Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PLEASE HELP ME!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PLEASE HELP ME!!

Unread postby cshen359 » July 17th, 2007, 3:48 pm

Please help me. I went on Google, and my computer downloaded some virus. I can't use my task manager (ctrl+alt+del) and my background is some red picture telling me that my computer is infected!! Please help.
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ
Advertisement
Register to Remove

Unread postby cshen359 » July 17th, 2007, 8:11 pm

Please help me..I don't who else to turn to. You've helped me before, so please help me once again.
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ

Unread postby Bob4 » July 18th, 2007, 6:44 am

Download HiJackThis from here

unzip it to c:/ make sure the exe stays in it's own folder.
Open HJT and choose scan and save a log file. Post the contents of that log in your next reply. Each time I ask you to do this a new log will be saved within that folder replacing the last one.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby cshen359 » July 18th, 2007, 2:13 pm

Thank you so much for helping me now. I have no idea what is wrong with my computer.

I extracted it to the c:/ like u said. Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 2:11:54 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mgrs.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Charlie\Desktop\hijackthis1991\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {409A84F7-AF3F-4474-8A8A-0F8A1229AFE4} - C:\WINDOWS\soundplugin.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zp ... b48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zp ... b51411.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedow ... in7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b53083.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zp ... b42858.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b41227.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedow ... n10USA.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FFC586E-079D-4689-BED5-F90EB1C7440E}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9C6C6F-98A2-4854-AEEF-BAB75A68BA37}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1850DD-F062-4094-8864-2656EC388664}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{E456ED11-6455-480F-847F-C5DCE4E3A407}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE1B21E0-3F34-4090-A297-7D47F87BCBE2}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.19 85.255.112.200
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: xvideo - {FC42E376-9820-472D-933D-ABB936D8195F} - C:\WINDOWS\xvideo.dll
O21 - SSODL: sounddrv - {B89BA8DF-D8CA-4EC4-A7EC-F2A7A220BCB1} - C:\WINDOWS\sounddrv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




By the way, I made another Post in the forum because I read something that said "do not reply your own post." I'm sorry. Please disregard that one.
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ

Unread postby cshen359 » July 18th, 2007, 2:16 pm

Because of this new virus, I have some new problems that I've never seen before.

1. I can't use my task manager. (ctrl+alt+del) When I click on it, it says it is restricted by the administrator.

2. I get thousands of pop-ups from a website called "udefender" or something. It pops up from internet explorer, and it lags my computer.

3. I can't use any program on my computer without the virus disrupting it and lagging my pc.

I tried system restore, but it didn't work. My friend said that I can reformat my pc, but I don't want to do that. I have too many file on this laptop.
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ

Unread postby Bob4 » July 18th, 2007, 9:20 pm

DO NOT USE SYSTEM RESTORE AT ALL AS WE START TO FIX THIS. iF YOU DO THAT YOU WILL JUST REPLACE ANYTHING WE TAKE OUT.

O BOY ya got a few things going on here.
Please do not download anything while we fix this machine.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.


____________________________________________________________-
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\sounddrv.dll
    C:\WINDOWS\xvideo.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
  • Close OTMoveIt
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")


_________________________________________


Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/l ... areout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.


Next:
Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns



Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.


If you have internet connection problems do this:

Please go to Start -> Control Panel, and choose Network Connections.
Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties.
Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.


____________________________________


______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked



O2 - BHO: MSVPS System - {409A84F7-AF3F-4474-8A8A-0F8A1229AFE4} - C:\WINDOWS\soundplugin.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O4 - HKLM\..\Run: [smgr] mgrs.exe


Thers no reason to have these in a trusted zone. These Pages will work no matter what.
Have HJT fix them.


O15 - Trusted Zone: <http://login.live.com>
O15 - Trusted Zone: <http://www.hotmail.msn.com>
O15 - Trusted Zone: <http://www.myspace.com>
O15 - Trusted Zone: <http://download.windowsupdate.com>

O17 - HKLM\System\CCS\Services\Tcpip\..\{1FFC586E-079D-4689-BED5-F90EB1C7440E}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9C6C6F-98A2-4854-AEEF-BAB75A68BA37}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1850DD-F062-4094-8864-2656EC388664}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{E456ED11-6455-480F-847F-C5DCE4E3A407}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE1B21E0-3F34-4090-A297-7D47F87BCBE2}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.19 85.255.112.200
O21 - SSODL: xvideo - {FC42E376-9820-472D-933D-ABB936D8195F} - C:\WINDOWS\xvideo.dll
O21 - SSODL: sounddrv - {B89BA8DF-D8CA-4EC4-A7EC-F2A7A220BCB1} - C:\WINDOWS\sounddrv.dll

____________________________________



Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).
_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.

_________________________________

open CCleaner
click on tools
highlight uninstall

down on the bottom click save to text file.
Save it to your desktop and post
the contents
of that log for me.

_________________________________


In your next reply I would like to see:
  • A new HJT log
  • The report from Kasperskys
  • The report from CCleaner uninstall list.
  • The report from OT Moveit


User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby cshen359 » July 19th, 2007, 12:15 pm

Hello. Um, I'm sorry but I was kind of confused on what you wanted me to send back in my reply, so I'll send everything.

OTMOVEIT
File/Folder C:\WINDOWS\mgrs.exe not found.
File/Folder C:\WINDOWS\sounddrv.dll not found.
File/Folder C:\WINDOWS\xvideo.dll not found.

Created on 07/19/2007 01:28:35


FIXWAREOUT
Username "Charlie" - 07/19/2007 1:31:25 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdces.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.19 85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1FFC586E-079D-4689-BED5-F90EB1C7440E}
"nameserver"="85.255.116.19,85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8A9C6C6F-98A2-4854-AEEF-BAB75A68BA37}
"nameserver"="85.255.116.19,85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CF1850DD-F062-4094-8864-2656EC388664}
"nameserver"="85.255.116.19,85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E456ED11-6455-480F-847F-C5DCE4E3A407}
"nameserver"="85.255.116.19,85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{EE1B21E0-3F34-4090-A297-7D47F87BCBE2}
"nameserver"="85.255.116.19,85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1FFC586E-079D-4689-BED5-F90EB1C7440E}
"DhcpNameServer"="85.255.116.19,85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{EE1B21E0-3F34-4090-A297-7D47F87BCBE2}
"DhcpNameServer"="85.255.116.19,85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F10AE339-AE5C-4793-9074-737A3C21CD99}
"DhcpNameServer"="85.255.116.19,85.255.112.200" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....


C:\Program Files\VideoBox < Found
Additional tools are recomended.

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="c:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1133663716\\ee\\AOLSoftware.exe"
"Home Theater SchSvr"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"WINREMOTE"="\"C:\\Program Files\\InterVideo\\Common\\Bin\\WinRemote.exe\""
"zzzHPSETUP"="D:\\Setup.exe \\RESET"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"smgr"="mgrs.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 1:43:37 AM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\CMD.exe
C:\Documents and Settings\Charlie\Desktop\hijackthis1991\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {409A84F7-AF3F-4474-8A8A-0F8A1229AFE4} - C:\WINDOWS\soundplugin.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zp ... b48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zp ... b51411.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedow ... in7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b53083.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zp ... b42858.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b41227.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedow ... n10USA.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: xvideo - {FC42E376-9820-472D-933D-ABB936D8195F} - C:\WINDOWS\xvideo.dll (file missing)
O21 - SSODL: sounddrv - {B89BA8DF-D8CA-4EC4-A7EC-F2A7A220BCB1} - C:\WINDOWS\sounddrv.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Couldn’t find on HJT
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FFC586E-079D-4689-BED5-F90EB1C7440E}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9C6C6F-98A2-4854-AEEF-BAB75A68BA37}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1850DD-F062-4094-8864-2656EC388664}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{E456ED11-6455-480F-847F-C5DCE4E3A407}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE1B21E0-3F34-4090-A297-7D47F87BCBE2}: NameServer = 85.255.116.19,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.19 85.255.112.200


CCLEANER
CLEANING COMPLETE - (98.900 secs)
------------------------------------------------------------------------------------------
130.4MB removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (6 files) 402 bytes
Cookie:charlie@symantecstore.com/(&H100001) 108 bytes
Cookie:charlie@nb.myspace.com/(&H100001) 272 bytes
Cookie:charlie@www.pbnation.com/(&H100001) 337 bytes
Cookie:charlie@pbnation.com/(&H100001) 341 bytes
Cookie:charlie@usenext.de/(&H100001) 485 bytes
Cookie:charlie@porrents.org/(&H100001) 290 bytes
Cookie:charlie@bs.serving-sys.com/(&H100001) 129 bytes
Cookie:charlie@delb2.myspace.com/(&H100001) 92 bytes
Cookie:charlie@logging.activision.com/(&H100001) 154 bytes
Cookie:charlie@insightexpressai.com/(&H100001) 2.01KB
Cookie:charlie@s13.photobucket.com/albums/a295/sakuraxgoddess/(&H100001) 108 bytes
Cookie:charlie@doubleclick.net/(&H100001) 103 bytes
Cookie:charlie@atdmt.com/(&H100001) 102 bytes
Cookie:charlie@ehg-youtube.hitbox.com/(&H100001) 298 bytes
Cookie:charlie@stats1.reliablestats.com/(&H100001) 688 bytes
Cookie:charlie@my.screenname.aol.com/(&H100001) 110 bytes
Cookie:charlie@yahoo.com/(&H100001) 454 bytes
Cookie:charlie@man.entriq.net/services/(&H100001) 93 bytes
Cookie:charlie@ads.pointroll.com/(&H100001) 547 bytes
Cookie:charlie@divx.112.2o7.net/(&H100001) 119 bytes
Cookie:charlie@www.cancer.org/(&H100001) 123 bytes
Cookie:charlie@dehp.myspace.com/(&H100001) 83 bytes
Cookie:charlie@casalemedia.com/(&H100001) 1.44KB
Cookie:charlie@desk.myspace.com/(&H100001) 304 bytes
Cookie:charlie@www.lyricsdownload.com/(&H100001) 98 bytes
Cookie:charlie@charlieshen3590.spaces.live.com/(&H100001) 135 bytes
Cookie:charlie@clicksor.com/(&H100001) 333 bytes
Cookie:charlie@fxstreet.com/(&H100001) 319 bytes
Cookie:charlie@entriq.net/(&H100001) 468 bytes
Cookie:charlie@ads.adbrite.com/(&H100001) 376 bytes
Cookie:charlie@futures.fxstreet.com/(&H100001) 274 bytes
Cookie:charlie@www.aimpages.com/TKN%20%20%20%20%20%20%20%20%20%20k3l/(&H100001) 158 bytes
Cookie:charlie@amaena.com/(&H100001) 641 bytes
Cookie:charlie@ar.atwola.com/html(&H100001) 168 bytes
Cookie:charlie@nutorrent.com/(&H100001) 524 bytes
Cookie:charlie@businessweek.com/(&H100001) 105 bytes
Cookie:charlie@winantispyware.com/(&H100001) 694 bytes
Cookie:charlie@r.imchaos.net/(&H100001) 105 bytes
Cookie:charlie@autumnsenvelope.spaces.live.com/(&H100001) 462 bytes
Cookie:charlie@protect.trustedantivirus.com/(&H100001) 245 bytes
Cookie:charlie@live365.com/(&H100001) 96 bytes
Cookie:charlie@rad.msn.com/(&H100001) 790 bytes
Cookie:charlie@ad1.emediate.dk/(&H100001) 188 bytes
Cookie:charlie@event.ijji.com/(&H100001) 72 bytes
Cookie:charlie@stats.privacyprotector.com/(&H100001) 582 bytes
Cookie:charlie@img.mixplay.tv/(&H100001) 102 bytes
Cookie:charlie@revsci.net/(&H100001) 637 bytes
Cookie:charlie@edge.ru4.com/(&H100001) 873 bytes
Cookie:charlie@cdjapan.co.jp/(&H100001) 300 bytes
Cookie:charlie@koolhaze.spaces.live.com/(&H100001) 435 bytes
Cookie:charlie@sexlist.com/(&H100001) 89 bytes
Cookie:charlie@video.google.com/(&H100001) 187 bytes
Cookie:charlie@67.29.139.220/(&H100001) 138 bytes
Cookie:charlie@serving-sys.com/(&H100001) 558 bytes
Cookie:charlie@media.adrevolver.com/adrevolver/(&H100001) 529 bytes
Cookie:charlie@livejournal.com/(&H100001) 105 bytes
Cookie:charlie@rad.live.com/(&H100001) 700 bytes
Cookie:charlie@adbrite.com/(&H100001) 292 bytes
Cookie:charlie@precisionclick.com/ad(&H100001) 175 bytes
Cookie:charlie@zwinky.com/(&H100001) 264 bytes
Cookie:charlie@privacyprotector.com/(&H100001) 764 bytes
Cookie:charlie@avsystemcare.com/(&H100001) 832 bytes
Cookie:charlie@www.liutilities.com/(&H100001) 138 bytes
Cookie:charlie@ehg-globalgamingleague.hitbox.com/(&H100001) 429 bytes
Cookie:charlie@drivecleaner.com/(&H100001) 428 bytes
Cookie:charlie@securepccleaner.com/(&H100001) 1.12KB
Cookie:charlie@ebay.com/(&H100001) 741 bytes
Cookie:charlie@hshare.net/(&H100001) 257 bytes
Cookie:charlie@onlinestores.metaservices.microsoft.com/serviceswitching/(&H100001) 147 bytes
Cookie:charlie@search.live.com/(&H100001) 295 bytes
Cookie:charlie@stats.espinthebottle.com/(&H100001) 683 bytes
Cookie:charlie@udefender.com/(&H100001) 147 bytes
Cookie:charlie@automotivecenter.autobytel.com/(&H100001) 647 bytes
Cookie:charlie@home.wangmeng.com/(&H100001) 86 bytes
Cookie:charlie@www.muvee.com/(&H100001) 332 bytes
Cookie:charlie@pornotube.com/(&H100001) 549 bytes
Cookie:charlie@calc.avsystemcare.com/(&H100001) 525 bytes
Cookie:charlie@ads.revsci.net/adserver(&H100001) 749 bytes
Cookie:charlie@exitforcash.com/(&H100001) 345 bytes
Cookie:charlie@ucleaner.com/(&H100001) 145 bytes
Cookie:charlie@hearstmagazines.112.2o7.net/(&H100001) 131 bytes
Cookie:charlie@winantivirus.com/(&H100001) 402 bytes
Cookie:charlie@trustedantivirus.com/(&H100001) 971 bytes
Cookie:charlie@adopt.euroclick.com/(&H100001) 732 bytes
Cookie:charlie@autobytel.com/(&H100001) 179 bytes
Cookie:charlie@ad1.clickhype.com/(&H100001) 112 bytes
Cookie:charlie@www.tossoffads.com/(&H100001) 134 bytes
Cookie:charlie@spaces.live.com/(&H100001) 912 bytes
Cookie:charlie@adtech.de/(&H100001) 170 bytes
Cookie:charlie@adlegend.com/(&H100001) 87 bytes
Cookie:charlie@msdn2.microsoft.com/(&H100001) 176 bytes
Cookie:charlie@renewalcenter.symantec.com/(&H100001) 197 bytes
Cookie:charlie@atwola.com/(&H100001) 104 bytes
Cookie:charlie@fastclick.net/(&H100001) 405 bytes
Cookie:charlie@hitbox.com/(&H100001) 166 bytes
Cookie:charlie@adopt.specificclick.net/(&H100001) 202 bytes
Cookie:charlie@luvkyo.spaces.live.com/(&H100001) 424 bytes
Cookie:charlie@passion4fashionnn.spaces.live.com/(&H100001) 473 bytes
Cookie:charlie@go.winantivirus.com/MTY1NDU=/2/5993/ax=1/ed=1/ex=1/397/(&H100001) 231 bytes
Cookie:charlie@64.111.198.178/(&H100001) 175 bytes
Cookie:charlie@muvee.com/(&H100001) 73 bytes
Cookie:charlie@charlieshen3590.home.services.spaces.live.com/(&H100001) 541 bytes
Cookie:charlie@f7.bestmanage.org/(&H100001) 75 bytes
Cookie:charlie@live.com/(&H100001) 333 bytes
Cookie:charlie@webmail.aol.com/(&H100001) 289 bytes
Cookie:charlie@divx.com/(&H100001) 289 bytes
Cookie:charlie@www.fxstreet.com/(&H100001) 514 bytes
Cookie:charlie@urge.com/(&H100001) 197 bytes
Cookie:charlie@privacy.securepccleaner.com/(&H100001) 243 bytes
Cookie:charlie@defp.myspace.com/(&H100001) 83 bytes
Cookie:charlie@ssl-hints.netflame.cc/(&H100001) 325 bytes
Cookie:charlie@201.218.196.155/(&H100001) 86 bytes
Cookie:charlie@www.google.com/accounts(&H100001) 263 bytes
Cookie:charlie@2o7.net/(&H100001) 935 bytes
Cookie:charlie@66.250.74.152/(&H100001) 75 bytes
Cookie:charlie@ad.uk.tangozebra.com/s(&H100001) 100 bytes
Cookie:charlie@go.privacyprotector.com/MTY1NDk=/2/5993/ax=1/ed=1/ex=1/error/(&H100001) 243 bytes
Cookie:charlie@delb.myspace.com/(&H100001) 362 bytes
Cookie:charlie@www.espinthebottle.com/(&H100001) 102 bytes
Cookie:charlie@s13.photobucket.com/(&H100001) 362 bytes
Cookie:charlie@privacyprotector.com/.freeware/(&H100001) 83 bytes
Cookie:charlie@go.drivecleaner.com/(&H100001) 235 bytes
Cookie:charlie@protect.trustedantivirus.com/MTY4Nzc=/2/5993/ed=2/397-OS/(&H100001) 235 bytes
Cookie:charlie@www.ucleaner.com/(&H100001) 75 bytes
Cookie:charlie@partner2profit.com/(&H100001) 523 bytes
Cookie:charlie@ggl.com/(&H100001) 83 bytes
Cookie:charlie@main.ebayrtm.com/rtm(&H100001) 421 bytes
Cookie:charlie@wangmeng.com/(&H100001) 101 bytes
Cookie:charlie@64.28.178.88/(&H100001) 84 bytes
Cookie:charlie@www.malwareremoval.com/forum/(&H100001) 195 bytes
Cookie:charlie@www.bittorrent.com/(&H100001) 89 bytes
Cookie:charlie@screenname.aol.com/(&H100001) 185 bytes
Cookie:charlie@demr.myspace.com/(&H100001) 278 bytes
Cookie:charlie@gomyhit.com/(&H100001) 227 bytes
Cookie:charlie@advertising.com/(&H100001) 1.38KB
Cookie:charlie@tribalfusion.com/(&H100001) 164 bytes
Cookie:charlie@www.google.com/ig(&H100001) 75 bytes
Cookie:charlie@eatps.web.aol.com/(&H100001) 107 bytes
Cookie:charlie@www.ny.frb.org/(&H100001) 154 bytes
Cookie:charlie@mypersonalexpression.com/(&H100001) 567 bytes
Cookie:charlie@diamondflame.spaces.live.com/(&H100001) 449 bytes
Cookie:charlie@mediaplex.com/(&H100001) 187 bytes
Cookie:charlie@updateservice.sonic.com/(&H100001) 115 bytes
Cookie:charlie@go.winantivirus.com/(&H100001) 236 bytes
Cookie:charlie@adserving.cpxinteractive.com/(&H100001) 202 bytes
Cookie:charlie@abmr.net/(&H100001) 272 bytes
Cookie:charlie@realmedia.com/(&H100001) 88 bytes
Cookie:charlie@mediazone.com/(&H100001) 271 bytes
Cookie:charlie@termielazie.spaces.live.com/(&H100001) 444 bytes
Cookie:charlie@msnportal.112.2o7.net/(&H100001) 124 bytes
Cookie:charlie@m.webtrends.com/(&H100001) 218 bytes
Cookie:charlie@ebayrtm.com/rtm(&H100001) 162 bytes
Cookie:charlie@www.monstermarketplace.com/(&H100001) 185 bytes
Cookie:charlie@ic-live.com/(&H100001) 93 bytes
Cookie:charlie@aimpages.com/(&H100001) 118 bytes
Cookie:charlie@www.movietickets.com/(&H100001) 110 bytes
Cookie:charlie@welcome.mail.aol.com/(&H100001) 88 bytes
Cookie:charlie@www.divx.com/65update/(&H100001) 85 bytes
Cookie:charlie@go.privacyprotector.com/(&H100001) 240 bytes
Cookie:charlie@go.drivecleaner.com/MTY1NDg=/2/5993/ax=1/ed=1/ex=1/397/(&H100001) 229 bytes
Cookie:charlie@monstermarketplace.com/(&H100001) 393 bytes
Cookie:charlie@espinthebottle.com/(&H100001) 444 bytes
Cookie:charlie@www.abcsearch.com/(&H100001) 139 bytes
Cookie:charlie@privacy.securepccleaner.com/MTY4ODE=/2/5993/ed=2/397-OS/(&H100001) 231 bytes
Cookie:charlie@ad.yieldmanager.com/(&H100001) 1.55KB
Cookie:charlie@www.burstnet.com/(&H100001) 76 bytes
Cookie:charlie@www.winantispyware.com/(&H100001) 281 bytes
Cookie:charlie@adrevolver.com/(&H100001) 187 bytes
Cookie:charlie@fimserve.com/(&H100001) 272 bytes
Cookie:charlie@com.com/(&H100001) 170 bytes
Cookie:charlie@smileycentral.com/(&H100001) 210 bytes
Cookie:charlie@secure.wimbledon.mediazone.com/(&H100001) 296 bytes
Cookie:charlie@questionmarket.com/(&H100001) 176 bytes
Cookie:charlie@sale.trustedantivirus.com/(&H100001) 566 bytes
Cookie:charlie@ads.addynamix.com/(&H100001) 122 bytes
Cookie:charlie@gomyhit.com/MTY4OTM=/2/5993/ed=2/ed=2/397-OS/(&H100001) 209 bytes
Cookie:charlie@paycounter.com/(&H100001) 100 bytes
Cookie:charlie@freerealitympegs.com/rnd/13/100/0/(&H100001) 179 bytes
Cookie:charlie@f6.bestmanage.org/(&H100001) 75 bytes
Cookie:charlie@go.winantivirus.com/MTY1NDU=/2/5993/ax=1/ed=1/ex=1/onlinesecurity-50-50-swr/(&H100001) 137 bytes
Cookie:charlie@tacoda.net/(&H100001) 537 bytes
Cookie:charlie@shop.securepccleaner.com/(&H100001) 562 bytes
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\desktop.ini 67 bytes
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007041820070419\index.dat 48.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007050220070503\index.dat 32.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007051620070517\index.dat 32.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007051920070520\index.dat 48.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007052320070524\index.dat 32.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007053020070531\index.dat 32.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007061320070614\index.dat 48.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007062020070621\index.dat 32.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007070220070703\index.dat 32.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007070920070710\index.dat 32.00KB
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\MSHist012007071620070717\index.dat 32.00KB
Marked for deletion: C:\Documents and Settings\Charlie\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\index.dat
C:\DOCUME~1\Charlie\LOCALS~1\Temp\0g2115.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\0g52738.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\0h4152.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\23r23E7.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\284B0.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\3832A6.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\39i39.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\3gd1DF.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\45u202B.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\45z41.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\4f51E1.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\4is4C0.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\5023E.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\5h5AE.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\69f109.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\6fu2583.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\6hb38E.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\6iq25A3.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\6oy25F8.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\6zf4A2.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\75z47E.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\7ie5C.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\7nn10F.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\7w0257D.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\7we488.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\7xk2A1.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\80z113.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\8c5C3.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\8eg202A.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\8ic104.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\8yz4BD.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\9he2AA.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\aax1F7.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\aax1F8.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\aax1FB.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\aax1FC.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\aax1FD.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\aax1FE.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\acn23DF.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\afc2724.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\anv2DC.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\AVP66EF.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\ayd2A5.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\b48B3.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\bb32A8.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\bgw3FA.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\BitTorrent-5.0.7.exe 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\cl92A3.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\cxs3F8.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\f0v1C3.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\f9m559.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fc420C8.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fkk46A.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla121.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla123.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla135.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla139.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla235.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla236.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla237.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla238.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla2705.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla277.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla2B.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla2C.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla2D.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla2E.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla2F.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla30.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla472.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla473.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla490.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla492.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla49A.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla49B.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla6C.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla6D.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla89.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fla8A.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\flaBA.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\flaC1.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\fuy2589.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\g5l4C2.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\gfa1A0.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\gkh14.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\gl32584.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\Google Toolbar\inu13.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\gtb47.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\huz41.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\hy490.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\ijq1DC.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\izj311.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\java_install.log 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\jcn1A5.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\ji2BD.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\jnv265C.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\kcc2727.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\l68415.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\l8m12E.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\lm75D.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\lrd11.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\m9l124.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\MSW18.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\n5u5B.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\o9e1D6.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\oe423F5.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\p3qC7.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\plc23.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\pr74A3.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\privacy_danger\images\capt.gif 23.31KB
C:\DOCUME~1\Charlie\LOCALS~1\Temp\privacy_danger\images\danger.jpg 46.21KB
C:\DOCUME~1\Charlie\LOCALS~1\Temp\privacy_danger\images\down.gif 14.57KB
C:\DOCUME~1\Charlie\LOCALS~1\Temp\privacy_danger\images\spacer.gif 43 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\q7423ED.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\q7iBA.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\qjk4BF.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\r2c4C1.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\ra1D1.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\ru7257E.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\rx013.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\s024A4.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\s4l1B3.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\s7vC8.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\sg91DA.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\t0b4A1.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\t6m91.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\tbw8F.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\tbz1E3.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\tcj257C.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\tmp61703.WMC\allservices.xml 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\Twunk002.MTX 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\txr6D.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\u3nE.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\u9q2A7.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\ut92AC.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\v6w240.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\vnh22.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\vrsC4.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\WERb64e.dir00\aim6.exe.hdmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\WERc288.dir00\aim6.exe.mdmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\WERcdf1.dir00\aim6.exe.mdmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\WERde24.dir00\iexplore.exe.hdmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\wg4D3.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\wtl37.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\x9y25A8.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\xguB1.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\y2z12.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\yi010D.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\yp138.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\ysp24.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\z6zB2.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\zf14BE.tmp 0 bytes
C:\DOCUME~1\Charlie\LOCALS~1\Temp\zsx129.tmp 0 bytes
C:\WINDOWS\MiniDump\Mini030407-01.dmp 92.00KB
C:\WINDOWS\MiniDump\Mini031907-01.dmp 92.00KB
C:\WINDOWS\MiniDump\Mini040507-01.dmp 92.00KB
C:\WINDOWS\MiniDump\Mini040807-01.dmp 92.00KB
C:\WINDOWS\MiniDump\Mini051807-01.dmp 92.00KB
C:\WINDOWS\MiniDump\Mini052207-01.dmp 88.00KB
C:\WINDOWS\MiniDump\Mini052607-01.dmp 92.00KB
C:\WINDOWS\MiniDump\Mini060107-01.dmp 92.00KB
C:\WINDOWS\MiniDump\Mini062206-01.dmp 92.00KB
C:\WINDOWS\MiniDump\Mini062206-02.dmp 92.00KB
C:\WINDOWS\MiniDump\Mini123006-01.dmp 92.00KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 260 bytes
C:\WINDOWS\system32\wbem\Logs\mofcomp.log 9.72KB
C:\WINDOWS\system32\wbem\Logs\replog.log 400 bytes
C:\WINDOWS\system32\wbem\Logs\setup.log 4.54KB
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 3.08KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 62.17KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 152 bytes
C:\WINDOWS\system32\wbem\Logs\wmiadap.log 2.84KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 51.63KB
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64.02KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.lo_ 64.07KB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\cmsetacl.log 200 bytes
C:\WINDOWS\COM+.log 2.83KB
C:\WINDOWS\comsetup.log 0.25MB
C:\WINDOWS\DirectX.log 1.03KB
C:\WINDOWS\DtcInstall.log 641 bytes
C:\WINDOWS\EventSystem.log 1.44KB
C:\WINDOWS\FaxSetup.log 0.72MB
C:\WINDOWS\GEARInstall.log 121 bytes
C:\WINDOWS\IDNMitigationAPIs.log 29.71KB
C:\WINDOWS\ie7.log 66.17KB
C:\WINDOWS\ie7_main.log 61.87KB
C:\WINDOWS\iis6.log 0.11MB
C:\WINDOWS\imsins.log 1.34KB
C:\WINDOWS\KB873333.log 7.41KB
C:\WINDOWS\KB873339.log 6.98KB
C:\WINDOWS\KB883667.log 3.50KB
C:\WINDOWS\KB884575.log 4.16KB
C:\WINDOWS\KB885250.log 7.23KB
C:\WINDOWS\KB885464.log 4.10KB
C:\WINDOWS\KB885835.log 7.64KB
C:\WINDOWS\KB885836.log 7.32KB
C:\WINDOWS\KB885855.log 3.66KB
C:\WINDOWS\KB885884.log 5.58KB
C:\WINDOWS\KB886185.log 7.61KB
C:\WINDOWS\KB887472.log 7.36KB
C:\WINDOWS\KB887742.log 39.56KB
C:\WINDOWS\KB888113.log 7.30KB
C:\WINDOWS\KB888239.log 3.42KB
C:\WINDOWS\KB888302.log 7.82KB
C:\WINDOWS\KB890046.log 30.08KB
C:\WINDOWS\KB890047.log 8.42KB
C:\WINDOWS\KB890175.log 8.30KB
C:\WINDOWS\KB890859.log 32.36KB
C:\WINDOWS\KB891781.log 8.20KB
C:\WINDOWS\KB892559.log 4.00KB
C:\WINDOWS\KB893066.log 8.59KB
C:\WINDOWS\KB893756.log 40.65KB
C:\WINDOWS\KB893803v2.log 23.79KB
C:\WINDOWS\KB893803v2Uninst.log 7.14KB
C:\WINDOWS\KB894391.log 25.95KB
C:\WINDOWS\KB896358.log 39.71KB
C:\WINDOWS\KB896422.log 40.69KB
C:\WINDOWS\KB896423.log 38.70KB
C:\WINDOWS\KB896424.log 40.74KB
C:\WINDOWS\KB896428.log 25.45KB
C:\WINDOWS\KB898458.log 20.29KB
C:\WINDOWS\KB898461.log 7.14KB
C:\WINDOWS\KB899587.log 41.55KB
C:\WINDOWS\KB899591.log 40.54KB
C:\WINDOWS\KB900485.log 15.49KB
C:\WINDOWS\KB900725.log 29.54KB
C:\WINDOWS\KB901017.log 40.24KB
C:\WINDOWS\KB901190.log 18.01KB
C:\WINDOWS\KB901214.log 29.11KB
C:\WINDOWS\KB902400.log 37.61KB
C:\WINDOWS\KB904706.log 26.12KB
C:\WINDOWS\KB904942.log 24.31KB
C:\WINDOWS\KB905414.log 29.73KB
C:\WINDOWS\KB905749.log 26.62KB
C:\WINDOWS\KB905915.log 41.20KB
C:\WINDOWS\KB908519.log 15.87KB
C:\WINDOWS\KB908531.log 12.20KB
C:\WINDOWS\KB910437.log 23.91KB
C:\WINDOWS\KB911280.log 17.64KB
C:\WINDOWS\KB911562.log 15.28KB
C:\WINDOWS\KB911564.log 23.74KB
C:\WINDOWS\KB911565.log 24.18KB
C:\WINDOWS\KB911567.log 11.53KB
C:\WINDOWS\KB911927.log 31.41KB
C:\WINDOWS\KB912812.log 16.97KB
C:\WINDOWS\KB912919.log 18.57KB
C:\WINDOWS\KB913446.log 10.32KB
C:\WINDOWS\KB913580.log 15.27KB
C:\WINDOWS\KB914388.log 18.18KB
C:\WINDOWS\KB914389.log 12.59KB
C:\WINDOWS\KB914440.log 12.67KB
C:\WINDOWS\KB915865.log 24.41KB
C:\WINDOWS\KB916281.log 20.29KB
C:\WINDOWS\KB916595.log 13.46KB
C:\WINDOWS\KB917344.log 18.62KB
C:\WINDOWS\KB917422.log 16.16KB
C:\WINDOWS\KB917734.log 15.14KB
C:\WINDOWS\KB917953.log 17.51KB
C:\WINDOWS\KB918118.log 12.21KB
C:\WINDOWS\KB918439.log 17.77KB
C:\WINDOWS\KB919007.log 17.85KB
C:\WINDOWS\KB920213.log 28.66KB
C:\WINDOWS\KB920670.log 17.51KB
C:\WINDOWS\KB920683.log 13.96KB
C:\WINDOWS\KB920685.log 58.09KB
C:\WINDOWS\KB920872.log 19.47KB
C:\WINDOWS\KB921398.log 56.73KB
C:\WINDOWS\KB922582.log 10.94KB
C:\WINDOWS\KB922616.log 58.91KB
C:\WINDOWS\KB922819.log 59.54KB
C:\WINDOWS\KB923191.log 14.28KB
C:\WINDOWS\KB923414.log 58.74KB
C:\WINDOWS\KB923689.log 16.72KB
C:\WINDOWS\KB923694.log 14.02KB
C:\WINDOWS\KB923723.log 7.37KB
C:\WINDOWS\KB923980.log 58.44KB
C:\WINDOWS\KB924191.log 59.72KB
C:\WINDOWS\KB924270.log 58.45KB
C:\WINDOWS\KB924496.log 58.52KB
C:\WINDOWS\KB924667.log 12.43KB
C:\WINDOWS\KB925398.log 55.92KB
C:\WINDOWS\KB925454.log 71.00KB
C:\WINDOWS\KB925486.log 14.75KB
C:\WINDOWS\KB926239.log 6.86KB
C:\WINDOWS\KB926255.log 14.96KB
C:\WINDOWS\KB926436.log 14.34KB
C:\WINDOWS\KB927779.log 19.01KB
C:\WINDOWS\KB927802.log 16.17KB
C:\WINDOWS\KB928090-IE7.log 10.02KB
C:\WINDOWS\KB928255.log 15.88KB
C:\WINDOWS\KB928843.log 11.47KB
C:\WINDOWS\KB929338.log 16.29KB
C:\WINDOWS\KB929399.log 13.09KB
C:\WINDOWS\KB929969.log 4.92KB
C:\WINDOWS\KB931836.log 24.62KB
C:\WINDOWS\MnyAdvPak.log 1.45KB
C:\WINDOWS\MSCompPackV1.log 5.40KB
C:\WINDOWS\msgsocm.log 37.35KB
C:\WINDOWS\NLSDownlevelMapping.log 29.54KB
C:\WINDOWS\ntdtcsetup.log 0.15MB
C:\WINDOWS\ocgen.log 0.36MB
C:\WINDOWS\ocmsn.log 40.79KB
C:\WINDOWS\regopt.log 4.88KB
C:\WINDOWS\sessmgr.setup.log 3.26KB
C:\WINDOWS\setupact.log 0.19MB
C:\WINDOWS\setupapi.log 0.29MB
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\spupdsvc.log 68.70KB
C:\WINDOWS\SpywareDoctor5Uninstall.log 998 bytes
C:\WINDOWS\SynInst.log 550 bytes
C:\WINDOWS\tsoc.log 0.28MB
C:\WINDOWS\updspapi.log 58.04KB
C:\WINDOWS\vminst.log 2.02KB
C:\WINDOWS\WGA.log 17.79KB
C:\WINDOWS\WMFDist11.log 26.46KB
C:\WINDOWS\wmp11.log 17.83KB
C:\WINDOWS\wmsetup.log 0.14MB
C:\WINDOWS\wmsetup10.log 2.10KB
C:\WINDOWS\Wudf01000Inst.log 11.36KB
C:\WINDOWS\xpsp1hfm.log 1.12KB
C:\WINDOWS\imsins.BAK 1.34KB
C:\WINDOWS\IE4 Error Log.txt 1.26KB
C:\WINDOWS\ntbtlog.txt 0.15MB
C:\WINDOWS\OEWABLog.txt 2.83KB
C:\WINDOWS\¹íÎäÕß3 Setup Log.txt 0.26MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 1.87MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 1.00MB
C:\WINDOWS\Debug\blastcln.log 286 bytes
C:\WINDOWS\Debug\mrt.log 5.27KB
C:\WINDOWS\Debug\NetSetup.LOG 4.85KB
C:\WINDOWS\security\logs\backup.log 2.87KB
C:\WINDOWS\security\logs\convert.log 7.09KB
C:\WINDOWS\security\logs\ProfSec.log 13.49KB
C:\WINDOWS\security\logs\SceRoot.log 650 bytes
C:\WINDOWS\security\logs\scesetup.log 0.12MB
C:\WINDOWS\security\logs\scesrv.log 454 bytes
C:\WINDOWS\security\logs\scecomp.old 692 bytes
Firefox/Mozilla Temporary Internet Cache (4 files) 20.27KB
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\profiles\526uknh5.default\history.dat 358 bytes
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\profiles\526uknh5.default\downloads.rdf 206 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\30a322d451b4e3409c2ef313e5f048e1.idx 0.20MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\3e02142c065f898c2ff3aa435eeea079.idx 45.87KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\58150b4fa2e69942ab1535269069af99.idx 0.27MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\6282236d13aff84ca99220bcf1d3c076.idx 0.16MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\63d6a2e87f89e24298a37a8e7b9ef4fa.idx 0.44MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\642fcaa70bff551050e72852bd331013.idx 84.57KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\7f9b81085d82565ee58bbeb863234762.idx 58.39KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\8b217c86b06013a9509f0b2e07a91f40.idx 57.42KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\9cfd176ddfdc734d4d0e24e854db6b05.idx 21.31KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\a1fc7616b0a800c53f212dcf32485506.idx 62.87KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\ce408644fea4e97641b265cc630a9dee.idx 34.80KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\dde20a2993b4ccd3b6d4c6c088d344e3.idx 34.65KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\ff52fde7bcde7e40a1b2cf06f67b8ab6.idx 0.10MB
C:\Documents and Settings\Charlie\Application Data\Google\Local Search History\google%2Eweb.w 192 bytes
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\cookies.txt 129 bytes
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\ctd.dat 361 bytes
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\realplayer.ste 0 bytes
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\--- ----.lnk 1.86KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\041009loverequest.lnk 1.86KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\4.lnk 1.81KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\All my loving.lnk 2.04KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\C--Documents and Settings-Charlie-Local Settings-Temp-RN3BE.htm.lnk 1.89KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\C--Documents and Settings-Charlie-Local Settings-Temp-RN5.htm.lnk 1.88KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Final_Fantasy_G4_Icons_PSP.lnk 2.07KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\firstrun.lnk 1.89KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\lestai_com_3.lnk 1.85KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\M4V00002.lnk 2.07KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Real Customer Support - Error More Information Message.lnk 1.95KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Real Guide Home - Music videos, movie trailers and breaking news.lnk 1.78KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Shine.lnk 2.03KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\sugar - 8..lnk 2.02KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Sugar - Hyun Myung Han Ee Byul MV.lnk 2.11KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Sugar - Lucky (LIVE SBS Gayo Awards 1....lnk 2.17KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Sugar - Secret[ArirangTV][04.10.22].lnk 2.07KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\sugar - shine HQ.lnk 2.04KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Sugar - Shine remix.lnk 2.03KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Untitled Document.lnk 1.82KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\v_019910_0.lnk 1.90KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\Welcome to RealPlayer.lnk 1.89KB
C:\Documents and Settings\Charlie\Application Data\Real\RealPlayer\History\__(BEA~1.lnk 1.92KB
C:\Program Files\Common Files\Real\Update_OB\RealPlayer-log.txt 74.13KB
C:\Documents and Settings\Charlie\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml 3.01KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\15\2fa4ff25-8b2411d3-03a8148a-4aa70ffa.qtch 8.32MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\14\3ecae3aa-ae9b8572-da8aea89-32e2f2c6.qtch 8.61MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\02\52c3b6ee-c9ec688c-c6bbf5c5-6d72368b.qtch 0.29MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\15\5f86b20e-a0e53600-a2c46d61-a93c0868.qtch 1.49KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\06\66bec909-e2a1534c-85e742ad-cc263ca6.qtch 1.49KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\09\6948e71a-eba6581c-57679cd1-92714fe4.qtch 737 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\05\856891a4-8a65bbc0-b4f8cbc2-8a3c61c9.qtch 8.74MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\08\886ac18f-ef613c30-13c9ef7a-6db36d97.qtch 1.39KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\12\8c553638-504db6d6-b6392faa-f30c696b.qtch 737 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\15\8f34caaa-f25bef45-6ad12177-2b436c78.qtch 1.49KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\14\9e49eb5c-9b7f625b-72e5968b-bd176065.qtch 737 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\15\9f0d5649-d834a4ed-e07d63ac-0cb71765.qtch 1001 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\00\a06b8896-796c452b-9d4a814e-9a9fcf2a.qtch 1.49KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\11\ab42cb88-bf80a0af-aaf4655c-eb3b0b6c.qtch 737 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\12\ac1dd452-366c47fa-6aa84020-1d8f192c.qtch 1.44KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\13\ad41e5ad-d92de975-4a4747b5-c09970c6.qtch 1.44KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11\02\b2558a28-6be90570-c3573681-bab01e54.qtch 1.44KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11\14\bebbb7e4-50ae64d0-df623205-3d4a2b13.qtch 16.24KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\00\c012ab93-a84e6fe3-c7638185-a226cc90.qtch 1001 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\01\c14fa756-a9f6c580-4faa8f87-2767907b.qtch 1.47MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\02\c28e2c77-061ac323-a11f6a29-1fdfc42e.qtch 1.49KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\13\cdace2ea-756cb60c-7e9be308-5676a9bf.qtch 24.8MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\13\cdeaefc2-0fc168bf-d781c3cc-2a9f27e4.qtch 8.42MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\14\ce7bc489-220d4531-5b7b280d-757599f5.qtch 936 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\04\d44d9f1e-6412a4a3-db65badb-330cf1a3.qtch 1.39KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\06\d6257504-e0ad607d-26eade94-add05bb7.qtch 27.27KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\06\d6a7750c-7af94fb4-8efc639b-4cddc60b.qtch 1.49KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\06\d6ffec89-63d9fcb5-e143c1be-fff3f1f9.qtch 1.44KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\08\d8a9d01a-869011e4-e5559b40-4f68eabd.qtch 1001 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\11\db34878d-dcddd2ba-c1091738-6b055903.qtch 24.9MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\12\dc6563cb-10633b62-9d8380a3-b18c114b.qtch 8.65MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\13\ddc0617d-ae0c54b4-6ca296f1-2a41dbe4.qtch 1001 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\02\e25e6e34-db83a161-e4dfa9ec-32c45518.qtch 3.69MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\08\e88edd60-4be6dfe7-782cfd97-bf258b06.qtch 1.39KB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\10\ea9a761a-83853bbc-50bb7379-d14eaa98.qtch 1001 bytes
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\04\f4b1097e-699306c9-f0c75077-f7ceda78.qtch 1.77MB
C:\Documents and Settings\Charlie\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\04\f4d1b6e8-1537dc10-50c7dbc4-7cbf3ea8.qtch 1.49KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\6PWOYJKI.LNK 1.03KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\AutoRecovery save of 16.asd.LNK 935 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\AutoRecovery save of Document5.asd.LNK 970 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\AutoRecovery save of Document6.asd.LNK 970 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Charlie (E).LNK 186 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Charlie's Stuff.LNK 744 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Complete Script.LNK 1.12KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\CompleteFedChallengeScript.LNK 513 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Conversation with Dominica 6-24-06.LNK 989 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Conversation with Dominica 8-11-06.LNK 989 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Conversation with Vicky 7-17-=6.LNK 974 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Creative Project.LNK 1001 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\CREATIVE WRITING PROJECT.LNK 385 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\db1.LNK 828 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Desktop.LNK 308 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\dom party.LNK 738 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Economics.LNK 261 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\English- Wilson.LNK 870 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\FED Challenge.LNK 349 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\FINAL Complete Script.LNK 477 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\fix 1 reply.LNK 438 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\fix part 1.LNK 433 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\FOURTH MARKING PERIOD LAB REPORT.LNK 330 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Greenspan Cover.LNK 371 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\History Quiz- 40.LNK 298 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\History- K.LNK 264 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\History- Kuras.LNK 865 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\index.dat 1.11KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt08.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt09.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt10.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt11.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt12.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt13.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt14.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt15.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt16.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\lo_ppt17.LNK 1.14KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\My Documents.LNK 618 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\NEW-JERSEY_Summary.xls.url 127 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Newsletter.LNK 890 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Normal (2).LNK 877 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Normal.LNK 877 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Normalq.LNK 882 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Physics.LNK 828 bytes
C:\Documents and Setti
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ

omg..im sorry it was too long. ill resend the cut off part

Unread postby cshen359 » July 19th, 2007, 12:22 pm

C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Presentations Quiz 2.LNK 1021 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Qiao Yu.LNK 830 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Scarecrow Segment.LNK 465 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Scarecrow.LNK 1.09KB
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\section1.html.url 76 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Temp.LNK 669 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Templates.LNK 774 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\Word.LNK 745 bytes
C:\Documents and Settings\Charlie\Application Data\Microsoft\Office\Recent\xls on http://www.collegeboard.com.url 105 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\adknowledge.com\dl_obj.sol 79 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\afy11.net\w9rmju5tintl3152007.sol 76 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\assets.espn.go.com\motion\fsp\FSPRoot\espnmotion1_cv.swf\fspSettings.sol 55 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\assets.espn.go.com\motion\fsp\FSPRoot\espnmotion6_cv.swf\fspSettings.sol 55 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\cache.gizmodo.com\assets\v2.gizmodo.com\img\giz_logoAnim2.swf\savedData.sol 54 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\discovery.com\common\smedia\fansite_main.swf\promovid.sol 156 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\expressions.aim.weeworld.com\immersive\8009049\proxy.swf\undefined.sol 72 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\expressions.aim.weeworld.com\immersive\8731925\proxy.swf\undefined.sol 72 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\farm.addictinggames.com\D78AQSAKQLQWI9\3249.swf\paintball.sol 49 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\flash.revver.com\player\1.0\player.swf\revverplayer.sol 86 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\flash2.ifriends.net\usersettings.sol 60 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\ivillage.com\rightcol\rightcol.swf\ivillage.sol 105 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\localhost\core.sol 53 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\login.yahoo.com\loginCache.sol 146 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\media.gamespy.com\shareObj.sol 125 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\media.ign.com\shareObj.sol 125 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\mediaonenetwork.net\MediaOne.sol 83 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\naiadsystems.com\naiad.sol 72 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\orders.webpower.com\vwsettings.sol 200 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\pagead.l.google.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol 94 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol 94 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\resources.imeem.com\resources\flash\audio_player.swf\imeemPlayer.sol 48 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\sina.com.cn\sina\game\game250x95.swf\game558.sol 93 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\sina.com.cn\sina\game\game468x95.swf\game558.sol 86 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\static.espn.go.com\ivp\v113r10.swf\affiliate.sol 109 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\static.espn.go.com\ivp\v113r10.swf\prefs.sol 50 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\static.espn.go.com\motion\fsp\FSPRoot\espnmotion_cv.swf\fspSettings.sol 55 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\static.userplane.com\presence\m\presence.swf\presence.sol 93 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\static.userplane.com\presence\presence.swf\presence_1.sol 103 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\streamops.aol.com\radio\aimradio\usnbnm\AIMRadio.swf\RadioPrefs.sol 92 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\suitesmart.com\G7073.sol 129 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\suitesmart.com\G7074.sol 129 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\suitesmart.com\_f5e.swf\5thElement.sol 245 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\us.js2.yimg.com\us.yimg.com\lib\map\swf\loader.mxml_200701041748.swf\YMaps.sol 51 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\us.js2.yimg.com\us.yimg.com\lib\map\swf\loader.mxml_200705181703.swf\YMaps.sol 51 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\us.js2.yimg.com\us.yimg.com\lib\map\swf\loader.mxml_200706052017.swf\YMaps.sol 51 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\utopia-asia.net\f_register\login.swf\TestMovie_Config_Info.sol 341 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\utopia-asia.net\postit\postit-paper.swf\TestMovie_Config_Info.sol 341 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\video.google.com\datastore.swf\videoPlayerSettings.sol 41 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol 94 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\video.nbcuni.com\embed\1_1-1\embedded.swf\nbcuvp.sol 72 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\void.snocap.com\s\store.swf\SharedObjectLock.sol 54 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\void.snocap.com\s\storefront.swf\SnocapDownloadManager.sol 52 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\web.adknowledge.com\dl_obj.sol 79 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\widget-43.slide.com\ratings.sol 51 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.beasttube.com\flvplayer.swf\agriya_flv.sol 53 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.burnlounge.com\burnLounge.swf\guest_www.burnlounge.com.sol 65 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.lacoste.com\cookie.sol 41 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.lacoste.com\library\swf\core\Main-7.7.swf\stat.sol 46 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.livevideo.com\flvplayer\flvplayer.swf\UserVolume.sol 55 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.nbc.com\snl_fav_data.sol 58 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.pornotube.com\soundData.sol 58 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.purevolume.com\swf\pureplayer3.swf\TestMovie_Config_Info.sol 341 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.rolandgarros.com\RGPersonalization.sol 102 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.veoh.com\static\flash\players\audio_data.sol 49 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.wimbledon.org\wimbledon2007.sol 459 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\www.youtube.com\soundData.sol 58 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\youtube.com\soundData.sol 58 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\#SharedObjects\VZYYKWD5\zone.msn.com\binGame\POP5\default\Pop5_Core.swf\pop5.sol 44 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#209.0.146.17\settings.sol 82 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adknowledge.com\settings.sol 85 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#afy11.net\settings.sol 79 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.espn.go.com\settings.sol 88 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.gizmodo.com\settings.sol 87 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#discovery.com\settings.sol 83 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#expressions.aim.weeworld.com\settings.sol 98 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#farm.addictinggames.com\settings.sol 93 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.revver.com\settings.sol 86 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash2.ifriends.net\settings.sol 89 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ivillage.com\settings.sol 82 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#kontrabandcontent.co.uk\settings.sol 93 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lads.myspace.com\settings.sol 86 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 75 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com\settings.sol 85 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.gamespy.com\settings.sol 87 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.ign.com\settings.sol 83 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mediaonenetwork.net\settings.sol 89 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#music.myspace.com\settings.sol 87 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#naiadsystems.com\settings.sol 86 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#orders.webpower.com\settings.sol 89 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead.l.google.com\settings.sol 89 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com\settings.sol 99 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#piggyhoho.net\settings.sol 83 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resources.imeem.com\settings.sol 89 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sina.com.cn\settings.sol 81 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.espn.go.com\settings.sol 88 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.userplane.com\settings.sol 90 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#streamops.aol.com\settings.sol 87 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#suitesmart.com\settings.sol 84 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.js2.yimg.com\settings.sol 85 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#utopia-asia.net\settings.sol 85 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol 86 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.nbcuni.com\settings.sol 86 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#void.snocap.com\settings.sol 85 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#web.adknowledge.com\settings.sol 89 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widget-43.slide.com\settings.sol 89 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.beasttube.com\settings.sol 87 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.burnlounge.com\settings.sol 88 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.lacoste.com\settings.sol 85 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.livevideo.com\settings.sol 87 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.nbc.com\settings.sol 81 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.pornotube.com\settings.sol 87 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.purevolume.com\settings.sol 88 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.rolandgarros.com\settings.sol 90 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.veoh.com\settings.sol 82 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.wimbledon.org\settings.sol 87 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#youtube.com\settings.sol 81 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zone.msn.com\settings.sol 82 bytes
C:\Documents and Settings\Charlie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 1.36KB
C:\Program Files\eMule\config\AC_SearchStrings.dat 254 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\0\4c2e78c0-11860b58 41.08KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\0\4c2e78c0-11860b58.idx 286 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\10\70b8264a-3ad3db0a 11.19KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\10\70b8264a-3ad3db0a.idx 822 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\12\21e6fe4c-59085949 11.40KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\12\21e6fe4c-59085949.idx 303 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\13\45e1984d-62c8c43d 1.63KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\13\45e1984d-62c8c43d.idx 244 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\13\d3cce0d-265f718b 3.00KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\13\d3cce0d-265f718b.idx 302 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\15\7f6051cf-283bfaa0 7.03KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\15\7f6051cf-283bfaa0.idx 285 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\16\f89aed0-137dba7b 4.22KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\16\f89aed0-137dba7b.idx 598 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\18\2131bc52-25efda87 6.92KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\18\2131bc52-25efda87.idx 285 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\18\3c476ed2-4c542ff0 1.71KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\18\3c476ed2-4c542ff0.idx 302 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\2\113dbcc2-4247ed29 46.71KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\2\113dbcc2-4247ed29.idx 293 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\20\794f3754-4b67b57d 7.23KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\20\794f3754-4b67b57d.idx 581 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\25\7ce5bfd9-5fcdee0a 10.71KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\25\7ce5bfd9-5fcdee0a.idx 289 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\29\5cf4eb5d-60c4adcc 16.95KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\29\5cf4eb5d-60c4adcc.idx 433 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\30\3bd9241e-2c9da716 5.97KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\30\3bd9241e-2c9da716.idx 285 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\32\2f09d2a0-543e206b 13.53KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\32\2f09d2a0-543e206b.idx 303 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\32\5dc7f0a0-604d81f0 7.53KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\32\5dc7f0a0-604d81f0.idx 285 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\34\43f683a2-4f3d8c62 7.11KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\34\43f683a2-4f3d8c62.idx 287 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\42\4a464c6a-45c20a23 13.70KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\42\4a464c6a-45c20a23.idx 287 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\44\4d7a116c-483970b6 1.12KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\44\4d7a116c-483970b6.idx 322 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\45\e5a392d-17f8d138 10.74KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\45\e5a392d-17f8d138.idx 325 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\46\4317ba2e-4beda677 6.63KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\46\4317ba2e-4beda677.idx 401 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\46\471fe62e-5ad15f2e 6.63KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\46\471fe62e-5ad15f2e.idx 402 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\47\de62a2f-7c20746e 1.23KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\47\de62a2f-7c20746e.idx 281 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\47\f1ce6f-6ad00950 6.33KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\47\f1ce6f-6ad00950.idx 302 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\5\433033c5-4ad48bda 6.95KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\5\433033c5-4ad48bda.idx 285 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\51\56afbef3-3a4898b1 3.63KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\51\56afbef3-3a4898b1.idx 302 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\52\1a03caf4-673b43b7 4.89KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\52\1a03caf4-673b43b7.idx 285 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\52\232164b4-551a108f 5.17KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\52\232164b4-551a108f.idx 265 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\54\55a47776-757b9a5e 1.63KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\54\55a47776-757b9a5e.idx 265 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\59\7615683b-4baa90dc 7.12KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\59\7615683b-4baa90dc.idx 323 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\62\2dce6abe-3db882ae 4.22KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\62\2dce6abe-3db882ae.idx 600 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\8\488f8248-63d9a223 5.75KB
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\8\488f8248-63d9a223.idx 281 bytes
C:\Documents and Settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 1.17KB
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\Avg7.log 2.33KB
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\history.log 69.65KB
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\avg7info.id 26 bytes
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\avginfo.ctf 8.37KB
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\download.nfo 214 bytes
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7avi1065ox.bin 5.68MB
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7ems474r442dc.bin 0.18MB
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7f476r446da.bin 1.36MB
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7iavi914ox.bin 10.3MB
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\update7.log 0.66MB


KASPERSKY
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 19, 2007 12:09:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/07/2007
Kaspersky Anti-Virus database records: 365008
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 82696
Number of viruses found: 9
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 02:21:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\BFTS\BFTSDatabase.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0310\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Microsoft\Word\AutoRecovery save of fix 1 reply.asd Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cert8.db Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\history.dat Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\key3.db Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\parent.lock Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Charlie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Charlie\Desktop\fix 1 reply.doc Object is locked skipped
C:\Documents and Settings\Charlie\Desktop\~WRL0001.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Desktop\~WRL0993.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Desktop\~WRL1130.tmp Object is locked skipped
C:\Documents and Settings\Charlie\DoctorWeb\Quarantine\A0363723.dll Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Charlie\DoctorWeb\Quarantine\A0366747.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Charlie\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temp\privacy_danger\index.htm Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temp\~DF186D.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temp\~DF2D39.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temp\~DF4D9E.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temp\~DF7557.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temp\~DFDB19.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temp\~DFEC9.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temp\~DFEE9.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temp\~WRS0009.tmp Object is locked skipped
C:\Documents and Settings\Charlie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Charlie\My Documents\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Charlie\My Documents\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Charlie\My Documents\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Charlie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Charlie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\HijackThis\backups\backup-20061222-173701-369.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Program Files\HijackThis\backups\backup-20061222-173701-382.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Program Files\Norton AntiVirus\Quarantine\440A2C03.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\440A2C03.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\440A2C03.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\440A2C03.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\440A2C03.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP384\A0588652.exe Infected: Trojan-Downloader.Win32.Alphabet.m skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP384\A0588658.exe Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP384\A0588689.exe Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP384\A0588690.exe Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP384\A0588691.exe Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP384\A0588692.exe Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP384\A0588693.exe Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP384\A0588694.exe Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP389\A0597220.exe Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP389\A0598229.exe Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP390\A0601271.exe/stream/data0003 Infected: Trojan-Downloader.Win32.Agent.bjc skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP390\A0601271.exe/stream Infected: Trojan-Downloader.Win32.Agent.bjc skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP390\A0601271.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP390\change.log Object is locked skipped
C:\VundoFix Backups\lqoxdie.dll.bad Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E19D96DA-95B5-4F38-BEAE-5A6C571673FE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\mgrs.exe Infected: Trojan-Downloader.Win32.Alphabet.m skipped

Scan process completed.



CCLEANER
1400Trb
1400_Help
1400
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0
Adobe Reader 7.0.9
Adobe Shockwave Player
AIM 6
AiOSoftware
AiO_Scan
AOL Instant Messenger (SM)
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
ArcSoft Panorama Maker 3.5
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
Audition
AutoUpdate
AVG 7.5
AVG Anti-Spyware 7.5
BitLord 1.1
BitTorrent 4.2.2
BufferChm
CameraDrivers
ccCommon
CCleaner (remove only)
ccPxyCore
CC_ccProxyExt
Chinese (Simplified) Language Support
Chinese (Traditional) Language Support
Conexant AC-Link Audio
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjectsTemplates
CreativeProjects
CueTour
Data Fax SoftModem with SmartCP
Destinations
Director
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
easy Internet sign-up
EAX(tm) Unified (SHELL)
eMule VeryCD°æ
Fax
Final Fantasy VII XP Patch
FINAL FANTASY VIII
Final Fantasy VII
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Gunbound Revolution
HijackThis 1.99.1
Home Theater
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
HP Help and Support
HP Image Zone 4.8.5
HP Image Zone Plus 4.8.5
HP Pavillion zv6000 User Guides
HP Photosmart Cameras 3.5
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HP Wireless Assistant 1.01 A3
HPIZplus450
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
InterVideo Home Theater
InterVideo WinDVD
iTunes
Java(TM) SE Runtime Environment 6
KartRider
Kaspersky Online Scanner
LimeWire PRO 4.12.4
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
LiveUpdate BVRP Software
LS_HSI
MapleStory
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2005
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (2.0.0.5)
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 4.0 - SE
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security 2005 (Symantec Corporation)
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Security Center
Norton WMI Update
Norton WMI Update
PanoStandAlone
PhotoGallery
ProductContext
QFolder
Quick Launch Buttons 5.10 B3
QuickProjects
QuickTime
Readme
RealPlayer
ScannerCopy
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
SkinsHP1
SkinsHP2
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SPBBC
SpywareBlaster v3.5.1
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21
TrayApp
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
UserGuides
VideoBox
VideoLAN VLC media player 0.8.4a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Vimicro USB PC Camera (ZC0301PLH)
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinRAR archiver
XviD 1.1 final uninstall
XVideo Support
YAMAHA SoftSynthesizer S-YXG70
¹íÎäÕß3
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ

Unread postby Bob4 » July 19th, 2007, 7:00 pm

Can you tell me what this file is on your desktop ?

C:\Documents and Settings\Charlie\Desktop\fix 1 reply.doc

I get a feeling it has to do with us fixing this machine.


___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.


_____________________
Navigate to and delete everything inside these 3 folders. DO NOT DELETE THE FOLDERS THEM SELVES.

  • C:\Documents and Settings\Charlie\DoctorWeb\Quarantine <--- Delete the contents of this folder
  • C:\Program Files\Norton AntiVirus\Quarantine <--- Delete the contents of this folder
  • C:\Documents and Settings\Charlie\Local Settings\Temp <--- Delete the contents of this folder

    Note for temp files:Some of these files may be in use now. So don't worry if you get a message telling you that so and so file can not be deleted.

__________________________

I want you to delete the smitfraud fix. It's updated so often theres no sense in keeping an outdated version around. It is always available for download.



C:\Documents and Settings\Charlie\My Documents\SmitfraudFix <--- Delete this entire folder

________________________________

Go to
Start/control panel/add remove programs ;
And Uninstall

Videobox Bad program.. contains zlob.

¹íÎäÕß3 I have no clue to what this is in add remove programs . If you don't know either try and uninstal it.



___________________________

Did you check all the lines I asked for before in HJT ??
Let's try again.
______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O2 - BHO: MSVPS System - {409A84F7-AF3F-4474-8A8A-0F8A1229AFE4} - C:\WINDOWS\soundplugin.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O4 - HKLM\..\Run: [smgr] mgrs.exe
O15 - Trusted Zone: <http://login.live.com>
O15 - Trusted Zone: <http://www.hotmail.msn.com>
O15 - Trusted Zone: <http://www.myspace.com>
O15 - Trusted Zone: <http://download.windowsupdate.com>

O21 - SSODL: xvideo - {FC42E376-9820-472D-933D-ABB936D8195F} - C:\WINDOWS\xvideo.dll (file missing)
O21 - SSODL: sounddrv - {B89BA8DF-D8CA-4EC4-A7EC-F2A7A220BCB1} - C:\WINDOWS\sounddrv.dll (file missing)

_____________________________



Now we are going to download the latest version of smitfraud fix and please run it per my directions.


Download SmitfraudFix (by S!Ri) to your Desktop.
Smitfraud by S!ri


______________________________


  • Double clcik the smitfraud.exe
  • When promted
    Press any key to continue.
  • Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with any others I have asked for in your next reply.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. When prompted by allow it to run




IMPORTANT: Do NOT run any other options until you are asked to do so!


___________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from smitfraud fix
  • Let me know how things are running.


User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby cshen359 » July 19th, 2007, 7:28 pm

SmitFraudFix v2.200

Scan done at 19:23:46.04, Thu 07/19/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charlie


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charlie\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Charlie\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A9C6C6F-98A2-4854-AEEF-BAB75A68BA37}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1FFC586E-079D-4689-BED5-F90EB1C7440E}: DhcpNameServer=85.255.116.19,85.255.112.200
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1FFC586E-079D-4689-BED5-F90EB1C7440E}: NameServer=85.255.116.19,85.255.112.200
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8A9C6C6F-98A2-4854-AEEF-BAB75A68BA37}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8A9C6C6F-98A2-4854-AEEF-BAB75A68BA37}: NameServer=85.255.116.19,85.255.112.200
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CF1850DD-F062-4094-8864-2656EC388664}: NameServer=85.255.116.19,85.255.112.200
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E456ED11-6455-480F-847F-C5DCE4E3A407}: NameServer=85.255.116.19,85.255.112.200
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE1B21E0-3F34-4090-A297-7D47F87BCBE2}: DhcpNameServer=85.255.116.19,85.255.112.200
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE1B21E0-3F34-4090-A297-7D47F87BCBE2}: NameServer=85.255.116.19,85.255.112.200
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.116.19,85.255.112.200
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8A9C6C6F-98A2-4854-AEEF-BAB75A68BA37}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.19 85.255.112.200
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End




Logfile of HijackThis v1.99.1
Scan saved at 7:25:45 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Charlie\Desktop\hijackthis1991\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b46479.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zp ... b48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zp ... b51411.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedow ... in7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b53083.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zp ... b42858.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b41227.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedow ... n10USA.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



My computer seems to be working normally, but sometimes I get a pop-up to a website (on internet explorer) called ultimate defender or something. It seems that internet explorer is more vulnerable for viruses and pop ups. Is there a way to stop this?

When I purchased this laptop, it came with a free subscription of Norton Antivirus. Now, it's over, and since then I've been getting many attacks on my computer. Is there a way for me to secure my system? Do you recommend any programs?
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ

Unread postby cshen359 » July 19th, 2007, 7:32 pm

By the way, fix 1 reply is a word document where I saved everything you asked for. I then take the contents and copy/paste it onto the reply. My printer is out of ink, so I saved it on my desktop.
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ

Unread postby Bob4 » July 19th, 2007, 8:24 pm

Were you able to uninstall botht those programs ?

_____________________________

OK lets do this for your anti virus.

heres 2 free anti virus programs that will run and update free for 1 year.

Download 1 of these only./ Running 2 antivirus programs is a bad idea.

AVG FREE

Avast


_____________________
Go to add remove programs and uninstall nortons/symantec anti virus completly.





___________________________________
Search for and remove
Now I want you to search for and delete the following folder and all it's contents if present.
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD

c:/Program files/ultimate defender
___________________________

Smitfrud fix should have taken care of any remnents of ultimate defender.

Lets get another scan to be sure.

____________________________________




Panda
Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your Valid Email
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- Post Panda scan results in your next reply

_____________________________________


You need to update SunJava for security reasons.
Updating Java:
Download the latest version of
Java Runtime Environment (JRE) 6u2
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1... allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the Image icon next to it.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

_____________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Panda online scan


User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby Bob4 » July 22nd, 2007, 6:34 pm

Been a few days.. Still with me ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby cshen359 » July 22nd, 2007, 11:55 pm

Im sorry. The scanner takes a long time, and I havent had the time to complete a successful scan. i'll finish it as soon as possible.

My apologies.
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ

Sorry for the wait.

Unread postby cshen359 » July 24th, 2007, 1:05 pm

Logfile of HijackThis v1.99.1
Scan saved at 1:03:58 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charlie\Desktop\hijackthis1991\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133663716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b46479.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zp ... b48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zp ... b51411.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedow ... in7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b53083.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zp ... b42858.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b41227.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedow ... n10USA.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe



Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator.SHEN\Application Data\Mozilla\Firefox\Profiles\jwu1q87z.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator.SHEN\Cookies\administrator@2o7[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator.SHEN\Cookies\administrator@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator.SHEN\Cookies\administrator@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator.SHEN\Cookies\administrator@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator.SHEN\Cookies\administrator@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator.SHEN\Cookies\administrator@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator.SHEN\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator.SHEN\Cookies\administrator@mediaplex[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Charlie\Cookies\charlie@atwola[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Charlie\Desktop\smitRem\smitRem.exe[smitRem/Process.exe]
Adware:Adware/DriveCleaner Not disinfected C:\Documents and Settings\Charlie\Local Settings\Temp\monsys.exe
Potentially unwanted tool:Application/Yok Not disinfected C:\Documents and Settings\Charlie\My Documents\eMule-0.47a-VeryCD0518.exe[VeryCD_SuperSearch_Silent.exe][yoksch.htm]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Charlie\My Documents\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Charlie\My Documents\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\sUBs\TSF\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/DriveCleaner Not disinfected C:\WINDOWS\system32\syswin6000.exe
Adware:Adware/DriveCleaner Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\mgrs.exe
cshen359
Regular Member
 
Posts: 35
Joined: December 3rd, 2006, 11:30 pm
Location: NJ
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware