[RESOLVED] Virus ????

Started By katz1113, Oct 26 2011 02:59 AM

You cannot start a new topic
You cannot reply to this topic

43 replies to this topic

#1 katz1113

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 02:59 AM

Apparently my gmaill was compromised and from there they got my outlook express email. Traced the ip address to somewhere in France????....Now when I receive any emails into my inbox, they automatically switch over to my outbox & start sending to all my contacts. It's rather embarrassing, especially when my business contacts receive family photos etc. etc. I have been able to stop it from completeing by unchecking the automatic sending of my outbox, this gives me time to go into my outbox and delete them before they send, but this is a pain! Changing my password to outlook did not help, and I really don't want to change my email address as that would be a vast amount of work. Any advice?

Thanks
Katz1113

#2 Broni Re: [RESOLVED] Virus ????

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:52 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 03:03 AM

Well you went missing from this topic: http://www.smartestc...-google-chrome/ and it's never a good idea to leave a topic in the middle of cleaning process.
We'll have to start over.

Complete all steps listed here: http://www.smartestc...ease-read-this/

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

#3 katz1113 Re: [RESOLVED] Virus ????

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 03:29 AM

Broni, on 26 October 2011 - 03:03 AM, said:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

I apologize Broni... I was very ill for some time, still not well, but feeling a bit better..I should have contacted you and let you know I couldn't continue at that time

#4 Broni Re: [RESOLVED] Virus ????

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:52 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 03:34 AM

I'm glad you feel better :)

#5 katz1113 Re: [RESOLVED] Virus ????

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 12:28 PM

Thanks Broni..Ok here's the logs

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8021
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/25/2011 11:48:59 PM
mbam-log-2011-10-25 (23-48-59).txt
Scan type: Full scan (C:\|)
Objects scanned: 288168
Time elapsed: 1 hour(s), 15 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-26 05:18:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e HTS541010G9SA00 rev.MBZOC65D
Running: gmer.exe; Driver: C:\DOCUME~1\ARLENE\LOCALS~1\Temp\kgkdqpow.sys

---- System - GMER 1.0.15 ----
SSDT 8685B0A8 ZwAlertResumeThread
SSDT 86860BD0 ZwAlertThread
SSDT 85D80568 ZwAllocateVirtualMemory
SSDT 867F7D88 ZwAssignProcessToJobObject
SSDT 867EDC10 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA95D8980]
SSDT 865A7AD8 ZwCreateMutant
SSDT 86A755E0 ZwCreateSymbolicLinkObject
SSDT 869F1DA0 ZwCreateThread
SSDT 867F8BC0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA95D8C00]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA95D8F10]
SSDT 86856B90 ZwDuplicateObject
SSDT 8685F348 ZwFreeVirtualMemory
SSDT 868C10F0 ZwImpersonateAnonymousToken
SSDT 868600B0 ZwImpersonateThread
SSDT 867EE9D0 ZwLoadDriver
SSDT 869F2BB0 ZwMapViewOfSection
SSDT 86859D28 ZwOpenEvent
SSDT 86835768 ZwOpenProcess
SSDT 8683A720 ZwOpenProcessToken
SSDT 868613A8 ZwOpenSection
SSDT 8683A278 ZwOpenThread
SSDT 86A75690 ZwProtectVirtualMemory
SSDT 868582A8 ZwResumeThread
SSDT 86846CB0 ZwSetContextThread
SSDT 865A3F78 ZwSetInformationProcess
SSDT 86B39138 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA95D9160]
SSDT 8685A820 ZwSuspendProcess
SSDT 8684F0C0 ZwSuspendThread
SSDT 868388E0 ZwTerminateProcess
SSDT 8684E0E0 ZwTerminateThread
SSDT 8683D198 ZwUnmapViewOfSection
SSDT 8686C8E8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 4 Bytes JMP E364CC87
.text ntkrnlpa.exe!ZwCallbackReturn + 3038 805048D4 4 Bytes CALL 88D6CFA1
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\ti21sony.sys entry point in "init" section [0xF60B5051]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

Now I'll run aswMBR

#6 katz1113 Re: [RESOLVED] Virus ????

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 12:46 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-26 05:30:25
-----------------------------
05:30:25.171 OS Version: Windows 5.1.2600 Service Pack 3
05:30:25.171 Number of processors: 2 586 0xE08
05:30:25.171 ComputerName: VALUED-2D4C2DDC UserName: ARLENE
05:30:30.109 Initialize success
05:31:01.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
05:31:01.281 Disk 0 Vendor: HTS541010G9SA00 MBZOC65D Size: 95396MB BusType: 3
05:31:01.281 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000097
05:31:01.281 Disk 1 Vendor: ( Size: 95396MB BusType: 0
05:31:03.328 Disk 0 MBR read successfully
05:31:03.328 Disk 0 MBR scan
05:31:03.328 Disk 0 Windows XP default MBR code
05:31:03.359 Disk 0 scanning sectors +195366465
05:31:03.546 Disk 0 scanning C:\WINDOWS\system32\drivers
05:31:48.296 Service scanning
05:31:51.781 Modules scanning
05:32:42.578 Disk 0 trace - called modules:
05:32:42.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:32:42.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d78ab8]
05:32:42.625 3 CLASSPNP.SYS[f751efd7] -> nt!IofCallDriver -> \Device\0000008f[0x86d129e8]
05:32:42.625 5 ACPI.sys[f7395620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86d43940]
05:32:42.625 Scan finished successfully
05:32:59.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ARLENE\Desktop\MBR.dat"
05:32:59.109 The log file has been saved successfully to "C:\Documents and Settings\ARLENE\Desktop\aswMBR.txt"

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ARLENE at 5:34:31 on 2011-10-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.175 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gamesbar\SearchEngineProtection.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.82\oberontb.dll
BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.82\oberontb.dll
TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SearchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
uRun: [Google Update] "c:\documents and settings\arlene\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
mRun: [USSShReg] c:\progra~1\uleads~1\uleadp~1\ssaver\Ussshreg.exe /r
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.82\oberontb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289250041187
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
TCP: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{5654987D-4548-421B-BF66-0F370691F2DA} : DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\607\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1301010.003\symds.sys [2011-10-19 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1301010.003\symefa.sys [2011-10-19 897656]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-14 818808]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1301010.003\ccsetx86.sys [2011-10-19 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1301010.003\ironx86.sys [2011-10-19 149624]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-12-15 14336]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.1.1.3\ccsvchst.exe [2011-10-19 138760]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-7-5 10680]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-18 399416]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2011-9-9 2368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-20 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20111025.030\IDSXpx86.sys [2011-10-25 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\virusdefs\20111025.024\NAVENG.SYS [2011-10-25 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\virusdefs\20111025.024\NAVEX15.SYS [2011-10-25 1576312]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-15 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-15 217472]
S0 ognl;ognl;c:\windows\system32\drivers\hten.sys --> c:\windows\system32\drivers\hten.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-13 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-13 136176]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\arlene\local settings\application data\crossloop\tvnserver.exe [2011-5-12 814080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CrossLoopService;CrossLoop Service;c:\documents and settings\arlene\local settings\application data\crossloop\CrossLoopService.exe [2011-5-12 560848]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-18 993848]
.
=============== Created Last 30 ================
.
2011-10-26 01:29:53 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 06:01:53 -------- d-----w- c:\program files\IconChanger
2011-10-21 19:08:40 -------- d-----w- c:\documents and settings\arlene\application data\Doblon
2011-10-19 20:07:21 387192 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symtdi.sys
2011-10-19 20:07:21 344184 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symtdiv.sys
2011-10-19 20:07:21 314488 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symnets.sys
2011-10-19 20:07:20 897656 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symefa.sys
2011-10-19 20:07:20 566904 ----a-w- c:\windows\system32\drivers\nav\1301010.003\srtsp.sys
2011-10-19 20:07:20 340088 ----a-r- c:\windows\system32\drivers\nav\1301010.003\symds.sys
2011-10-19 20:07:20 31864 ----a-w- c:\windows\system32\drivers\nav\1301010.003\srtspx.sys
2011-10-19 20:07:19 149624 ----a-w- c:\windows\system32\drivers\nav\1301010.003\ironx86.sys
2011-10-19 20:07:19 132744 ----a-w- c:\windows\system32\drivers\nav\1301010.003\ccsetx86.sys
2011-10-19 20:06:53 -------- d-----w- c:\windows\system32\drivers\nav\1301010.003
2011-10-19 20:03:34 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-19 20:03:34 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-19 20:03:34 -------- d-----w- c:\program files\Symantec
2011-10-19 20:03:34 -------- d-----w- c:\program files\common files\Symantec Shared
2011-10-19 20:02:41 -------- d-----w- c:\windows\system32\drivers\NAV
2011-10-19 20:02:38 -------- d-----w- c:\program files\Norton AntiVirus
2011-10-19 20:02:29 -------- d-----w- c:\program files\NortonInstaller
2011-10-18 18:04:08 -------- d-----w- c:\program files\Ask.com
2011-10-18 18:04:04 -------- d-----w- c:\documents and settings\arlene\local settings\application data\AskToolbar
2011-10-18 18:03:37 -------- d-----w- c:\documents and settings\arlene\local settings\application data\APN
2011-10-03 21:01:33 93240 ----atw- c:\documents and settings\arlene\application data\microsoft\~DFK23d18e.tmp
2011-09-28 16:48:53 -------- d-----w- c:\program files\NORTON - REISTALLED BY SUPPORT - SEPT 28-2011
2011-09-28 15:56:30 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-09-28 15:56:22 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
.
==================== Find3M ====================
.
2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-22 01:06:09 774144 ----a-w- c:\program files\RngInterstitial.dll
2011-09-22 00:39:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-21 20:41:45 103784 ----a-w- c:\documents and settings\arlene\GoToAssistDownloadHelper.exe
2011-09-09 20:36:04 2368 ----a-w- c:\windows\system32\SVKP.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-23 22:23:23 2828 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-08-23 22:12:40 8 --sh--r- c:\documents and settings\all users\application data\CB42B86796.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-05-09 00:03:34 11991272 ----a-w- c:\program files\mp3rocket.exe
2009-06-03 14:34:54 3752448 ----a-w- c:\program files\ShowPresenter2008-02-29.msi
2011-07-07 01:56:08 203776 --sh--w- c:\windows\system32\unrar.exe
2011-07-07 01:56:12 203776 --sh--w- c:\windows\system32\6028879dc45bca0bea6f2597f908460e\unrar.exe
.
============= FINISH: 5:35:46.93 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/8/2010 12:28:10 PM
System Uptime: 10/25/2011 8:03:45 PM (9 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | N/A | 1662/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 87 GiB total, 9.273 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1F900698004603
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\1F900698004603
Service: NIC1394
.
Class GUID:
Description: Microtek SimpleSCSI Miniport Drivers
Device ID: ROOT\SCSIADAPTER\SMPLSCSI.INF&SMPLSCSI
Manufacturer: Company
Name: Microtek SimpleSCSI Miniport Drivers
PNP Device ID: ROOT\SCSIADAPTER\SMPLSCSI.INF&SMPLSCSI
Service: SMPLSCSI
.
==== System Restore Points ===================
.
RP350: 10/3/2011 3:37:27 PM - System Checkpoint
RP351: 10/4/2011 7:45:33 PM - System Checkpoint
RP352: 10/6/2011 1:34:50 AM - System Checkpoint
RP353: 10/7/2011 6:50:05 AM - System Checkpoint
RP354: 10/8/2011 11:33:39 AM - System Checkpoint
RP355: 10/9/2011 12:15:27 PM - System Checkpoint
RP356: 10/10/2011 3:06:12 PM - System Checkpoint
RP357: 10/11/2011 10:55:40 PM - System Checkpoint
RP358: 10/12/2011 5:16:32 PM - Software Distribution Service 3.0
RP359: 10/14/2011 1:14:28 AM - System Checkpoint
RP360: 10/15/2011 9:32:41 AM - System Checkpoint
RP361: 10/16/2011 4:11:14 PM - Removed MP3+G Toolz
RP362: 10/16/2011 4:12:16 PM - Installed MP3+G Toolz
RP363: 10/17/2011 8:21:27 PM - System Checkpoint
RP364: 10/19/2011 1:16:16 AM - System Checkpoint
RP365: 10/19/2011 11:35:03 AM - Installed Java™ 6 Update 29
RP366: 10/20/2011 12:24:33 PM - System Checkpoint
RP367: 10/21/2011 2:17:01 PM - System Checkpoint
RP368: 10/22/2011 6:27:03 PM - System Checkpoint
RP369: 10/24/2011 3:19:36 AM - System Checkpoint
RP370: 10/24/2011 12:45:11 PM - Installed Roxio Easy Media Creator 9 Suite
RP371: 10/25/2011 1:39:12 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
Akamai NetSession Interface
Anti-Twin (Installation 11/9/2010)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Auslogics Disk Defrag
AutoUpdate
Bejeweled 3
Big Fish Games: Game Manager
Bonjour
CCleaner
CCScore
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.00
Compatibility Pack for the 2007 Office system
Corel WinDVD 2010
CrossLoop 2.74
DivX
DVgate Plus
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
ESPR320 Reference Guide
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Febooti fileTweak
Febooti fileTweak Case
FileHippo.com Update Checker
Free Opener
GamesBar 2.0.1.82
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
IconChanger
Image Converter 2 Plus
ImageStation
Ink Monitor
InstallIQ Updater
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO
ISScript
Itibiti RTC
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 29
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Karaoke CD+G Creator Pro
Karaoke Song List Creator Professional KJ Edition 2004
Ken Ward's Zipper 1.4000
Knctr
Kodak EasyShare software
LAN Setting Utility
Luxor Bundle Pack
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microtek ScanSuite 1.11
Microtek ScanWizard
mIRC
mMHouse
MobileMe Control Panel
MP3 Rocket
MP3+G Toolz
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
mXML
NEC Electronics USB 3.0 Host Controller Driver
netbrdg
Nitro PDF Reader 2
Norton AntiVirus
NVIDIA Drivers
Office 2003 Trial Assistant
OfotoXMI
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.3.00
ParetoLogic FileCure
PhotoScape
Power CD+G Burner
Power CD+G Player Pro
Quicken 2006
QuickTime
Request Slip Generator
Roxio DigitalMedia Audio
Roxio DigitalMedia Data
Roxio Easy Media Creator 9 Suite
Scrabble Tour
Seagate Manager Installer
Search Enhancement by AOL Search
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Setting Utility Series
SFR
SHASTA
Show Presenter
SigmaTel Audio
skin0001
SKINXSDK
Skype™ 5.0
SmartSound Common Data
SmartSound Quicktracks 5
Sonic Encoders
SonicStage Mastering Studio 2.1
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
staticcr
Switch Sound File Converter
TeamViewer 6
TurboZIP Express
Ulead PhotoImpact 4.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VPRINTOL
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip Self-Extractor
WIRELESS
Wireless Switch Setting Utility
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader 3.3
.
==== End Of File ===========================

Couldn't sleep so thought I'd continue.....Hope I've followed the instructions correctly..

Thanks Broni

#7 Broni Re: [RESOLVED] Virus ????

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:52 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 05:32 PM

So far all looks clean.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

#8 katz1113 Re: [RESOLVED] Virus ????

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 06:36 PM

sorry Broni.. what is script blocking and where do I find it to turn it off?

#9 Broni Re: [RESOLVED] Virus ????

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:52 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 06:38 PM

You don't have any of those running.
Go ahead with Combofix.

#10 katz1113 Re: [RESOLVED] Virus ????

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 06:53 PM

Broni I ran Combo fix..it asked me to update it...so I did, it ran again but I did not get any .txt file???? Now what?

#11 Broni Re: [RESOLVED] Virus ????

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:52 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 06:55 PM

Re-run it one more time.

#12 katz1113 Re: [RESOLVED] Virus ????

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 07:03 PM

ComboFix 11-09-12.01 - ARLENE 09/11/2011 23:19:33.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.479 [GMT -7:00]
Running from: c:\documents and settings\ARLENE\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-09 20:36 . 2011-09-09 20:36 2368 ----a-w- c:\windows\system32\SVKP.sys
2011-09-04 21:39 . 2011-09-04 21:39 -------- d-----w- c:\program files\Febooti fileTweak Case
2011-09-03 19:01 . 2011-09-03 19:01 -------- d-----w- c:\documents and settings\ARLENE\Application Data\TightVNC
2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-31 18:30 . 2011-08-31 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\GamesBar
2011-08-31 18:30 . 2011-08-31 18:30 -------- d-----w- c:\program files\GamesBar
2011-08-31 18:30 . 2011-08-31 18:30 -------- d-----w- c:\program files\Common Files\Oberon Media
2011-08-31 18:01 . 2011-08-31 18:01 -------- d-----w- c:\documents and settings\ARLENE\Local Settings\Application Data\Oberon Media
2011-08-26 16:43 . 2011-08-26 16:43 -------- d-----w- c:\program files\FileStream
2011-08-24 17:12 . 2011-08-24 17:12 -------- d-----w- c:\program files\CCleaner
2011-08-24 06:13 . 2011-08-24 06:13 -------- d-----w- c:\program files\Ulead Systems
2011-08-24 04:58 . 2011-08-24 04:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-24 04:58 . 2011-08-24 04:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-24 04:58 . 2011-08-24 04:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-24 04:58 . 2011-08-24 04:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-24 04:58 . 2011-08-24 04:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-24 04:58 . 2011-08-24 04:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-24 04:58 . 2011-08-24 04:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-24 04:57 . 2011-08-24 04:58 -------- d-----w- c:\program files\QuickTime
2011-08-24 04:30 . 2011-08-24 04:30 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-08-23 22:47 . 2011-08-23 22:47 -------- d-----w- c:\documents and settings\ARLENE\Application Data\IObit
2011-08-23 22:35 . 2011-08-24 06:08 -------- d-----w- c:\program files\Citrix
2011-08-23 22:35 . 2011-08-23 22:35 -------- d-----w- c:\documents and settings\ARLENE\Local Settings\Application Data\Citrix
2011-08-23 22:12 . 2011-08-23 22:12 8 --sh--r- c:\documents and settings\All Users\Application Data\CB42B86796.sys
2011-08-23 22:12 . 2011-08-23 22:23 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-08-23 21:55 . 2011-08-23 23:04 -------- d-----w- c:\documents and settings\ARLENE\Application Data\Corel
2011-08-23 16:31 . 2011-09-12 06:13 -------- d-----w- c:\program files\Common Files\Akamai
2011-08-23 04:56 . 2011-08-23 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2011-08-22 22:25 . 2011-08-22 22:25 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-22 17:55 . 2011-08-22 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2011-08-22 17:49 . 2011-08-22 17:50 -------- d-----w- c:\program files\SmartSound Software
2011-08-22 17:49 . 2011-08-22 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2011-08-22 17:47 . 2011-08-22 17:47 -------- d-----w- c:\windows\system32\windows media
2011-08-22 17:30 . 2011-08-22 17:30 -------- d-----w- c:\program files\Windows Media Components
2011-08-22 17:27 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-08-22 15:16 . 2011-08-22 15:16 -------- d-----w- c:\documents and settings\ARLENE\Application Data\InterVideo
2011-08-22 05:33 . 2011-08-22 05:33 -------- d-----w- c:\documents and settings\ARLENE\Application Data\SpinTop
2011-08-20 19:22 . 2011-08-20 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-08-20 19:21 . 2011-08-20 19:21 -------- d-----w- c:\documents and settings\ARLENE\Local Settings\Application Data\Babylon
2011-08-20 19:21 . 2011-08-20 19:21 -------- d-----w- c:\documents and settings\ARLENE\Application Data\Babylon
2011-08-20 19:21 . 2011-08-20 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2011-08-16 01:18 . 2011-08-16 01:18 -------- d-----w- c:\documents and settings\ARLENE\Application Data\U3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2005-12-16 02:51 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-24 04:52 . 2011-06-13 18:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2005-12-16 02:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-12-16 02:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 02:52 . 2011-05-16 00:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-05-16 00:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 01:56 . 2011-07-07 01:56 203776 --sh--w- c:\windows\system32\unrar.exe
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2005-12-16 04:08 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-12-16 02:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2005-12-16 02:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2005-12-16 02:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2005-12-16 02:51 385024 ----a-w- c:\windows\system32\html.iec
2011-06-22 01:56 . 2011-07-02 14:10 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-06-22 01:56 . 2011-07-02 14:10 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-06-20 17:44 . 2005-12-16 02:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-05-09 00:03 . 2011-05-09 00:05 11991272 ----a-w- c:\program files\mp3rocket.exe
2009-06-03 14:34 . 2010-11-09 06:52 3752448 ----a-w- c:\program files\ShowPresenter2008-02-29.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-12_06.01.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-12 06:13 . 2011-09-12 06:13 16384 c:\windows\Temp\Perflib_Perfdata_5a4.dat
+ 2011-09-12 06:13 . 2011-09-12 06:13 16384 c:\windows\Temp\Perflib_Perfdata_438.dat
+ 2011-09-12 06:13 . 2011-09-12 06:13 16384 c:\windows\Temp\Perflib_Perfdata_2c4.dat
+ 2011-09-12 06:14 . 2011-09-12 06:14 16384 c:\windows\Temp\Perflib_Perfdata_260.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-10 1176064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-25 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-25 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-11-29 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-30 7335936]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"USSShReg"="c:\progra~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe" [1997-11-23 20992]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-18 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Album Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Album Fast Start.lnk
backup=c:\windows\pss\Album Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scanner Detector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scanner Detector.lnk
backup=c:\windows\pss\Scanner Detector.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
2004-05-05 08:54 262210 ------w- c:\program files\EPSON\Ink Monitor\InkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Itibiti.exe]
2011-07-11 19:16 5276672 ----a-w- c:\program files\Itibiti Soft Phone\Itibiti.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 14:55 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"gupdatem"=3 (0x3)
"CrossLoopService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\KaraokeWorld\\mirc.exe"=
"c:\\mIRC-TCKG5\\mirc.exe"=
"c:\\Realm2009\\mIRC.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\ARLENE\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\ARLENE\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Itibiti Soft Phone\\Itibiti.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
"1132:TCP"= 1132:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SymDS.sys [5/18/2011 5:38 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SymEFA.sys [5/18/2011 5:38 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20110901.001\BHDrvx86.sys [9/1/2011 5:04 PM 815736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.sys [5/18/2011 5:38 PM 136312]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/15/2005 7:52 PM 14336]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [5/18/2011 5:38 PM 130008]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [6/21/2011 6:57 PM 196912]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [7/5/2010 4:53 PM 10680]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/18/2011 11:44 PM 399416]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [9/9/2011 1:36 PM 2368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 4:29 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20110909.030\IDSXpx86.sys [9/9/2011 4:49 PM 356280]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/15/2005 7:52 PM 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12/15/2005 7:52 PM 217472]
S0 ognl;ognl;c:\windows\system32\drivers\hten.sys --> c:\windows\system32\drivers\hten.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/13/2010 2:54 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/13/2010 2:54 PM 136176]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [11/20/2009 7:15 PM 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [11/20/2009 7:15 PM 137728]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\ARLENE\Local Settings\Application Data\CrossLoop\tvnserver.exe [5/12/2011 9:36 AM 814080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 CrossLoopService;CrossLoop Service;c:\documents and settings\ARLENE\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [5/12/2011 9:36 AM 560848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-09-11 c:\windows\Tasks\FileCure Default.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-09-12 c:\windows\Tasks\FileCure Startup.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 21:54]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 21:54]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980763535-823180202-3228762547-1005Core.job
- c:\documents and settings\ARLENE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 20:05]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980763535-823180202-3228762547-1005UA.job
- c:\documents and settings\ARLENE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-09 20:05]
.
2011-09-12 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]
.
2011-09-01 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]
.
2011-09-12 c:\windows\Tasks\User_Feed_Synchronization-{C6435011-B8A5-47AA-BE0A-198E307AA3EF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
TCP: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-11 23:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3980763535-823180202-3228762547-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2011-09-11 23:38:33
ComboFix-quarantined-files.txt 2011-09-12 06:38
ComboFix2.txt 2011-09-12 06:07
.
Pre-Run: 20,209,270,784 bytes free
Post-Run: 20,191,764,480 bytes free
.
- - End Of File - - 4BC60320604A9FE0C2D0AA7ADF85366C

#13 Broni Re: [RESOLVED] Virus ????

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:52 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 07:06 PM

All clean :)

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

#14 katz1113 Re: [RESOLVED] Virus ????

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 07:13 PM

Ok so I skip the Rkill stuff and go straight to downloading OTL ? then continue following your instructions?

#15 Broni Re: [RESOLVED] Virus ????

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:52 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 07:21 PM

Yes. If you read my instructions carefully it says to run rKill only when Combofix doesn't want to run - not your case.

#16 katz1113 Re: [RESOLVED] Virus ????

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 07:48 PM

OTL logfile created on: 10/26/2011 12:30:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ARLENE\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 530.68 Mb Available Physical Memory | 52.33% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 75.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 9.26 Gb Free Space | 10.63% Space Free | Partition Type: NTFS

Computer Name: VALUED-2D4C2DDC | User Name: ARLENE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 12:09:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ARLENE\Desktop\OTL.exe
PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccsvchst.exe
PRC - [2011/08/09 17:02:04 | 001,176,064 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/06/21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
PRC - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/03/03 07:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files\GamesBar\SearchEngineProtection.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/27 08:41:18 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/10/27 08:14:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2005/12/01 03:20:02 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/11/28 17:42:52 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/11/24 12:47:34 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/09/01 12:44:46 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/01 12:44:46 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/09/01 12:44:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 18:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/03/11 18:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 20:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/04/26 03:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE
PRC - [2004/02/20 15:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/18 14:09:30 | 003,552,856 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 05:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/01/29 01:35:02 | 000,290,816 | ---- | M] () -- C:\Program Files\IconChanger\IconChng.dll
MOD - [2006/10/27 08:17:56 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/10/27 08:13:06 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2005/11/28 17:45:50 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony\VAIO Camera Utility\VCULib.dll
MOD - [2005/11/28 12:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 12:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 12:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/07/15 11:35:56 | 000,831,488 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2005/05/20 18:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/10/18 14:09:30 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/09/21 13:41:54 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\607\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe -- (NAV)
SRV - [2011/06/21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) [Disabled | Stopped] -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/10/14 11:41:12 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 13:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 13:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/10/11 13:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 15:28:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/01 12:44:46 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 12:44:46 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 12:44:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/08/30 16:00:50 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/08/30 15:55:18 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/08/30 15:49:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/07/14 20:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 18:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/03/11 18:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)

========== Driver Services (SafeList) ==========

DRV - [2011/10/19 13:07:46 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20111026.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/19 13:07:46 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/19 13:07:46 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/19 13:07:46 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20111026.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/19 13:03:34 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/18 15:25:16 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20111025.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/10/14 16:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20111014.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/09 13:36:04 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2011/08/08 16:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1301010.003\ccSetx86.sys -- (ccSet_NAV)
DRV - [2011/08/02 19:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1301010.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 19:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1301010.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/28 20:20:02 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1301010.003\SYMEFA.SYS -- (SymEFA)
DRV - [2011/07/25 19:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1301010.003\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/25 19:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1301010.003\SYMDS.SYS -- (SymDS)
DRV - [2011/07/25 19:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1301010.003\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/05 16:53:22 | 000,010,680 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2009/11/20 19:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/11/20 19:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2006/10/27 12:19:26 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/11/30 15:12:16 | 000,028,800 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/27 08:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/17 14:40:46 | 001,076,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/15 23:36:20 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/10/25 11:31:40 | 000,232,448 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/10/18 17:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 17:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 17:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/07 22:50:48 | 000,108,672 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/10/07 22:30:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/10/04 13:59:00 | 000,217,472 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2005/09/21 10:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/20 16:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/09/16 17:35:58 | 000,046,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/09/15 19:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/01/06 14:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 13:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 13:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2000/12/05 17:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 20:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 25 5C 07 11 0E 43 47 8F 6D A3 1F EE 7E 54 F6 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 25 5C 07 11 0E 43 47 8F 6D A3 1F EE 7E 54 F6 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 25 5C 07 11 0E 43 47 8F 6D A3 1F EE 7E 54 F6 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 25 5C 07 11 0E 43 47 8F 6D A3 1F EE 7E 54 F6 [binary data]

IE - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@ei.ReferenceBoss_1p.com/Plugin: C:\Program Files\ReferenceBoss_1pEI\Installr\1.bin\NP1pEISB.dll (ReferenceBoss)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ARLENE\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ARLENE\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2011/10/19 13:22:58 | 000,000,000 | ---D | M]

[2011/06/25 00:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ARLENE\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...00000130206ecae
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\ARLENE\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\ARLENE\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\ARLENE\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll
CHR - plugin: ReferenceBoss Installer Plugin Stub (Enabled) = C:\Program Files\ReferenceBoss_1pEI\Installr\1.bin\NP1pEISB.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/11 23:31:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [USSShReg] C:\Program Files\Ulead Systems\Ulead PhotoImpact\SSaver\USSSHREG.EXE ()
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1289250041187 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5654987D-4548-421B-BF66-0F370691F2DA}: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\607\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\607\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ARLENE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ARLENE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 12:09:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ARLENE\Desktop\OTL.exe
[2011/10/26 11:42:22 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/26 11:40:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/26 11:27:06 | 004,271,590 | R--- | C] (Swearware) -- C:\Documents and Settings\ARLENE\Desktop\ComboFix.exe
[2011/10/26 05:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Desktop\LOGS
[2011/10/26 05:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Desktop\VIRUS CLEANING PROG
[2011/10/26 00:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Desktop\gmer
[2011/10/25 18:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/25 18:29:53 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/24 13:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Desktop\New Folder
[2011/10/24 12:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roxio Easy Media Creator 9
[2011/10/23 13:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Start Menu\Programs\Norton
[2011/10/23 13:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/10/22 11:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Karaoke CD+G Creator Pro
[2011/10/21 23:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IconChanger
[2011/10/21 23:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\IconChanger
[2011/10/21 12:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Application Data\Doblon
[2011/10/19 13:07:21 | 000,387,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symtdi.sys
[2011/10/19 13:07:21 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symtdiv.sys
[2011/10/19 13:07:21 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symnets.sys
[2011/10/19 13:07:20 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symefa.sys
[2011/10/19 13:07:20 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1301010.003\srtsp.sys
[2011/10/19 13:07:20 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symds.sys
[2011/10/19 13:07:20 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1301010.003\srtspx.sys
[2011/10/19 13:07:19 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1301010.003\ironx86.sys
[2011/10/19 13:07:19 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1301010.003\ccsetx86.sys
[2011/10/19 13:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1301010.003
[2011/10/19 13:03:34 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/19 13:03:34 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/19 13:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/19 13:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/19 13:02:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2011/10/19 13:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/10/19 13:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2011/10/19 13:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/10/18 11:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/10/18 11:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\AskToolbar
[2011/10/18 11:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\APN
[2011/10/14 00:19:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ARLENE\Desktop\TFC.exe
[2011/10/11 09:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Desktop\SITES
[2011/10/05 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Desktop\FLASH DRIVE CONTENTS - JOHNS
[2011/10/05 08:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Desktop\DESKTOP ICONS
[2011/09/28 09:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\NORTON - REISTALLED BY SUPPORT - SEPT 28-2011
[2011/09/28 08:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/09/28 08:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/09/27 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Desktop\JOHN'S MUSIC DIC
[2011/09/21 18:06:18 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2006/09/14 11:32:20 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2011/10/26 12:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 12:10:11 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\ARLENE\Application Data\Microsoft\Internet Explorer\Quick Launch\MICROSOFT OFFICE WORD 2003.lnk
[2011/10/26 12:09:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ARLENE\Desktop\OTL.exe
[2011/10/26 12:05:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/26 12:01:50 | 000,008,029 | ---- | M] () -- C:\Documents and Settings\ARLENE\Desktop\jack1a3.gif
[2011/10/26 11:45:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3980763535-823180202-3228762547-1005UA.job
[2011/10/26 11:43:10 | 004,271,590 | R--- | M] (Swearware) -- C:\Documents and Settings\ARLENE\Desktop\ComboFix.exe
[2011/10/26 10:28:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/25 20:16:53 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2011/10/25 20:04:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 20:04:32 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/25 18:30:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/25 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/10/25 16:19:51 | 000,006,324 | ---- | M] () -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\rx_audio.Cache
[2011/10/25 15:20:23 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\ARLENE\Desktop\Lyrics Talk - Lyrics Forums.url
[2011/10/25 14:22:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C6435011-B8A5-47AA-BE0A-198E307AA3EF}.job
[2011/10/25 12:45:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3980763535-823180202-3228762547-1005Core.job
[2011/10/25 00:34:21 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\rx_image.Cache
[2011/10/24 17:25:59 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\VT20111023.024
[2011/10/24 17:01:46 | 000,641,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/24 12:55:02 | 000,000,153 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/10/24 12:53:03 | 000,002,129 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Roxio Easy Media Creator 9.lnk
[2011/10/24 11:29:46 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\ARLENE\Desktop\SWITCH SOUND FILE CONVERTER (2).lnk
[2011/10/24 01:44:35 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\ARLENE\Application Data\pacemaker.ini
[2011/10/22 11:01:25 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\ARLENE\Desktop\Karaoke CD+G Creator Pro.lnk
[2011/10/22 10:52:10 | 000,000,044 | ---- | M] () -- C:\WINDOWS\Vogone2.INI
[2011/10/21 12:35:54 | 044,974,656 | ---- | M] () -- C:\Documents and Settings\ARLENE\Desktop\CAROLYN DAWN JOHNSON - I'D STILL HAVE YOU.MP3-vr.bin
[2011/10/20 20:57:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/20 17:42:50 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\ARLENE\Desktop\KARAOKE +MP3Z HOME.url
[2011/10/19 13:31:45 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/10/19 13:11:35 | 000,567,877 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\Cat.DB
[2011/10/19 13:03:34 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/19 13:03:34 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/19 13:03:34 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/19 13:03:34 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/18 11:03:37 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\ARLENE\Desktop\MP3 Rocket 6.1.1.lnk
[2011/10/18 11:03:37 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\ARLENE\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.1.1.lnk
[2011/10/17 12:33:12 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/17 12:32:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/16 16:49:45 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/12 17:42:39 | 000,521,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/12 17:42:39 | 000,096,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/12 17:32:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/06 03:48:02 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/10/04 10:39:12 | 003,752,448 | ---- | M] () -- C:\Documents and Settings\ARLENE\Desktop\ShowPresenter2008-02-29.msi
[2011/10/02 17:20:43 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\ARLENE\PrintMaster-2011-Platinum.prefs
[2011/09/28 15:10:29 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\ARLENE\Desktop\Power CD+G Burner (2).lnk
[2011/09/28 08:52:41 | 111,590,316 | ---- | M] () -- C:\Documents and Settings\ARLENE\My Documents\back up.reg

========== Files Created - No Company Name ==========

[2011/10/26 12:17:21 | 000,008,029 | ---- | C] () -- C:\Documents and Settings\ARLENE\Desktop\jack1a3.gif
[2011/10/25 18:30:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/25 15:20:23 | 000,000,342 | ---- | C] () -- C:\Documents and Settings\ARLENE\Desktop\Lyrics Talk - Lyrics Forums.url
[2011/10/25 00:21:06 | 000,006,324 | ---- | C] () -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\rx_audio.Cache
[2011/10/25 00:18:59 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\rx_image.Cache
[2011/10/24 17:26:00 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\VT20111023.024
[2011/10/24 12:53:02 | 000,002,129 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Roxio Easy Media Creator 9.lnk
[2011/10/22 11:55:20 | 044,974,656 | ---- | C] () -- C:\Documents and Settings\ARLENE\Desktop\CAROLYN DAWN JOHNSON - I'D STILL HAVE YOU.MP3-vr.bin
[2011/10/22 11:01:24 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\ARLENE\Desktop\Karaoke CD+G Creator Pro.lnk
[2011/10/21 21:31:59 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\ARLENE\Desktop\SWITCH SOUND FILE CONVERTER (2).lnk
[2011/10/21 02:48:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\Vogone2.INI
[2011/10/19 13:11:04 | 000,567,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\Cat.DB
[2011/10/19 13:07:21 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symnetv.cat
[2011/10/19 13:07:21 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symnetv.inf
[2011/10/19 13:07:21 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symnet.inf
[2011/10/19 13:07:20 | 000,007,498 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symefa.cat
[2011/10/19 13:07:20 | 000,007,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\srtspx.cat
[2011/10/19 13:07:20 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symds.cat
[2011/10/19 13:07:20 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\srtsp.cat
[2011/10/19 13:07:20 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symnet.cat
[2011/10/19 13:07:20 | 000,003,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symefa.inf
[2011/10/19 13:07:20 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\symds.inf
[2011/10/19 13:07:20 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\srtspx.inf
[2011/10/19 13:07:20 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\srtsp.inf
[2011/10/19 13:07:19 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\ccsetx86.cat
[2011/10/19 13:07:19 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\iron.cat
[2011/10/19 13:07:19 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\ccsetx86.inf
[2011/10/19 13:07:19 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\iron.inf
[2011/10/19 13:06:53 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1301010.003\isolate.ini
[2011/10/19 13:03:34 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/19 13:03:34 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/18 11:05:02 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/18 11:03:37 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\ARLENE\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.1.1.lnk
[2011/10/18 11:03:36 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\ARLENE\Desktop\MP3 Rocket 6.1.1.lnk
[2011/10/18 10:53:28 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\ARLENE\Desktop\KARAOKE +MP3Z HOME.url
[2011/10/17 12:33:12 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/04 10:39:00 | 003,752,448 | ---- | C] () -- C:\Documents and Settings\ARLENE\Desktop\ShowPresenter2008-02-29.msi
[2011/09/28 15:10:29 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\ARLENE\Desktop\Power CD+G Burner (2).lnk
[2011/09/28 08:52:23 | 111,590,316 | ---- | C] () -- C:\Documents and Settings\ARLENE\My Documents\back up.reg
[2011/09/11 22:35:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/11 22:35:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/11 22:35:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/11 22:35:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/11 22:35:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/23 15:12:40 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CB42B86796.sys
[2011/08/23 15:12:39 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/07/06 18:56:07 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2011/05/18 16:05:12 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\ARLENE\Application Data\SMRResults200.dat
[2011/05/18 15:45:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ARLENE\Application Data\SMRBackup200.dat
[2011/05/08 17:05:01 | 011,991,272 | ---- | C] () -- C:\Program Files\mp3rocket.exe
[2011/04/16 09:41:40 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/01 09:59:06 | 000,017,000 | -H-- | C] () -- C:\Program Files\scanner.GID
[2011/03/31 15:27:17 | 000,034,816 | ---- | C] () -- C:\WINDOWS\UPI41001.DLL
[2011/03/31 15:27:17 | 000,016,896 | ---- | C] () -- C:\WINDOWS\UPI41002.DLL
[2011/03/31 14:58:52 | 000,004,732 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2010/12/29 08:32:17 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2010/12/12 00:32:35 | 000,141,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/25 18:34:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/18 11:39:14 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/12 13:03:38 | 000,029,521 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/12 13:03:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/12 13:03:37 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/12 13:03:37 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/11/12 13:00:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/11/12 13:00:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR320.ini
[2010/11/12 02:33:28 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\ARLENE\Application Data\pacemaker.ini
[2010/11/09 08:35:46 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/11/08 23:52:15 | 003,752,448 | ---- | C] () -- C:\Program Files\ShowPresenter2008-02-29.msi
[2010/11/08 13:28:32 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\fusioncache.dat
[2010/11/08 12:37:37 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2010/11/08 12:36:16 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/11/08 12:35:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/11/08 12:35:46 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/11/08 12:35:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/11/08 12:35:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/11/08 12:35:46 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/11/08 12:35:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/11/08 12:33:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/08 12:28:00 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/11/10 09:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/26 23:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/10/26 23:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/12/16 00:19:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 23:04:14 | 000,000,153 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/15 23:00:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/12/15 22:46:45 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2005/12/15 21:37:50 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2005/12/15 21:37:36 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2005/12/15 21:33:45 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/15 21:17:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/15 21:10:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/15 19:52:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/15 19:52:31 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/15 19:51:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/12/15 19:51:58 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/12/15 19:51:58 | 000,521,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/15 19:51:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/12/15 19:51:58 | 000,096,212 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/15 19:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/12/15 19:51:58 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/12/15 19:51:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/15 19:51:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/12/15 19:51:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/12/15 19:51:51 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/12/15 19:51:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/12/15 13:02:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/15 13:01:19 | 000,641,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 11:36:35 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 11:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2002/06/12 13:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== LOP Check ==========

[2010/11/11 21:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ARLENE
[2011/08/20 12:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/08/20 14:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BabylonUpdater
[2011/08/31 10:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/04/19 14:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Entertainer
[2010/11/08 12:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/09/11 00:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/08/31 11:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar
[2011/06/20 20:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2010/11/09 01:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/07/02 06:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/09/21 23:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/04/17 15:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/09/21 23:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pogo
[2010/12/14 12:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/22 10:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/10/24 01:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/23 08:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/07/03 15:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/08/06 11:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/07/15 17:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/09 08:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Auslogics
[2011/08/20 12:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Babylon
[2011/08/20 12:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\BabylonToolbar
[2011/10/21 12:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Doblon
[2011/07/02 07:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Downloaded Installations
[2011/05/26 10:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Easy Duplicate Finder
[2011/04/17 22:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\ElevatedDiagnostics
[2010/11/12 21:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Free-backup.info
[2011/07/06 19:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\FrostWire
[2011/08/22 08:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\InterVideo
[2011/08/23 15:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\IObit
[2011/08/17 14:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Itibiti
[2010/11/09 00:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Leadertech
[2011/06/30 12:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\mjusbsp
[2011/10/19 14:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\MP3Rocket
[2010/11/09 01:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\NCH Swift Sound
[2011/07/02 07:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Nitro PDF
[2011/09/21 23:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Oberon Media
[2011/08/23 21:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\OpenCandy
[2011/09/21 23:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Pogo
[2011/09/21 22:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\PriceGong
[2011/07/22 11:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Roni Music
[2010/12/21 11:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Skinux
[2011/08/21 22:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\SpinTop
[2011/06/13 11:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\TeamViewer
[2011/02/06 10:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Tific
[2011/09/03 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\TightVNC
[2011/05/18 14:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ARLENE\Application Data\Toolbar4
[2011/05/12 09:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2011/09/25 01:49:45 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Default.job
[2011/10/25 20:16:53 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Startup.job
[2011/10/25 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/10/06 03:48:02 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/10/26 12:05:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/10/25 14:22:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C6435011-B8A5-47AA-BE0A-198E307AA3EF}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/10/19 13:31:45 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/21 18:19:02 | 000,000,094 | ---- | M] () -- C:\DownloadLog.txt
[2011/09/14 07:11:55 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2011/10/25 20:04:32 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/29 07:25:32 | 000,000,847 | ---- | M] () -- C:\INSTALL.LOG
[2005/12/15 21:14:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/12/15 21:14:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/08 14:29:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/25 20:04:27 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2011/09/10 10:15:04 | 000,001,072 | ---- | M] () -- C:\{587E7897-3DC5-4069-B8D9-DCEA2B69BAAF}
[2011/08/23 07:14:09 | 000,002,560 | ---- | M] () -- C:\{AD1FCA06-8E23-4070-B1F4-C84DC7989F08}
[2011/07/08 18:10:46 | 000,000,288 | ---- | M] () -- C:\{C745CF3A-F4CC-41B1-A121-DB48E9BFE4C8}
[2011/07/08 18:10:43 | 000,002,672 | ---- | M] () -- C:\{DD1B3215-3BC2-49B3-9B4C-5B14AB2D30F4}

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/12/15 21:13:51 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[1 C:\Documents and Settings\ARLENE\Application Data\Microsoft\*.tmp files -> C:\Documents and Settings\ARLENE\Application Data\Microsoft\*.tmp -> ]

< %PROGRAMFILES%\*.* >
[2011/05/08 17:03:34 | 011,991,272 | ---- | M] () -- C:\Program Files\mp3rocket.exe
[2011/09/21 18:06:09 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2011/04/01 09:59:54 | 000,017,000 | -H-- | M] () -- C:\Program Files\scanner.GID
[2009/06/03 07:34:54 | 003,752,448 | ---- | M] () -- C:\Program Files\ShowPresenter2008-02-29.msi

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/12/15 13:00:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/12/15 13:00:36 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/12/15 13:00:36 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/11/08 14:34:23 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2004/05/05 18:59:01 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\Thumbs.db

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/08 13:41:21 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\ARLENE\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/12/26 10:55:44 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\ARLENE\Application Data\Microsoft\Internet Explorer\Quick Launch\Gmail Email from Google.url
[2005/12/15 21:21:48 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\ARLENE\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/10/26 11:43:10 | 004,271,590 | R--- | M] (Swearware) -- C:\Documents and Settings\ARLENE\Desktop\ComboFix.exe
[2011/10/26 12:09:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ARLENE\Desktop\OTL.exe
[2011/05/16 21:10:42 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ARLENE\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/08/17 10:10:46 | 000,689,560 | ---- | M] (IObit) -- C:\Documents and Settings\ARLENE\My Documents\iobituninstaller.exe
[2011/08/12 10:49:47 | 019,799,416 | ---- | M] (Encore Software Inc.) -- C:\Documents and Settings\ARLENE\My Documents\pm_platinum_3.1.0_windows.exe
[2011/08/22 08:35:21 | 801,248,768 | ---- | M] (Acresso Software Inc.) -- C:\Documents and Settings\ARLENE\My Documents\VSX4_Pro_TBYB.exe

< %USERPROFILE%\*.exe >
[2011/09/21 13:41:45 | 000,103,784 | ---- | M] () -- C:\Documents and Settings\ARLENE\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2000/01/18 15:10:02 | 000,021,288 | ---- | M] (Microtek International Inc.) -- C:\WINDOWS\Driver Cache\msmusd.dll

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/08 11:36:09 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\ARLENE\Favorites\Desktop.ini
[2006/06/15 15:17:31 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\ARLENE\Favorites\My Documents.lnk
[2010/11/09 01:26:07 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\ARLENE\Favorites\NCH Audio and Telephony Software.lnk
[2010/05/30 22:21:49 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\ARLENE\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/10/26 12:30:09 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\ARLENE\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2005/11/30 17:12:22 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[2005/08/01 14:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-13 00:45:50

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8684F6F0
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30046668
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA4982C6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
< End of report >

OTL Extras logfile created on: 10/26/2011 12:30:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ARLENE\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 530.68 Mb Available Physical Memory | 52.33% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 75.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 9.26 Gb Free Space | 10.63% Space Free | Partition Type: NTFS

Computer Name: VALUED-2D4C2DDC | User Name: ARLENE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3980763535-823180202-3228762547-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\pmspl32.exe" = C:\WINDOWS\system32\pmspl32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\rasmans32.exe" = C:\WINDOWS\system32\rasmans32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\wmsdmoe32.exe" = C:\WINDOWS\system32\wmsdmoe32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\atrace32.exe" = C:\WINDOWS\system32\atrace32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\9B13.tmp" = C:\WINDOWS\Temp\9B13.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\9B10.tmp" = C:\WINDOWS\system32\9B10.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\KPDRESwow.exe" = C:\WINDOWS\KPDRESwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\9B0E.tmp" = C:\WINDOWS\system32\9B0E.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\Temp\9B15.tmp" = C:\WINDOWS\Temp\9B15.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\ir50_qcx32.exe" = C:\WINDOWS\system32\ir50_qcx32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\9.tmp" = C:\WINDOWS\system32\9.tmp:*:Enabled:Windows Update Service
"C:\WINDOWS\ieframewow.exe" = C:\WINDOWS\ieframewow.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\KaraokeWorld\mirc.exe" = C:\KaraokeWorld\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\mIRC-TCKG5\mirc.exe" = C:\mIRC-TCKG5\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Realm2009\mIRC.exe" = C:\Realm2009\mIRC.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\ARLENE\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\ARLENE\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\ARLENE\Local Settings\Application Data\CrossLoop\tvnserver.exe" = C:\Documents and Settings\ARLENE\Local Settings\Application Data\CrossLoop\tvnserver.exe:*:Enabled:tvnserver.exe -- (GlavSoft LLC.)
"C:\Program Files\Itibiti Soft Phone\Itibiti.exe" = C:\Program Files\Itibiti Soft Phone\Itibiti.exe:*:Enabled:Itibiti.exe -- ()
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\ARLENE\Local Settings\temp\7zSB.tmp\SymNRT.exe" = C:\Documents and Settings\ARLENE\Local Settings\temp\7zSB.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\ARLENE\Local Settings\temp\7zSD.tmp\SymNRT.exe" = C:\Documents and Settings\ARLENE\Local Settings\temp\7zSD.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01448544-2F67-4AA9-986B-07110B29EBFC}" = Request Slip Generator
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17A7779A-D23F-11D3-8753-0050BABE1202}" = Microtek ScanWizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java™ 6 Update 24
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{294A2E0E-3A0B-4D1F-8282-11DEF2040227}" = InstallIQ Updater
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E510276-F614-4AC5-9ACC-465735484A4F}" = Show Presenter
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{307F566E-3DCF-4A6C-A149-FE47F39A1BA4}_is1" = Power CD+G Player Pro
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44868D03-492F-42AD-9464-717B5D73FC69}" = Febooti fileTweak Case
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70272964-C468-4C5F-8246-AA2CABA75941}" = Roxio Easy Media Creator 9 Suite
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118530890}" = Scrabble Tour
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119579387}" = Bejeweled 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A87EBA79-93DB-4A87-B9BA-62F8FB12D993}" = ImageStation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA77219C-0A77-4FF3-8CC5-2DC08469E6FF}_is1" = Karaoke CD+G Creator Pro
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C912EFA0-0076-11d5-B04A-BD6C80DF2479}" = IconChanger
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECE394E-1962-4BBC-9C04-7258A0542A44}" = Febooti fileTweak
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F50A4470-7A45-4A5A-97F8-806990B736C2}" = MP3+G Toolz
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface
"Anti-Twin 2010-11-09 00.13.24" = Anti-Twin (Installation 11/9/2010)
"AOL Search Enhancement" = Search Enhancement by AOL Search
"BFGC" = Big Fish Games: Game Manager
"BFG-Luxor Bundle Pack" = Luxor Bundle Pack
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CrossLoop_is1" = CrossLoop 2.74
"EPSON Printer and Utilities" = EPSON Printer Software
"FileHippo.com" = FileHippo.com Update Checker
"GamesBar" = GamesBar 2.0.1.82
"GoToAssist" = GoToAssist Corporate
"ie8" = Windows Internet Explorer 8
"Ink Monitor" = Ink Monitor
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"Itibiti_is1" = Knctr
"Karaoke Song List Creator Professional KJ Edition 2004" = Karaoke Song List Creator Professional KJ Edition 2004
"Ken Ward's Zipper_is1" = Ken Ward's Zipper 1.4000
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"MP3 Rocket" = MP3 Rocket
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PhotoScape" = PhotoScape
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"ScanSuite" = Microtek ScanSuite 1.11
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Silent Package Run-Time Sample" = ESPR320 Reference Guide
"Switch" = Switch Sound File Converter
"TeamViewer 6" = TeamViewer 6
"TurboZIP Express" = TurboZIP Express
"Ulead PhotoImpact 4.0" = Ulead PhotoImpact 4.0
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3980763535-823180202-3228762547-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2011 7:10:17 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2011 7:10:32 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 6:23:57 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application SoundEdit9.exe, version 9.0.1.95, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 7:24:48 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 7:25:19 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 7:26:05 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 7:26:59 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 7:27:38 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 7:27:44 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2011 7:29:27 PM | Computer Name = VALUED-2D4C2DDC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/14/2011 3:24:56 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7034
Description = The Protexis Licensing V2 service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/14/2011 3:24:57 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7034
Description = The Secunia Update Agent service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/14/2011 3:24:57 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7034
Description = The SonicStageMonitoring service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/14/2011 3:24:57 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/14/2011 3:24:58 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7034
Description = The VAIO Event Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/14/2011 3:24:58 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/14/2011 3:24:58 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment File Import Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/14/2011 3:24:58 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment Database Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/14/2011 3:33:22 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 10/14/2011 3:33:22 AM | Computer Name = VALUED-2D4C2DDC | Source = Service Control Manager | ID = 7000
Description = The ONSIO service failed to start due to the following error: %%2

< End of report >

#17 Broni Re: [RESOLVED] Virus ????

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:52 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 26 October 2011 - 07:58 PM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKU\S-1-5-21-3980763535-823180202-3228762547-1005\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
[2011/10/18 11:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ARLENE\Local Settings\Application Data\AskToolbar
[2011/10/26 12:05:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8684F6F0
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30046668
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA4982C6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204

:Files
C:\Program Files\Ask.com

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

#18 katz1113 Re: [RESOLVED] Virus ????

$ Supporting Member

135 posts
Joined: June 05, 2010
16 topics
Skin: IP.Board
Local time: 03:52 AM

Zodiac:Aquarius
Gender:Female
Location:Kamloops, B.C. Canada
Interests:Good Friends / Music / Computers / Travelling & Gardening
OS:Windows XP
Country:

Offline

Time Online: 1d 4h 9m

Posted 26 October 2011 - 08:31 PM

All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3980763535-823180202-3228762547-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}\ not found.
Registry value HKEY_USERS\S-1-5-21-3980763535-823180202-3228762547-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\ARLENE\Local Settings\Application Data\AskToolbar folder moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8684F6F0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30046668 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA4982C6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204 deleted successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: ARLENE
->Temp folder emptied: 15887385 bytes
->Temporary Internet Files folder emptied: 10058518 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66790 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 117627221 bytes

Total Files Cleaned = 137.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: ARLENE
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10262011_132007
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_16c.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_290.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat not found!
Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
SonicStage Mastering Studio Audio Filter Custom Preset
Norton AntiVirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 29
Java™ 6 Update 24
Out of date Java installed!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````