Scan Results

View previous topic View next topic Go down

Scan Results

Post by TenchiiMuyo99 on Fri Mar 19, 2010 3:21 am

List of Problems:

1) Slower performance speed
2) History of Virus activities (Recently died down, still registered to virus)
3) Common Spyware infections

Explanation of said Problems:

1) The computer is starting to run a little slower than it used to, and I'm not sure if this is because of the age of the computer, the history of virus attacks that have since gone away, or all the stuff I have on the computer. I hope this log helps someone figure it out.

2) I have had a history of virus attacks. My worst one was when I got infected by a virus trying to direct me towards Anti-Virus software online, as well as locking me out from the administration privileges I should have on my profile. It has also limited my access to programs on my computer, and eventually limited the use of the internet; to the point where I could only go to websites that it trusted. I don't know if the virus exists on the system anymore, but my computer is still registered to the Virus.

3) I know I have common spyware infections, but I have nothing to help me clean it out.

Thank you for your consideration of helping my problems, and thank you for your time. Have a great day.

Here is the log I got from the Scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:15 PM, on 3/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TenchiMuyo\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {527F6D3B-5A39-451A-B5B8-ADB20E75B9BA} - C:\WINDOWS\system32\ddcCRLBu.dll (file missing)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - C:\WINDOWS\system32\khfGyvwT.dll (file missing)
O2 - BHO: QXK Olive - {86805705-69AE-45C6-9B92-A11D54F00AE5} - C:\WINDOWS\wbxdpgfeasv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: {378e0278-2a60-e88b-fe74-aefdd9ed897f} - {f798de9d-dfea-47ef-b88e-06a28720e873} - C:\WINDOWS\system32\zpapge.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: sqvgnrpx - {695AD9B9-B97E-4F91-8B6F-B1BD73937505} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: khfGyvwT - khfGyvwT.dll (file missing)
O22 - SharedTaskScheduler: AutoDisc Ware - {89aef01d-d237-49c7-84dc-4e1904c1fd31} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12348 bytes

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by Dr Jay on Fri Mar 19, 2010 4:07 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Scan Results

Post by TenchiiMuyo99 on Sat Mar 20, 2010 8:04 am

Thank you for your consideration and all your help so far. Here is the log Combofix.exe, or otherwise named "commy.exe" has produced at the end of it's scan:

