Settings\Helen Melon\My Documents\vlc-1.0.2-win32.exe
[2009/09/28 00:34:06 | 00,234,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/26 20:08:50 | 00,049,544 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/26 19:56:42 | 01,146,696 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Helen Melon\My Documents\wlsetup-custom.exe
[2009/09/20 00:32:21 | 00,547,896 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/20 00:32:21 | 00,460,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/20 00:32:21 | 00,080,122 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/19 02:03:52 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Helen Melon\Desktop\Spotify.lnk
[2009/09/19 02:03:37 | 02,709,400 | ---- | M] () -- C:\Documents and Settings\Helen Melon\My Documents\Spotify Installer.exe
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/10/04 19:52:54 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\dds.scr
[2009/10/04 18:07:34 | 00,085,504 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\Inherit.exe
[2009/10/04 15:44:49 | 00,046,415 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\user.zip
[2009/10/04 00:51:46 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/04 00:51:40 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/04 00:49:25 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/04 00:49:25 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/04 00:49:25 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/04 00:49:25 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/04 00:43:06 | 03,324,455 | R--- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\jgh.exe
[2009/10/03 20:03:40 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\Win32kDiag.exe
[2009/10/03 20:00:04 | 00,284,160 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\exeHelper.com
[2009/10/03 15:14:01 | 10,637,68064 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/03 14:01:30 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\SDFix.exe
[2009/10/03 13:51:48 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MBAM.lnk
[2009/10/03 13:37:24 | 00,001,552 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\CCleaner.lnk
[2009/10/03 13:21:12 | 00,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Wise Registry Cleaner 4.job
[2009/10/03 03:26:24 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/03 03:25:58 | 00,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/03 01:48:12 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk
[2009/10/03 01:48:12 | 00,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner 4.lnk
[2009/10/03 01:15:31 | 00,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/29 00:25:22 | 00,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/09/29 00:21:09 | 18,527,244 | ---- | C] () -- C:\Documents and Settings\Helen Melon\My Documents\vlc-1.0.2-win32.exe
[2009/09/19 02:03:52 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Desktop\Spotify.lnk
[2009/09/19 02:03:37 | 02,709,400 | ---- | C] () -- C:\Documents and Settings\Helen Melon\My Documents\Spotify Installer.exe
[2008/03/22 00:33:33 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/12/11 20:35:40 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/12/11 20:35:40 | 00,000,340 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/12/11 20:35:03 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/12/11 20:35:03 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/12/11 20:35:03 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/05/16 20:55:56 | 00,010,240 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/01 13:58:42 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/05/01 13:58:00 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/03/23 18:14:21 | 02,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2007/01/17 12:49:27 | 00,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2006/09/21 15:57:26 | 00,010,600 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/09/13 10:43:21 | 00,003,039 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2006/08/06 17:19:10 | 02,109,282 | -H-- | C] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\IconCache.db
[2006/08/05 21:40:04 | 00,021,056 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Application Data\wklnhst.dat
[2006/08/05 21:38:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/05 12:57:48 | 00,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/02 14:09:52 | 00,000,055 | R--- | C] () -- C:\WINDOWS\System32\P1001Sti.ini
[2006/08/01 14:15:15 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/08/01 14:02:18 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/08/01 14:02:18 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/08/01 14:02:18 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/07/30 15:02:02 | 00,049,544 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/07/30 12:38:19 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Helen Melon\Local Settings\Application Data\fusioncache.dat
[2006/07/29 16:41:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Helen Melon\Application Data\desktop.ini
[2006/04/04 18:17:42 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/04/04 18:15:18 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/22 22:18:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/22 19:36:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/22 19:36:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/22 19:36:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/22 19:36:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/22 19:36:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/22 19:36:07 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/22 19:23:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/02/22 15:53:43 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2006/02/22 14:03:33 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/22 13:39:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/02/22 04:33:37 | 00,003,822 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/22 04:33:14 | 00,000,606 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/22 04:33:10 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/11/01 09:53:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#23 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 05 October 2009 - 06:02 AM

Hi nffc86,

Looks good.

We will reset the service that we disabled earlier. It will start on your next reboot.

Click the Start button, click Run. Copy and paste the following line into the run box and click OK

sc config Eventlog start= auto

Clean up time.

From your desktop, please delete
  • any notepads/logs that we created
  • junction.exe
  • run.bat
  • Inherit.exe
  • user.zip
  • Win32kDiag.exe
  • exeHelper.com
  • SDFix.exe
  • RootRepeal.exe
  • peek.bat
  • DDS.scr
  • fix.txt
  • fix.bat

In windows explorer please delete

C:\log.txt
C:\junction.txt


Eset online can be removed via add/remove programs if you wish.

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /u

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep it updated and use it regularly as an on demand scanner.

Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Acrobat Reader 3.01and Adobe Reader 8.1.1 first. Be sure to move any PDF documents to another folder first though.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have those.

You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.

- Keep your antivirus program updated, as well as any other security programs you have.

-Check this site out to check for out of date programs
Secunia Personal Software Inspector (PSI) 1.0

-More tips and programs can be found HERE

- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879

We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved".

Take care :adios:

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#24 nffc86

nffc86

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 05 October 2009 - 07:11 AM

Thank you ever so much for helping me out, you've been awesome :D P.S. I have done all of this now ^^

Edited by nffc86, 05 October 2009 - 07:12 AM.


#25 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 05 October 2009 - 06:17 PM

Hi nffc86, You are very welcome. Take care, keep safe.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#26 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 07 October 2009 - 10:57 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users