ComboFix 10-03-19.06 - TenchiMuyo 03/20/2010 0:43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -7:00]
Running from: c:\documents and settings\TenchiMuyo\desktop\commy.exe
Command switches used :: /stepdel
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-117609710-484061587-682003330-1003
c:\windows\privacy_danger
c:\windows\system32\khfGyvwT.dll
c:\docume~1\TENCHI~1\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\TenchiMuyo\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\recycler\S-1-5-21-117609710-484061587-682003330-1003\desktop.ini
c:\recycler\S-1-5-21-117609710-484061587-682003330-1003\INFO2
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\jestertb.dll
c:\windows\system32\blphc3j2j0ecno.scr
c:\windows\system32\dfumwxul.ini
c:\windows\system32\leonvpfy.ini
c:\windows\system32\qhlnyygt.ini
c:\windows\system32\SIntf16.dll
c:\windows\system32\tvtpqfsy.ini
c:\windows\system32\txhdoteb.ini
c:\windows\system32\uBLRCcdd.ini
c:\windows\system32\uBLRCcdd.ini2
c:\windows\system32\wrcqntkw.ini
c:\windows\system32\xnggaepi.ini
c:\windows\system32\xxjtuurv.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-19 02:49 . 2010-03-19 02:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-15 07:44 . 2010-03-15 07:44 -------- d-----w- c:\program files\Babylon
2010-03-15 07:41 . 2010-03-15 08:05 -------- d-----w- c:\program files\Software Informer
2010-03-15 07:36 . 2010-03-15 07:36 -------- d-----w- c:\documents and settings\TenchiMuyo\Local Settings\Application Data\Help
2010-03-10 23:26 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-02-28 00:09 . 2010-02-28 00:09 -------- d-----w- c:\windows\system32\scripting
2010-02-28 00:09 . 2010-02-28 00:09 -------- d-----w- c:\windows\l2schemas
2010-02-28 00:09 . 2010-02-28 00:09 -------- d-----w- c:\windows\system32\en
2010-02-28 00:09 . 2010-02-28 00:09 -------- d-----w- c:\windows\system32\bits
2010-02-28 00:00 . 2010-02-28 00:00 -------- d-----w- c:\windows\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:54 . 2008-07-18 06:04 -------- d-----w- c:\documents and settings\TenchiMuyo\Application Data\Xfire
2010-03-20 07:53 . 2008-07-03 16:07 81984 ----a-w- c:\windows\system32\bdod.bin
2010-03-20 01:33 . 2006-08-26 21:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-19 03:02 . 2009-05-13 03:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-19 02:34 . 2005-11-10 01:28 -------- d-----w- c:\program files\Java
2010-03-19 02:33 . 2010-03-19 02:33 503808 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7cad16f2-n\msvcp71.dll
2010-03-19 02:33 . 2010-03-19 02:33 499712 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7cad16f2-n\jmc.dll
2010-03-19 02:33 . 2010-03-19 02:33 348160 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7cad16f2-n\msvcr71.dll
2010-03-19 02:33 . 2005-11-10 01:28 -------- d-----w- c:\program files\Common Files\Java
2010-03-19 02:33 . 2010-03-19 02:33 61440 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31f21709-n\decora-sse.dll
2010-03-19 02:33 . 2010-03-19 02:33 12800 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31f21709-n\decora-d3d.dll
2010-03-16 00:37 . 2006-10-23 15:42 249856 ------w- c:\windows\Setup1.exe
2010-03-16 00:37 . 2006-10-23 15:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-15 08:08 . 2009-09-15 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-03-12 06:11 . 2008-07-23 08:15 -------- d-----w- c:\documents and settings\TenchiMuyo\Application Data\BitTorrent
2010-03-11 20:41 . 2009-07-06 07:30 -------- d-----w- c:\documents and settings\TenchiMuyo\Application Data\Any Video Converter
2010-03-11 06:17 . 2010-01-22 19:08 239417 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\npsoeact.dll
2010-03-11 06:17 . 2010-01-22 19:08 -------- d-----w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment
2010-03-11 06:14 . 2005-11-10 01:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-28 00:21 . 2008-07-18 06:06 42040 ----a-w- c:\documents and settings\TenchiMuyo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-28 00:11 . 2005-06-24 22:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-28 00:11 . 2010-02-28 00:11 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-02-28 00:11 . 2010-02-28 00:11 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-02-28 00:11 . 2010-02-28 00:11 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-02-28 00:11 . 2010-02-28 00:11 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-02-28 00:11 . 2010-02-28 00:11 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-02-28 00:11 . 2010-02-28 00:11 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-02-28 00:11 . 2010-02-28 00:11 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2010-02-28 00:11 . 2010-02-28 00:11 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-02-05 02:52 . 2009-05-03 07:56 -------- d-----w- c:\program files\World of Warcraft
2010-02-04 23:51 . 2010-02-04 23:51 -------- d-----w- c:\program files\Atheros
2010-02-02 06:41 . 2006-12-18 02:43 -------- d-----w- c:\program files\iTunes
2010-02-02 06:41 . 2005-11-10 01:51 -------- d-----w- c:\program files\iPod
2010-02-02 06:41 . 2007-07-10 19:31 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 06:30 . 2010-02-02 06:30 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-29 08:33 . 2010-01-22 08:33 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-23 19:53 . 2006-02-11 06:35 -------- d-s---w- c:\program files\Xfire
2010-01-23 07:25 . 2005-11-10 01:51 -------- d-----w- c:\program files\QuickTime
2010-01-22 20:23 . 2010-01-22 20:23 6836224 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\QtGui4.dll
2010-01-22 20:22 . 2010-01-22 20:22 8704000 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\FreeRealmsTCG.dll
2010-01-22 20:21 . 2010-01-22 20:21 1769472 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\QtCore4.dll
2010-01-22 20:20 . 2010-01-22 20:20 376832 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\QtXml4.dll
2010-01-22 20:20 . 2010-01-22 20:20 614400 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\Qtscript4.dll
2010-01-22 20:20 . 2010-01-22 20:20 282624 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\QtSvg4.dll
2010-01-22 20:20 . 2010-01-22 20:20 626688 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\msvcr80.dll
2010-01-22 20:20 . 2010-01-22 20:20 376832 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\QtNetwork4.dll
2010-01-22 20:20 . 2010-01-22 20:20 548864 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\msvcp80.dll
2010-01-22 20:20 . 2010-01-22 20:20 479232 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\tcg\msvcm80.dll
2010-01-22 16:32 . 2008-06-12 07:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 08:56 . 2010-01-22 08:56 -------- d-----w- c:\program files\MSXML 4.0
2010-01-20 19:13 . 2010-03-15 07:44 52224 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-01-20 19:13 . 2010-03-15 07:44 101376 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-01-15 23:40 . 2010-01-22 19:15 12473688 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe
2010-01-15 23:34 . 2010-01-22 19:15 2854912 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll
2010-01-15 23:33 . 2010-01-22 19:15 102400 ----a-w- c:\documents and settings\TenchiMuyo\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll
2009-12-31 16:50 . 2004-08-04 05:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-12-21 19:14 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2006-02-11 02:57 . 2006-02-11 02:57 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"Google Update"="c:\documents and settings\TenchiMuyo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-27 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-10 180269]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"Xfire Music"="c:\program files\Xfire\xfiremusic.exe" [2006-11-21 253650]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\TenchiMuyo\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-12-22 3192720]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"10134:TCP"= 10134:TCP:BitComet 10134 TCP
"10134:UDP"= 10134:UDP:BitComet 10134 UDP
"3306:TCP"= 3306:TCP:MySQL Server
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"58607:TCP"= 58607:TCP:Pando Media Booster
"58607:UDP"= 58607:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/3/2007 8:43 PM 685816]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [11/12/2007 5:27 PM 86792]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCD5SRVC;PCD5SRVC - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [5/9/2005 6:20 PM 20224]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2.sys --> c:\windows\system32\DRIVERS\WN111v2.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4279119665-142862687-4263860127-1018Core.job
- c:\documents and settings\TenchiMuyo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 05:01]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4279119665-142862687-4263860127-1018UA.job
- c:\documents and settings\TenchiMuyo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 05:01]

2010-03-20 c:\windows\Tasks\WebReg Deskjet 3900 series.job
- c:\program files\HP\DIGITAL IMAGING\BIN\hpqwrg.exe [2005-05-12 07:21]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\TenchiMuyo\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\TenchiMuyo\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{527F6D3B-5A39-451A-B5B8-ADB20E75B9BA} - c:\windows\system32\ddcCRLBu.dll
BHO-{f798de9d-dfea-47ef-b88e-06a28720e873} - c:\windows\system32\zpapge.dll
HKLM-Run-PCDrProfiler - (no file)
SharedTaskScheduler-{89aef01d-d237-49c7-84dc-4e1904c1fd31} - (no file)
Notify-khfGyvwT - khfGyvwT.dll
AddRemove-HijackThis - c:\documents and settings\TenchiMuyo\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-20 00:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys sptd.sys hal.dll >>UNKNOWN [0x873848AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76abf28
\Driver\ACPI -> ACPI.sys @ 0xf741ccb8
\Driver\atapi -> atapi.sys @ 0xf7302b40
\Driver\iaStor -> 0x873641e8
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf71c9bd4
PacketIndicateHandler -> NDIS.sys @ 0xf71d5a21
SendHandler -> NDIS.sys @ 0xf71c9d44
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCD5SRVC]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\sm56hlpr.exe
c:\documents and settings\TenchiMuyo\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2010-03-20 01:00:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 08:00

Pre-Run: 7,893,868,544 bytes free
Post-Run: 10,552,614,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=2 LastKnownGood=6 Sets=,1,2,3,4,5,6
- - End Of File - - A894B09AAA62E7B54E7F0DC6527DBDAF

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by Dr Jay on Sat Mar 20, 2010 1:05 pm

Please download and save [You must be registered and logged in to see this link.]
  • Double click to run the tool.
  • When complete, run mbr -f then reboot.
  • After reboot, provide a fresh log and a new mbr log.


Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Scan Results

Post by TenchiiMuyo99 on Sat Mar 20, 2010 10:06 pm

I got the mbr.exe program and have the log for that. However, I cannot find the program provided in the link above it. HelpAsst_mebroot_fix.exe shows up as an error or blank page, and says it doesn't exist. Here's the log for mbr.exe, however:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by Dr Jay on Sun Mar 21, 2010 3:22 am

Sorry, here is the correct download:

[You must be registered and logged in to see this link.]

Try again, please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Scan Results

Post by TenchiiMuyo99 on Tue Mar 23, 2010 4:26 am

Ok, I got it working now. Thank you very much for the correction and help. Here's the log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by Dr Jay on Tue Mar 23, 2010 4:39 am

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Scan Results

Post by TenchiiMuyo99 on Tue Mar 23, 2010 5:56 am

The OTL log is too big for me to post as one, so I'm going to post the OTL as two different posts, with a brief message on the top saying which log it is, and I might have to do the same for the extras log as well.

Here is the beginning of the OTL log:

OTL logfile created on: 3/22/2010 10:37:00 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\TenchiMuyo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 644.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.52 Gb Total Space | 9.83 Gb Free Space | 6.90% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-27E1513D96
Current User Name: TenchiMuyo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/22 21:44:53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TenchiMuyo\Desktop\OTL.exe
PRC - [2010/03/18 18:57:09 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/02/20 14:22:34 | 004,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/12/05 02:07:41 | 001,179,648 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2008/10/07 08:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/09/13 16:15:51 | 001,261,568 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/27 17:46:32 | 000,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
PRC - [2007/08/18 08:29:00 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/08/02 12:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
PRC - [2005/11/09 18:41:00 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/01/23 19:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe


========== Modules (SafeList) ==========

MOD - [2010/03/22 21:44:53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TenchiMuyo\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/05/05 19:52:24 | 000,151,552 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/02/16 17:39:00 | 002,736,890 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/05 02:07:41 | 001,179,648 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2008/09/13 16:15:51 | 001,261,568 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -- (VSSERV)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/05/05 15:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/11/27 17:46:32 | 000,086,016 | ---- | M] (BitDefender) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2007/08/02 12:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.4
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.3
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.19.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {D2A6A719-7CBC-4594-85FD-C36AD881424F}:4.5.21
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?PC=BRTH&FORM=BT074D&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/24 04:31:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/24 04:31:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2008/02/13 21:00:16 | 000,000,000 | ---D | M]

[2009/06/28 11:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Extensions
[2010/03/22 22:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions
[2010/03/16 15:00:31 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/09/09 15:18:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/24 17:31:41 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}
[2010/01/22 12:08:39 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/02/25 12:35:46 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/02/17 22:25:00 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/01/24 04:42:40 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/01/24 04:42:36 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/24 04:42:40 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/02/11 19:39:03 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/13 13:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/03/15 00:44:38 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010/03/22 22:12:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/01 10:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/01/24 04:42:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/25 20:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}
[2010/01/29 02:09:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/09/13 12:34:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/25 12:35:29 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/01/24 04:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\amznUWL@amazon.com
[2010/02/25 12:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\foxyproxy@eric.h.jung
[2010/02/17 22:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\lookingforgroupboom@lookingforgroup.com
[2010/03/18 19:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\extensions\SkipScreen@SkipScreen
[2010/03/22 22:35:23 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\searchplugins\ask.xml
[2010/03/22 22:35:23 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\searchplugins\bing.xml
[2010/02/16 22:47:09 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\TenchiMuyo\Application Data\Mozilla\Firefox\Profiles\5ht43a6x.default\searchplugins\yahoo.xml
[2010/03/22 22:12:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/11 00:01:08 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/03/15 01:00:09 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2010/03/20 00:53:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [regcmdcons] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\TenchiMuyo\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} [You must be registered and logged in to see this link.] (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} [You must be registered and logged in to see this link.] (CSolidBrowserObj Object)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} [You must be registered and logged in to see this link.] (HanSetupCtrl1010 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} [You must be registered and logged in to see this link.] (InstantAction Game Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/24 15:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/09 18:23:04 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0C967A97-8A13-44B8-AE34-043C3D81B8F3} - Yahoo! Toolbar
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3B5ABBA8-D573-465B-B5DE-1ACEC13B4A95} - Yahoo! Tracking
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8C7AAC4A-0705-4479-B68A-E1A6A0065CFA} - Yahoo! Search Assist
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - Solid State ION Internet Explorer Plugin
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{45F976CA-1795-4EC5-9EF5-D6351A95F723} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by TenchiiMuyo99 on Tue Mar 23, 2010 5:57 am

OTL log continued:

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/22 21:44:52 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TenchiMuyo\Desktop\OTL.exe
[2010/03/20 00:39:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/20 00:37:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/20 00:37:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/20 00:37:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/20 00:37:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/20 00:37:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/20 00:34:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/18 20:03:48 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\TenchiMuyo\Desktop\winlogon.scr
[2010/03/18 19:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/03/18 19:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/15 00:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2010/03/15 00:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010/03/15 00:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\Help
[2010/03/15 00:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TenchiMuyo\Application Data\Help
[2010/03/15 00:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TenchiMuyo\Desktop\Diablo_III_Fansite_Kit_en-US
[2010/02/28 13:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/25 22:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/12 00:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/02 08:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire Plus
[2007/08/06 17:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2007/07/13 13:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/11/09 18:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/22 22:35:13 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/03/22 22:02:10 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4279119665-142862687-4263860127-1018UA.job
[2010/03/22 21:44:53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TenchiMuyo\Desktop\OTL.exe
[2010/03/22 21:23:35 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/03/22 21:22:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/22 21:22:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 21:22:06 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/22 21:21:01 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\TenchiMuyo\NTUSER.DAT
[2010/03/22 21:21:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\TenchiMuyo\ntuser.ini
[2010/03/22 21:20:42 | 004,811,290 | -H-- | M] () -- C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\IconCache.db
[2010/03/22 21:19:55 | 000,488,240 | ---- | M] () -- C:\Documents and Settings\TenchiMuyo\Desktop\HelpAsst_mebroot_fix.exe
[2010/03/22 21:15:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 19:02:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4279119665-142862687-4263860127-1018Core.job
[2010/03/20 17:14:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet 3900 series.job
[2010/03/20 15:05:01 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\TenchiMuyo\Desktop\mbr.exe
[2010/03/20 00:54:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/20 00:53:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/20 00:39:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/20 00:32:34 | 003,895,220 | R--- | M] () -- C:\Documents and Settings\TenchiMuyo\Desktop\commy.exe
[2010/03/19 18:33:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/19 16:52:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/18 20:37:32 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\TenchiMuyo\Desktop\Dear Coon.doc
[2010/03/18 20:03:48 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\TenchiMuyo\Desktop\winlogon.scr
[2010/03/18 19:55:20 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\TenchiMuyo\Desktop\JavaRa.zip
[2010/03/18 19:49:56 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/15 18:05:18 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\TenchiMuyo\Desktop\Shortcut to Hero Editor.exe.lnk
[2010/03/15 07:49:38 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 07:49:37 | 000,524,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 07:49:37 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 01:43:15 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 13:41:57 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/09 08:42:30 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/22 21:19:53 | 000,488,240 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Desktop\HelpAsst_mebroot_fix.exe
[2010/03/20 14:58:02 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Desktop\mbr.exe
[2010/03/20 00:39:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/20 00:39:15 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/20 00:37:31 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/20 00:37:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/20 00:37:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/20 00:37:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/20 00:37:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/20 00:32:22 | 003,895,220 | R--- | C] () -- C:\Documents and Settings\TenchiMuyo\Desktop\commy.exe
[2010/03/18 20:37:32 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Desktop\Dear Coon.doc
[2010/03/18 19:55:19 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Desktop\JavaRa.zip
[2010/03/18 19:49:56 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/15 18:05:18 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Desktop\Shortcut to Hero Editor.exe.lnk
[2009/12/22 16:59:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/09/11 12:02:03 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\fusioncache.dat
[2009/05/18 18:28:54 | 000,004,025 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\.ipc_copyrecord
[2009/05/18 18:28:22 | 000,001,232 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\iTunesPrefs
[2009/05/02 12:50:34 | 001,716,224 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2009/05/01 19:52:25 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2008/10/04 23:53:08 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\TenchiMuyo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/04 01:45:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\freeisys.dll
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/06/12 16:53:23 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/01/27 21:34:04 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/11/17 01:40:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/11/03 20:43:57 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/10/06 11:36:28 | 000,002,593 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/03 14:01:10 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2007/06/29 10:51:13 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/17 23:53:49 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Quake.INI
[2006/12/17 21:41:10 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2006/11/11 18:53:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/10/22 20:22:09 | 000,000,208 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/01 15:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/06/01 15:06:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/05/05 17:28:08 | 000,001,225 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/05 17:27:56 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/02/17 19:58:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/02/17 19:55:25 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/02/17 19:55:25 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/11/09 19:19:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/09 18:55:28 | 000,012,967 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/09 18:55:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/09 18:50:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/09 18:46:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/09 18:46:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/09 18:46:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/09 18:46:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/09 18:46:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/09 18:46:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/09 18:41:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/09 18:38:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/09 18:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/11/09 18:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/11/09 18:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/11/09 18:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/11/09 18:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/11/09 18:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/11/09 18:36:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/11/09 18:36:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/11/09 18:36:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/11/09 18:26:22 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/09 18:22:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/07 06:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/09 17:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/06/15 15:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 17:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2006/12/17 22:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2008/01/27 20:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/03/15 01:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/04/28 21:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/10/26 11:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2009/09/15 15:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/11 01:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/08/24 13:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/04/05 22:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webyog
[2008/07/24 00:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/13 17:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/11 17:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 17:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/11 13:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Any Video Converter
[2008/07/17 22:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Bitdefender
[2010/03/11 23:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\BitTorrent
[2009/04/12 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2009/09/15 15:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\DriverCure
[2009/01/16 18:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\GarageGames
[2009/06/16 23:41:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\ijjigame
[2008/08/24 17:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Nexon
[2009/04/28 21:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Notepad++
[2009/04/12 18:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\NPLUTO Corporation
[2009/06/12 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Raptr
[2005/11/09 18:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\SampleView
[2009/02/23 23:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\SharePod
[2010/03/10 23:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Sony Online Entertainment
[2009/05/03 10:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Subversion
[2009/01/21 18:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\TeamViewer
[2009/09/11 12:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\Turbine
[2008/07/24 00:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TenchiMuyo\Application Data\WildTangent

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007/11/03 20:43:58 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2005/06/24 08:25:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/24 08:25:14 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/24 08:25:14 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2005/06/24 15:32:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/08/06 15:22:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/20 00:39:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/03/20 01:00:58 | 000,026,297 | ---- | M] () -- C:\ComboFix.txt
[2005/06/24 15:32:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/22 21:20:15 | 000,000,540 | ---- | M] () -- C:\HelpAsst.log
[2010/03/22 21:22:06 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2005/06/24 15:32:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/18 19:55:38 | 000,010,472 | ---- | M] () -- C:\JavaRa.log
[2005/06/24 15:32:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/02/27 17:05:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/14 20:18:06 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2008/10/14 20:18:06 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/03/22 21:22:04 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/03/18 19:49:34 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/07/09 00:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2008/08/14 22:39:11 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/02/04 16:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2010/03/15 00:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\Babylon
[2009/09/18 14:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2008/01/27 20:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\BitDefender
[2008/03/22 23:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2009/01/11 01:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/03/20 00:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/11/09 18:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/08/27 21:55:05 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/03/22 23:42:01 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2006/05/14 15:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\DQ
[2009/06/16 23:40:54 | 000,000,000 | ---D | M] -- C:\Program Files\DriftCity
[2006/11/15 21:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2008/04/26 15:34:22 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/03/15 19:38:09 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/11/05 14:26:13 | 000,000,000 | ---D | M] -- C:\Program Files\Hero Editor
[2005/11/09 18:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/11/04 21:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\HHHT
[2006/05/05 17:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/07/24 00:34:12 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2009/11/02 23:19:02 | 000,000,000 | ---D | M] -- C:\Program Files\Infogrames Interactive
[2010/03/10 23:14:51 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/01/22 02:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/11/09 18:29:10 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/09/11 17:14:02 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2010/02/01 23:41:08 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/02/01 23:41:51 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/03/18 19:34:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/27 17:13:19 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/06/26 03:25:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/05/08 21:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/03/27 20:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/06/16 23:53:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/11/09 18:30:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Dancer LE
[2005/11/09 18:30:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/11/09 18:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2008/06/12 00:05:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/01/22 09:32:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/06/16 23:57:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2005/11/09 18:30:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/06/12 16:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2005/11/09 18:31:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/06/16 23:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/11 04:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/15 01:06:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/03/23 23:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/07/10 12:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2009/05/12 20:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/11/09 18:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2005/11/09 18:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/01/22 01:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/25 22:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/10/26 11:31:10 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2010/02/27 17:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/06/16 23:34:15 | 000,000,000 | ---D | M] -- C:\Program Files\No-IP
[2009/09/13 12:34:54 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/04/28 21:12:29 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2005/11/09 18:31:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/02/27 17:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/09/11 00:00:41 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2005/11/09 18:33:20 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2005/11/09 18:33:41 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2009/11/02 23:17:35 | 000,000,000 | ---D | M] -- C:\Program Files\Phantasy Star Online Blue Burst
[2009/05/02 21:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\PremiumSoft
[2007/12/02 03:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2009/09/10 16:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\QuickMediaConverter
[2010/01/23 00:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/11/09 18:33:59 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/03/23 23:33:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/15 01:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Software Informer
[2005/11/09 18:34:11 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/01/21 18:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2007/01/29 20:26:20 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/09/11 11:31:39 | 000,000,000 | ---D | M] -- C:\Program Files\Turbine
[2005/11/09 18:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2007/06/29 15:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/05/01 20:03:54 | 000,000,000 | ---D | M] -- C:\Program Files\Wide Angle Software
[2008/07/24 00:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\WildGames
[2005/11/09 18:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2007/07/10 12:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009/06/26 03:25:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/06/26 03:24:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/02/27 17:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/02/27 17:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/09 18:39:21 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/03/15 00:36:49 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/02/04 19:52:08 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2005/11/09 18:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/01/23 12:53:55 | 000,000,000 | --SD | M] -- C:\Program Files\Xfire
[2008/02/24 11:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Xfire Plus
[2009/03/17 20:26:09 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/27 17:00:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/02/27 17:00:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/27 17:00:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/02/27 17:00:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/03/09 11:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\hp\drivers\Intel_Emery_RAID_v5.0.0.1032\iaStor.sys
[2005/03/09 11:09:18 | 000,870,912 | ---- | M] (Intel Corporation) MD5=79AE2A97C120F282845D854D0F070EA9 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/03 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 22:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-11 11:03:15
< End of report >

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by TenchiiMuyo99 on Tue Mar 23, 2010 5:59 am

Extras log:

OTL Extras logfile created on: 3/22/2010 10:37:00 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\TenchiMuyo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 644.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.52 Gb Total Space | 9.83 Gb Free Space | 6.90% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-27E1513D96
Current User Name: TenchiMuyo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58607:TCP" = 58607:TCP:*:Enabled:Pando Media Booster
"58607:UDP" = 58607:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"10134:TCP" = 10134:TCP:*:Enabled:BitComet 10134 TCP
"10134:UDP" = 10134:UDP:*:Enabled:BitComet 10134 UDP
"3306:TCP" = 3306:TCP:*:Enabled:MySQL Server
"9842:TCP" = 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP" = 9842:UDP:*:Disabled:SolidNetworkManager
"58607:TCP" = 58607:TCP:*:Enabled:Pando Media Booster
"58607:UDP" = 58607:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft -- (Blizzard Entertainment)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A41BC21-EA0F-4B0B-BEA4-2997B80DB0D9}" = MapleStory
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A124808-6F10-4E53-A121-E77E54D67C48}" = BitDefender Internet Security 2008
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ADC4C1F6-088E-42D1-9F34-75A3F7236B8E}" = TouchCopy
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter_is1" = Any Video Converter 2.7.5
"ATI Display Driver" = ATI Display Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Mabinogi" = Mabinogi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"RealPlayer 6.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SoftcampSCSK" = SoftCamp Secure KeyStroke 4.0
"SolidStateIONIE" = Solid State ION Internet Explorer Plugin
"ST6UNST #1" = Hero Editor V1.03
"ST6UNST #2" = Hero Editor V0.96
"TeamViewer 4" = TeamViewer 4
"WIC" = Windows Imaging Component
"WildTangent hp Master Uninstall" = My HP Games
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XPMP" = Xfire Plus: Music Plugin
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! IE Suggest" = Yahoo! Search Suggest Add-on for IE7
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = Player
"SOE-Free Realms" = Free Realms
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/2/2010 12:52:05 AM | Computer Name = YOUR-27E1513D96 | Source = Google Update | ID = 20
Description =

Error - 2/2/2010 1:52:05 AM | Computer Name = YOUR-27E1513D96 | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 7:52:05 PM | Computer Name = YOUR-27E1513D96 | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 11:41:08 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 9.0.3.15, faulting module
quicktimempeg4.qtx, version 7.65.17.80, fault address 0x00010b53.

Error - 2/5/2010 1:52:08 AM | Computer Name = YOUR-27E1513D96 | Source = Google Update | ID = 20
Description =

Error - 2/5/2010 2:52:10 AM | Computer Name = YOUR-27E1513D96 | Source = Google Update | ID = 20
Description =

Error - 3/12/2010 12:57:05 AM | Computer Name = YOUR-27E1513D96 | Source = Google Update | ID = 20
Description =

Error - 3/12/2010 1:57:05 AM | Computer Name = YOUR-27E1513D96 | Source = Google Update | ID = 20
Description =

Error - 3/18/2010 10:34:23 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 3/18/2010 11:19:21 PM | Computer Name = YOUR-27E1513D96 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ System Events ]
Error - 3/11/2010 2:15:35 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2010 2:15:35 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2010 2:15:35 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2010 2:15:35 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2010 2:15:35 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2010 2:15:36 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2010 2:15:36 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2010 2:15:36 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/11/2010 2:15:36 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/15/2010 4:08:41 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Type with the following error:
%%5


< End of report >

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by Dr Jay on Tue Mar 23, 2010 4:19 pm

I see you are running a P2P application (BitTorrent). I suggest to read the following, and then decided whether you want to keep it or not: [You must be registered and logged in to see this link.]

WildTangent is a program that is not of good reputation. I recommend to remove it, as well.

You have a program called Install Weatherbug. I recommend to remove this, too.

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Scan Results

Post by TenchiiMuyo99 on Wed Mar 24, 2010 1:58 am

Here is the log from the scan:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e4adbf328b7c064b85ee5f095d8fd2cb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-23 11:56:02
# local_time=2010-03-23 04:56:02 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 98336615 98336615 0 0
# compatibility_mode=2048 16777195 100 0 66973621 66973621 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=105853
# found=10
# cleaned=10
# scan_time=6374
C:\Qoobox\Quarantine\C\WINDOWS\system32\dfumwxul.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\leonvpfy.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\qhlnyygt.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\tvtpqfsy.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\txhdoteb.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\uBLRCcdd.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\uBLRCcdd.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wrcqntkw.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\xnggaepi.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxjtuurv.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by Dr Jay on Wed Mar 24, 2010 3:03 am

Your logs are clean. Let's clean up.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Scan Results

Post by TenchiiMuyo99 on Wed Mar 24, 2010 5:51 am

Here's the log of the securitycheck.exe:

Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
BitDefender Internet Security 2008
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 18
Adobe Flash Player 10
Adobe Reader 9.3
````````````````````````````````
Process Check:
objlist.exe by Laurent

Common Files BitDefender BitDefender Communicator xcommsvr.exe
Common Files BitDefender BitDefender Update Service livesrv.exe
BitDefender BitDefender 2008 vsserv.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by Dr Jay on Wed Mar 24, 2010 3:03 pm

See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Scan Results

Post by TenchiiMuyo99 on Thu Mar 25, 2010 2:32 am

No, if you think that is all that is needed to be done, then I believe we are good. Thank you very much for all your help. I feel like my computer is running as good as it did when I first got it. Thank you very much, and I look forward to working with you in the future again if there is ever another problem. Have a wonderful day. :smile2: Thank You!

TenchiiMuyo99
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-03-19
OS : Windows XP

View user profile

Back to top Go down

Re: Scan Results

Post by Dr Jay on Thu Mar 25, 2010 2:41 am

You're welcome. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum