Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with HTML/Infected.WebPage.Gen, Don't know how to remove

Started by Taksam , Apr 14 2009 06:22 AM

  • This topic is locked This topic is locked

#1
Taksam
Posted 14 April 2009 - 06:22 AM

Taksam

    New Member

  • Member
  • Pip
  • 7 posts
I used Hijack this in hopes that it would help you folks help me remove it. Avira constantly pops up the detection boxes and simply will not delete it. Thanks folks. Here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:33 AM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: snappyads browser enhancer - {1DCBF76A-2B1A-FD6B-B68D-B4DDD0D2C2C2} - C:\WINDOWS\system32\qxamtqppvzeobpzz.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: snappyads - {add7e7dc-f1f2-2114-729a-35c016214234} - C:\WINDOWS\system32\nsn98C.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LifeChat] "c:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [aadeeeweuvx] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\qxamtqppvzeobpzz.dll"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134503868311
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15021/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14365 bytes
  • 0

Advertisements

#2
heir
Posted 18 April 2009 - 10:15 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello Taksam !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


Step 1.
Follow the guide:

Follow the guide and post the logs back here

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

  • The logs according to the guide in step 1.
  • The content of C:\lopR.txt from step 2.

  • 0

#3
Taksam
Posted 18 April 2009 - 04:55 PM

Taksam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much for the reply Heir :). I did follow your instructions to the best my computer would allow. Here are my results sir. Thank you for assisting me!



Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:131061 Mo/Free:1232 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 04/18/2009|18:36

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
---------- C:\WINDOWS\system32\CTHELPER.EXE
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
---------- C:\Program Files\Microsoft LifeChat\LifeChat.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
---------- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
---------- C:\Nexon\Mabinogi\npkcmsvc.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\java.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
---------- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
---------- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
---------- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Takumi\Cookies\takumi@crackle[2].txt
C:\DOCUME~1\Takumi\Incomplete\T-271389-tube hunter keygen [incl keygen by team Black_X].zip
C:\DOCUME~1\Takumi\My Documents\New Folder (2)\AnyDVD & AnyDVD HD 6.4.0.5(NEW-31.03)\AnyDVD & AnyDVD HD 6.4.0.5\Crack\AnyDVDtray.exe.bc!
C:\DOCUME~1\Takumi\Shared\AnyDVD v28 Custom Installer v6.1.7.4 Crack.zip
C:\DOCUME~1\Takumi\Shared 2\tube hunter keygen crack.zip
C:\DOCUME~1\Takumi\Shared 2\tube hunter keygen.zip


1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/18/2009|18:37

----------------------\\ Scan completed at 18:37

OTListIt logfile created on: 4/18/2009 6:38:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Takumi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.71% Memory free
2.98 Gb Paging File | 2.39 Gb Available in Paging File | 80.28% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 21.20 Gb Free Space | 16.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDONHEAT
Current User Name: Takumi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Takumi\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LinksysUpdater [Auto | Running]) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (npkcmsvc [Auto | Running]) -- C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (SbPF.Launcher [Auto | Running]) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)
SRV - (SPF4 [Auto | Running]) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)
SRV - (sprtsvc_ddoctorv2 [Auto | Running]) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (COMMONFX.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (hap17v2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\hap17v2k.sys (Creative Technology Ltd)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (npf [Auto | Running]) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (pnarp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (purendis [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SbFw [System | Running]) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sbfwim.sys (Sunbelt Software, Inc.)
DRV - (sbhips [System | Running]) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (sdcplh [System | Running]) -- C:\WINDOWS\System32\drivers\sdcplh.sys ()
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www15.yoog.co.../search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: filtersetg@updater:0.3.1.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://www15.yoog.co.../search.php?q="

FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www15.yoog.co.../search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www15.yoog.co.../search.php?q="
FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/14 00:04:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/17 17:20:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/03 10:08:46 | 00,000,000 | ---D | M]

[2008/08/27 00:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Extensions
[2008/08/27 00:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/18 18:24:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions
[2008/04/25 09:26:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/04/15 17:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/12/23 08:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\filtersetg@updater
[2008/12/05 08:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\[email protected]
[2009/01/01 17:18:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\[email protected]
[2009/01/01 17:18:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\[email protected]
[2009/04/14 13:49:47 | 00,000,247 | ---- | M] () -- C:\Documents and Settings\Takumi\Application Data\Mozilla\FireFox\Profiles\ic13sxoy.default\searchplugins\Yoog Search.xml
[2009/04/17 18:11:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/03 10:08:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/12 08:48:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/13 14:22:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/14 00:04:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/03 10:08:40 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/03 10:08:40 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/05 11:19:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/05 11:19:01 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/05 11:19:01 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/05 11:19:01 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/05 11:19:01 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/05 11:19:01 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/05 11:19:01 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [LifeChat] "c:\Program Files\Microsoft LifeChat\LifeChat.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun (Microsoft Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....015/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1134503868311 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15021/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AutoEquip [2008/03/08 01:57:49 | 00,000,000 | ---D | M] - [ NTFS ]
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/18 18:35:49 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/18 18:32:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/18 18:31:34 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Takumi\Desktop\NTREGOPT.lnk
[2009/04/18 18:31:34 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Takumi\Desktop\ERUNT.lnk
[2009/04/18 18:31:34 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/18 18:25:26 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Takumi\Desktop\OTListIt2.exe
[2009/04/18 18:25:13 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Takumi\Desktop\Rooter.exe
[2009/04/18 18:23:59 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\Takumi\Desktop\erunt_setup.exe
[2009/04/18 18:23:51 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\Takumi\Desktop\SysRestorePoint.exe
[2009/04/18 18:20:27 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/18 18:19:55 | 00,530,106 | ---- | C] () -- C:\DOCUME~1\Takumi\Desktop\LopSD.exe
[2009/04/18 03:29:51 | 00,048,590 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\untitled(2)
[2009/04/18 03:28:53 | 00,040,534 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\untitled
[2009/04/16 16:26:26 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 16:26:26 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 16:26:26 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 16:26:26 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 16:26:26 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 16:26:25 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 16:26:25 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 16:26:25 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 16:26:25 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 16:25:17 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 16:25:15 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 16:25:14 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 18:02:46 | 00,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/04/14 17:51:00 | 00,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2009/04/14 17:51:00 | 00,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2009/04/14 17:10:24 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009/04/14 17:08:31 | 06,000,608 | ---- | C] (Sunbelt Software ) -- C:\DOCUME~1\Takumi\My Documents\sunbelt-personal-firewall.exe
[2009/04/14 13:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/14 13:45:58 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/14 13:45:53 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/14 13:45:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Takumi\Application Data\SUPERAntiSpyware.com
[2009/04/14 13:45:04 | 06,237,728 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\SUPERAntiSpyware.exe
[2009/04/14 12:29:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Takumi\Application Data\Malwarebytes
[2009/04/14 12:29:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/14 12:29:39 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/14 12:29:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/14 12:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/14 12:29:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/14 12:26:08 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Takumi\My Documents\mbam-setup.exe
[2009/04/14 08:11:15 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\Takumi\Desktop\HijackThis.lnk
[2009/04/14 08:11:15 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/14 08:10:18 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\Takumi\My Documents\HJTInstall.exe
[2009/04/13 23:29:05 | 00,085,665 | ---- | C] () -- C:\WINDOWS\System32\905c76cb-a1ef-c887-c315-96e0a1412a20.exe
[2009/04/13 23:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009/04/13 23:16:02 | 08,453,554 | ---- | C] (Neoretix Laboratory ) -- C:\DOCUME~1\Takumi\My Documents\setup_3_wcap.exe
[2009/03/31 15:51:03 | 02,348,416 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\FixDwndp.exe
[2009/03/28 00:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/28 00:13:28 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/28 00:13:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/28 00:10:18 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/28 00:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/26 20:29:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Takumi\Application Data\vlc
[2009/03/26 20:28:15 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/03/26 20:23:40 | 16,320,472 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\vlc-0.9.8a-win32.exe
[2009/03/26 20:01:31 | 00,170,712 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\CoreAAC-1.2.0.575rev3.zip
[2009/03/26 19:58:49 | 00,021,764 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2009/03/26 19:58:38 | 00,223,171 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\CoreAAC-1.2.0.573.exe
[2009/03/26 19:52:28 | 03,168,382 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\SopCast.zip
[2009/03/24 07:45:23 | 11,041,561 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\01_-_under_star.mp3
[2009/03/24 07:43:41 | 14,972,1154 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\Hajime No Ippo Ost 1 - First KO.zip
[2009/03/23 21:22:19 | 10,306,354 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\Gundam 00 S2 - Trust You.mp3
[2009/03/23 21:07:41 | 16,343,2733 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\[Nipponsei] Gundam 00 Original Soundtrack 02.zip
[2009/03/23 20:59:15 | 11,780,2039 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\[Nipponsei] Gundam 00 Original Soundtrack 01.zip
[2009/03/21 10:06:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/19 23:22:46 | 00,016,349 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\lordofther_c33ua79j.jpg
[2009/03/19 23:22:29 | 00,039,326 | ---- | C] () -- C:\DOCUME~1\Takumi\My Documents\finalfanta_bd14dl1s.jpg
[2008/11/09 16:47:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/01 03:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/25 18:50:08 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/06/15 19:56:23 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/04/12 08:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 00,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/08/28 18:56:21 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/09 20:58:36 | 00,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2006/05/19 16:18:15 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/01/20 20:43:41 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/10 19:37:27 | 00,050,372 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/01/10 19:37:27 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/13 15:55:10 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/11/11 14:47:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/11 14:47:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/11 14:47:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/11 14:47:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/11/11 14:47:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/11 14:47:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/29 20:00:42 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/08/29 19:56:58 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/06/16 19:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/01/30 09:37:50 | 00,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/03/21 18:56:12 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2002/10/06 14:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/03/01 14:43:34 | 00,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
[2001/12/03 16:50:58 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 00,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2001/08/23 08:00:00 | 00,000,684 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/07/07 06:49:30 | 00,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 16:28:12 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 00,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/18 18:31:34 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Takumi\Desktop\NTREGOPT.lnk
[2009/04/18 18:31:34 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Takumi\Desktop\ERUNT.lnk
[2009/04/18 18:25:26 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Takumi\Desktop\OTListIt2.exe
[2009/04/18 18:25:14 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Takumi\Desktop\Rooter.exe
[2009/04/18 18:24:02 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\Takumi\Desktop\erunt_setup.exe
[2009/04/18 18:23:52 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\Takumi\Desktop\SysRestorePoint.exe
[2009/04/18 18:19:56 | 00,530,106 | ---- | M] () -- C:\DOCUME~1\Takumi\Desktop\LopSD.exe
[2009/04/18 11:55:04 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/04/18 11:20:25 | 00,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/18 11:18:26 | 00,193,389 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/18 11:18:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/18 11:18:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/18 03:55:33 | 00,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/18 03:55:33 | 00,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/18 03:55:33 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/18 03:55:33 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/18 03:55:33 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/18 03:55:05 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000004-20021102}.CDF
[2009/04/18 03:55:05 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000004-20021102}.BAK
[2009/04/18 03:29:51 | 00,048,590 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\untitled(2)
[2009/04/18 03:28:53 | 00,040,534 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\untitled
[2009/04/17 21:52:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/17 17:18:29 | 00,522,706 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 17:18:29 | 00,441,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 17:18:29 | 00,071,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 23:40:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 18:02:46 | 00,000,264 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2009/04/14 17:21:05 | 00,000,684 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/14 17:21:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/14 17:21:05 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/14 17:13:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/04/14 17:09:33 | 06,000,608 | ---- | M] (Sunbelt Software ) -- C:\DOCUME~1\Takumi\My Documents\sunbelt-personal-firewall.exe
[2009/04/14 16:38:10 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Takumi\Local Settings\Application Data\IconCache.db
[2009/04/14 16:35:41 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/14 13:45:58 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/14 13:45:24 | 06,237,728 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\SUPERAntiSpyware.exe
[2009/04/14 12:29:39 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/14 12:26:14 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Takumi\My Documents\mbam-setup.exe
[2009/04/14 08:11:15 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\Takumi\Desktop\HijackThis.lnk
[2009/04/14 08:10:18 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\Takumi\My Documents\HJTInstall.exe
[2009/04/13 23:29:05 | 00,085,665 | ---- | M] () -- C:\WINDOWS\System32\905c76cb-a1ef-c887-c315-96e0a1412a20.exe
[2009/04/13 23:16:26 | 08,453,554 | ---- | M] (Neoretix Laboratory ) -- C:\DOCUME~1\Takumi\My Documents\setup_3_wcap.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 19:46:06 | 00,113,664 | ---- | M] () -- C:\Documents and Settings\Takumi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/05 19:39:08 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/31 15:51:09 | 02,348,416 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\FixDwndp.exe
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/26 20:27:46 | 16,320,472 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\vlc-0.9.8a-win32.exe
[2009/03/26 20:22:04 | 00,042,560 | ---- | M] () -- C:\Documents and Settings\Takumi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/26 20:01:48 | 00,021,764 | ---- | M] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2009/03/26 20:01:31 | 00,170,712 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\CoreAAC-1.2.0.575rev3.zip
[2009/03/26 19:58:44 | 00,223,171 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\CoreAAC-1.2.0.573.exe
[2009/03/26 19:53:16 | 03,168,382 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\SopCast.zip
[2009/03/24 07:54:57 | 14,972,1154 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\Hajime No Ippo Ost 1 - First KO.zip
[2009/03/24 07:46:36 | 11,041,561 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\01_-_under_star.mp3
[2009/03/23 21:23:08 | 10,306,354 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\Gundam 00 S2 - Trust You.mp3
[2009/03/23 21:21:00 | 16,343,2733 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\[Nipponsei] Gundam 00 Original Soundtrack 02.zip
[2009/03/23 21:06:37 | 11,780,2039 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\[Nipponsei] Gundam 00 Original Soundtrack 01.zip
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/19 23:22:46 | 00,016,349 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\lordofther_c33ua79j.jpg
[2009/03/19 23:22:30 | 00,039,326 | ---- | M] () -- C:\DOCUME~1\Takumi\My Documents\finalfanta_bd14dl1s.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\DOCUME~1\Takumi\My Documents\picresized_1221551636_Young.jpg:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\DOCUME~1\Takumi\My Documents\Omega.mp3:Roxio EMC Stream
< End of report >

OTListIt Extras logfile created on: 4/18/2009 6:38:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Takumi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.71% Memory free
2.98 Gb Paging File | 2.39 Gb Available in Paging File | 80.28% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 21.20 Gb Free Space | 16.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDONHEAT
Current User Name: Takumi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger File not found
C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client (www.BitComet.com)
C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver File not found
C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application File not found
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service (Pure Networks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E0CE470-D256-4D67-A5B6-18E76546C8DE}" = BlackBerry v4.2.2 for the 8310 Series Wireless Handheld
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{628AA77D-DFC9-4B3D-BE8E-CF9F7CD4C3C7}" = BlackBerry Device Software Updater
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}" = Windows Live Device Manager
"{66039B36-96AE-40D1-8A32-071F7A61B738}" = Microsoft LifeChat
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92C5DB3D-9D6F-4324-BB11-57825F4C2635}" = DVD Decoder Pak for Windows XP
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"905c76cb-a1ef-c887-c315-96e0a1412a20" = Contextual Tool Snappyads
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"BBMediaSyncUninstall" = BlackBerry Media Sync
"BitComet" = BitComet 1.00
"BlackBerry_{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.13.5
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"InstallShield_{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher
"InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PowerDVD" = PowerDVD
"RealPlayer 6.0" = RealPlayer
"SystemRequirementsLab" = System Requirements Lab
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2009 5:40:31 PM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =

Error - 4/16/2009 4:23:46 PM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =

Error - 4/16/2009 4:23:59 PM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =

Error - 4/16/2009 4:47:47 PM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =

Error - 4/17/2009 5:13:23 PM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =

Error - 4/17/2009 5:13:26 PM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =

Error - 4/17/2009 5:14:48 PM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =

Error - 4/18/2009 11:18:55 AM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =

Error - 4/18/2009 11:19:00 AM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =

Error - 4/18/2009 11:54:59 AM | Computer Name = BRANDONHEAT | Source = Desktop | ID = 268379920
Description =


< End of report >

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 Processor 3500+ )
BIOS : Default System BIOS
USER : Takumi ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
Firewall : Sunbelt Personal Firewall 4.6.1861 T (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:127 Go (Free:21 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 04/18/2009|18:47 )

--------------------\\ Listing folders in APPLIC~1

[03/28/2009|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[11/19/2008|07:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[01/31/2009|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[03/01/2008|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[11/19/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/15/2006|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/05/2007|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[02/08/2007|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/15/2008|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[10/15/2008|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[06/27/2008|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[06/15/2007|08:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/24/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[03/16/2009|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[12/10/2007|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/26/2009|03:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Linksys
[12/10/2007|05:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MailFrontier
[04/14/2009|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[02/08/2009|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/22/2007|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[01/26/2009|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[03/16/2009|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[04/16/2008|06:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SlySoft
[03/16/2009|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[04/14/2009|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[12/27/2007|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[12/27/2007|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[03/01/2008|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[12/13/2005|04:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[03/15/2008|05:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[02/08/2007|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[12/13/2005|03:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[04/14/2009|08:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[10/15/2008|04:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[03/17/2009|12:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[10/15/2008|04:50] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[01/20/2006|08:45] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> acccore
[12/10/2007|07:27] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Adobe
[03/24/2008|07:14] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Apple Computer
[01/10/2006|07:37] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Creative
[03/06/2007|04:44] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> DivX
[06/28/2008|03:29] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> FrostWire
[06/15/2007|08:13] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> HP
[12/13/2005|03:32] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Identities
[01/20/2009|01:35] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Image Zone Express
[01/09/2007|05:06] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Lavasoft
[12/13/2005|03:45] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Macromedia
[04/14/2009|12:29] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Malwarebytes
[04/21/2008|08:51] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Media Player Classic
[03/14/2009|12:48] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Microsoft
[12/04/2008|06:47] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Move Networks
[08/27/2008|12:49] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Mozilla
[04/25/2008|02:32] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> MySpace
[09/20/2008|10:34] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Printer Info Cache
[02/04/2008|12:41] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Real
[03/14/2009|12:38] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Research In Motion
[03/17/2009|12:07] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Roxio
[07/30/2007|09:37] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Sony Corporation
[05/07/2006|03:10] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Sony Ericsson
[08/17/2006|04:25] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Sun
[04/14/2009|01:45] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> SUPERAntiSpyware.com
[03/08/2008|03:20] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> SystemRequirementsLab
[12/10/2007|04:52] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Talkback
[05/07/2006|03:10] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Teleca
[09/27/2006|08:38] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Ventrilo
[07/31/2007|10:43] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> Viewpoint
[03/26/2009|08:31] C:\DOCUME~1\Takumi\APPLIC~1\<DIR> vlc

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[04/17/2009 09:52 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/18/2009 11:18 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/31/2009|06:51] C:\Program Files\<DIR> Adobe
[07/27/2006|07:12] C:\Program Files\<DIR> Ahead
[11/19/2008|07:12] C:\Program Files\<DIR> AIM6
[11/03/2006|07:00] C:\Program Files\<DIR> AOD
[08/18/2008|06:09] C:\Program Files\<DIR> Apple Software Update
[12/13/2005|03:39] C:\Program Files\<DIR> ATI Technologies
[05/22/2008|08:36] C:\Program Files\<DIR> AVG
[10/15/2008|04:56] C:\Program Files\<DIR> Avira
[05/25/2007|06:46] C:\Program Files\<DIR> BearShare Applications
[11/27/2007|04:59] C:\Program Files\<DIR> BitComet
[10/15/2008|05:20] C:\Program Files\<DIR> BitLord
[03/28/2009|12:03] C:\Program Files\<DIR> Bonjour
[01/12/2008|05:13] C:\Program Files\<DIR> Combined Community Codec Pack
[12/27/2007|10:43] C:\Program Files\<DIR> Comcast
[04/14/2009|05:52] C:\Program Files\<DIR> ComcastToolbar
[03/16/2009|11:47] C:\Program Files\<DIR> Common Files
[12/13/2005|03:26] C:\Program Files\<DIR> ComPlus Applications
[05/19/2006|03:48] C:\Program Files\<DIR> Creative
[05/19/2006|04:18] C:\Program Files\<DIR> CyberLink
[12/13/2005|04:58] C:\Program Files\<DIR> directx
[02/11/2009|01:07] C:\Program Files\<DIR> DivX
[04/18/2009|06:31] C:\Program Files\<DIR> ERUNT
[04/14/2009|05:53] C:\Program Files\<DIR> Free FLV Converter
[11/02/2008|10:25] C:\Program Files\<DIR> FrostWire
[04/14/2009|05:53] C:\Program Files\<DIR> Handbrake
[06/15/2007|08:10] C:\Program Files\<DIR> Hewlett-Packard
[10/16/2008|07:16] C:\Program Files\<DIR> HP
[03/16/2009|11:29] C:\Program Files\<DIR> InstallShield Installation Information
[04/16/2009|11:40] C:\Program Files\<DIR> Internet Explorer
[03/28/2009|12:13] C:\Program Files\<DIR> iPod
[03/28/2009|12:14] C:\Program Files\<DIR> iTunes
[12/11/2008|06:39] C:\Program Files\<DIR> Java
[12/10/2007|05:31] C:\Program Files\<DIR> Lavasoft
[06/28/2008|03:13] C:\Program Files\<DIR> LimeWire
[01/26/2009|03:08] C:\Program Files\<DIR> Linksys
[01/20/2006|08:43] C:\Program Files\<DIR> Logitech
[04/18/2009|06:34] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/17/2008|07:40] C:\Program Files\<DIR> Messenger
[02/19/2009|11:26] C:\Program Files\<DIR> Microsoft
[11/09/2008|04:46] C:\Program Files\<DIR> Microsoft ActiveSync
[03/15/2008|10:56] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[12/13/2005|03:29] C:\Program Files\<DIR> microsoft frontpage
[09/17/2008|02:44] C:\Program Files\<DIR> Microsoft LifeChat
[11/09/2008|04:46] C:\Program Files\<DIR> Microsoft Office
[02/26/2009|10:38] C:\Program Files\<DIR> Microsoft Silverlight
[02/19/2009|11:25] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[08/17/2008|07:36] C:\Program Files\<DIR> Movie Maker
[04/18/2009|06:34] C:\Program Files\<DIR> Mozilla Firefox
[04/14/2009|05:54] C:\Program Files\<DIR> MP3 Wav Editor
[04/15/2008|10:28] C:\Program Files\<DIR> MSBuild
[12/13/2005|03:26] C:\Program Files\<DIR> MSN
[12/13/2005|03:25] C:\Program Files\<DIR> MSN Gaming Zone
[11/19/2006|11:48] C:\Program Files\<DIR> MSXML 4.0
[04/15/2008|10:34] C:\Program Files\<DIR> MSXML 6.0
[10/15/2008|05:27] C:\Program Files\<DIR> MySpace
[08/17/2008|07:32] C:\Program Files\<DIR> NetMeeting
[12/13/2005|03:28] C:\Program Files\<DIR> Online Services
[08/17/2008|07:32] C:\Program Files\<DIR> Outlook Express
[01/15/2008|08:04] C:\Program Files\<DIR> PhotoViewer
[12/13/2005|04:59] C:\Program Files\<DIR> PlayOnline
[03/28/2009|12:11] C:\Program Files\<DIR> QuickTime
[02/04/2008|12:38] C:\Program Files\<DIR> Real
[12/23/2005|06:20] C:\Program Files\<DIR> Realtek AC97
[04/15/2008|10:24] C:\Program Files\<DIR> Reference Assemblies
[03/14/2009|12:57] C:\Program Files\<DIR> Research In Motion
[03/16/2009|11:47] C:\Program Files\<DIR> Roxio
[11/24/2008|09:03] C:\Program Files\<DIR> Safari
[07/15/2008|11:23] C:\Program Files\<DIR> SlySoft
[07/25/2007|06:48] C:\Program Files\<DIR> Sony
[04/14/2009|05:10] C:\Program Files\<DIR> Sunbelt Software
[04/14/2009|01:45] C:\Program Files\<DIR> SUPERAntiSpyware
[12/27/2007|10:42] C:\Program Files\<DIR> support.com
[03/16/2009|11:29] C:\Program Files\<DIR> Susteen
[03/08/2008|03:20] C:\Program Files\<DIR> SystemRequirementsLab
[04/14/2009|08:11] C:\Program Files\<DIR> Trend Micro
[04/14/2009|05:55] C:\Program Files\<DIR> Ultra Video Splitter
[12/13/2005|03:32] C:\Program Files\<DIR> Uninstall Information
[03/15/2008|04:57] C:\Program Files\<DIR> Ventrilo
[03/26/2009|08:28] C:\Program Files\<DIR> VideoLAN
[01/10/2007|08:36] C:\Program Files\<DIR> Viewpoint
[05/19/2006|03:56] C:\Program Files\<DIR> vso
[01/26/2009|03:10] C:\Program Files\<DIR> WebEx
[02/19/2009|11:26] C:\Program Files\<DIR> Windows Live
[02/08/2009|06:26] C:\Program Files\<DIR> Windows Live SkyDrive
[03/06/2007|04:52] C:\Program Files\<DIR> Windows Media Connect 2
[08/17/2008|07:32] C:\Program Files\<DIR> Windows Media Player
[08/17/2008|07:32] C:\Program Files\<DIR> Windows NT
[12/13/2005|03:58] C:\Program Files\<DIR> WindowsUpdate
[04/13/2009|11:16] C:\Program Files\<DIR> WinPcap
[02/16/2007|10:12] C:\Program Files\<DIR> WinRAR
[12/13/2005|03:29] C:\Program Files\<DIR> xerox
[04/14/2009|05:43] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/31/2009|06:51] C:\Program Files\Common Files\<DIR> Adobe
[07/27/2006|07:12] C:\Program Files\Common Files\<DIR> Ahead
[12/15/2006|07:59] C:\Program Files\Common Files\<DIR> AOL
[03/28/2009|12:13] C:\Program Files\Common Files\<DIR> Apple
[11/09/2008|04:46] C:\Program Files\Common Files\<DIR> Designer
[06/15/2007|08:10] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[09/06/2007|03:37] C:\Program Files\Common Files\<DIR> HP
[03/08/2008|02:34] C:\Program Files\Common Files\<DIR> INCA Shared
[03/16/2009|11:47] C:\Program Files\Common Files\<DIR> InstallShield
[05/19/2006|04:07] C:\Program Files\Common Files\<DIR> Java
[01/21/2009|09:35] C:\Program Files\Common Files\<DIR> logishrd
[04/14/2009|06:08] C:\Program Files\Common Files\<DIR> Logitech
[02/19/2009|11:23] C:\Program Files\Common Files\<DIR> Microsoft Shared
[12/13/2005|03:26] C:\Program Files\Common Files\<DIR> MSSoap
[01/20/2006|08:45] C:\Program Files\Common Files\<DIR> Nullsoft
[12/13/2005|10:18] C:\Program Files\Common Files\<DIR> ODBC
[01/26/2009|03:09] C:\Program Files\Common Files\<DIR> Pure Networks Shared
[02/04/2008|12:39] C:\Program Files\Common Files\<DIR> Real
[03/16/2009|11:45] C:\Program Files\Common Files\<DIR> Research In Motion
[03/16/2009|11:48] C:\Program Files\Common Files\<DIR> Roxio Shared
[12/27/2007|10:44] C:\Program Files\Common Files\<DIR> Scanner
[12/13/2005|03:26] C:\Program Files\Common Files\<DIR> Services
[03/16/2009|11:47] C:\Program Files\Common Files\<DIR> Sonic Shared
[12/13/2005|10:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/27/2007|10:43] C:\Program Files\Common Files\<DIR> supportsoft
[11/09/2008|04:46] C:\Program Files\Common Files\<DIR> System
[02/08/2009|06:23] C:\Program Files\Common Files\<DIR> Windows Live
[03/15/2008|05:04] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[04/14/2009|01:45] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[02/04/2008|12:39] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 56 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Takumi\LOCALS~1\Temp\nsd984.tmp
C:\DOCUME~1\Takumi\LOCALS~1\Temp\starbucks.bmp
C:\DOCUME~1\Takumi\LOCALS~1\Temp\Status.mif
C:\DOCUME~1\Takumi\Cookies\takumi@adultfriendfinder[1].txt
C:\DOCUME~1\Takumi\Cookies\takumi@advertising[1].txt
C:\DOCUME~1\Takumi\Cookies\takumi@advertising[3].txt
C:\DOCUME~1\Takumi\Cookies\[email protected][2].txt
C:\DOCUME~1\Takumi\Cookies\takumi@euroclick[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 18:52:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\DOCUME~1\Takumi\LOCALS~1\APPLIC~1\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\85A18DCBd01 17843 bytes
C:\DOCUME~1\Takumi\LOCALS~1\APPLIC~1\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\FD725479d01 35144 bytes
C:\DOCUME~1\Takumi\LOCALS~1\APPLIC~1\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\D1E273B7d01 34135 bytes
scan completed successfully
hidden processes: 0
hidden files: 56

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Takumi\Incomplete\T-271389-tube hunter keygen [incl keygen by team Black_X].zip
C:\DOCUME~1\Takumi\My Documents\[isoHunt] Slysoft AnyDVD-HD v6.4.1.2 Final & Crack(2).torrent
C:\DOCUME~1\Takumi\My Documents\[isoHunt] Slysoft AnyDVD-HD v6.4.1.2 Final & Crack.torrent
C:\DOCUME~1\Takumi\My Documents\My Music\iTunes\iTunes Music\Brand New\Deja Entendu\Play Crack The Sky.mp3
C:\DOCUME~1\Takumi\My Documents\New Folder (2)\AnyDVD & AnyDVD HD 6.4.0.5(NEW-31.03)\AnyDVD & AnyDVD HD 6.4.0.5\Crack
C:\DOCUME~1\Takumi\My Documents\New Folder (2)\AnyDVD & AnyDVD HD 6.4.0.5(NEW-31.03)\AnyDVD & AnyDVD HD 6.4.0.5\Crack\AnyDVDtray.exe.bc!
C:\DOCUME~1\Takumi\Shared\AnyDVD v28 Custom Installer v6.1.7.4 Crack.zip
C:\DOCUME~1\Takumi\Shared\biggie Smalls - Ten Crack Commandments.mp3
C:\DOCUME~1\Takumi\Shared 2\Brand New- Play Crack The Sky.mp3
C:\DOCUME~1\Takumi\Shared 2\tube hunter keygen crack.zip
C:\DOCUME~1\Takumi\Shared 2\tube hunter keygen.zip


[F:5106][D:246]-> C:\DOCUME~1\Takumi\LOCALS~1\Temp
[F:1141][D:0]-> C:\DOCUME~1\Takumi\Cookies
[F:5404][D:15]-> C:\DOCUME~1\Takumi\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 04/18/2009|18:54 - Option : [1]

--------------------\\ Scan completed at 18:54:24



I tried to run the Malwarebytes' Anti-Malware program again but it said: "This application has failed to start because MSVBM60.DLL was not found. Re-installing the application may fix this problem." I did run it a few days ago and it worked fine but it simply wouldnt start up this time and I even tried to reinstall it to the same result. So I did get a scan in and it found 7 infections last time which I removed but I dont have the logs sir. I hope these scans help :).
  • 0

#4
heir
Posted 19 April 2009 - 02:25 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's start removing the bad ones then.

The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

Step 1.
Uninstall unwanted software:

Posted Image Older versions of Java have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

BitComet 1.00
FrostWire 4.13.5
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Viewpoint Manager (Remove Only)
Viewpoint Media Player


Optional removals
Frostwire, BitComet and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
OTL2-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\BitComet\BitComet.exe=-
:Files
C:\Program Files\BearShare Applications
C:\Program Files\BitLord
C:\Program Files\LimeWire
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\Takumi\APPLIC~1\Viewpoint
C:\Program Files\Viewpoint
C:\DOCUME~1\Takumi\Incomplete\T-271389-tube hunter keygen [incl keygen by team Black_X].zip
C:\DOCUME~1\Takumi\My Documents\[isoHunt] Slysoft AnyDVD-HD v6.4.1.2 Final & Crack(2).torrent
C:\DOCUME~1\Takumi\My Documents\[isoHunt] Slysoft AnyDVD-HD v6.4.1.2 Final & Crack.torrent
C:\DOCUME~1\Takumi\My Documents\New Folder (2)\AnyDVD & AnyDVD HD 6.4.0.5(NEW-31.03)\AnyDVD & AnyDVD HD 6.4.0.5\Crack
C:\DOCUME~1\Takumi\Shared\AnyDVD v28 Custom Installer v6.1.7.4 Crack.zip
C:\DOCUME~1\Takumi\Shared 2\tube hunter keygen crack.zip
C:\DOCUME~1\Takumi\Shared 2\tube hunter keygen.zip
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 3.
OTL-scan:

SCan your computer again and post the content of the fresh OTListIt.txt .

Step 4.
ATF cleaner:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 5.
MBAM:

  • Start Malwarebytes Antimalware
  • Update the definitions.
  • Then select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 6.
Things I would like to see in your reply:

  • Which P2P softwares were uninstalled in step 1.
  • The content of the fixlog from OTL2 in step 2
  • The content of OTListIt.txt in step 3.
  • The content of the report from MBAM in step 5.
  • Information on how your computer is running now.

  • 0

#5
Taksam
Posted 19 April 2009 - 07:10 AM

Taksam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello Heir, here are my logs:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
No active process named ViewpointService.exe was found!
No active process named ViewMgr.exe was found!
Service\Driver Viewpoint Manager Service not found.
Service\Driver Viewpoint Manager Service not found.
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe deleted successfully.
========== FILES ==========
C:\Program Files\BearShare Applications\BearShare moved successfully.
C:\Program Files\BearShare Applications moved successfully.
C:\Program Files\BitLord\Torrents moved successfully.
C:\Program Files\BitLord\rules moved successfully.
C:\Program Files\BitLord\lang moved successfully.
C:\Program Files\BitLord\Downloads\[L-E&IDE]_Initial_D_Fourth_Stage_Eps_1-24_[COMPLETE] moved successfully.
C:\Program Files\BitLord\Downloads\RED-024-AVI moved successfully.
C:\Program Files\BitLord\Downloads moved successfully.
C:\Program Files\BitLord moved successfully.
C:\Program Files\LimeWire\.NetworkShare moved successfully.
C:\Program Files\LimeWire moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\AxMetaStream_Win moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint moved successfully.
File/Folder C:\DOCUME~1\Takumi\APPLIC~1\Viewpoint not found.
File/Folder C:\Program Files\Viewpoint not found.
C:\DOCUME~1\Takumi\Incomplete\T-271389-tube hunter keygen [incl keygen by team Black_X].zip moved successfully.
C:\DOCUME~1\Takumi\My Documents\[isoHunt] Slysoft AnyDVD-HD v6.4.1.2 Final & Crack(2).torrent moved successfully.
C:\DOCUME~1\Takumi\My Documents\[isoHunt] Slysoft AnyDVD-HD v6.4.1.2 Final & Crack.torrent moved successfully.
C:\DOCUME~1\Takumi\My Documents\New Folder (2)\AnyDVD & AnyDVD HD 6.4.0.5(NEW-31.03)\AnyDVD & AnyDVD HD 6.4.0.5\Crack moved successfully.
C:\DOCUME~1\Takumi\Shared\AnyDVD v28 Custom Installer v6.1.7.4 Crack.zip moved successfully.
C:\DOCUME~1\Takumi\Shared 2\tube hunter keygen crack.zip moved successfully.
C:\DOCUME~1\Takumi\Shared 2\tube hunter keygen.zip moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Temp\etilqs_dFJaNO38oiIb1Ft2DseU scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Temp\Perflib_Perfdata_164.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\2276 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_69c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04192009_082326

Files moved on Reboot...
File C:\Documents and Settings\Takumi\Local Settings\Temp\etilqs_dFJaNO38oiIb1Ft2DseU not found!
File C:\Documents and Settings\Takumi\Local Settings\Temp\Perflib_Perfdata_164.dat not found!
File C:\WINDOWS\temp\hsperfdata_SYSTEM\2276 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_69c.dat not found!
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...



OTListIt logfile created on: 4/19/2009 8:34:14 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Takumi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.63% Memory free
2.98 Gb Paging File | 2.42 Gb Available in Paging File | 81.34% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 22.95 Gb Free Space | 17.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDONHEAT
Current User Name: Takumi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/23 19:10:09 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/23 19:10:06 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/04/14 00:04:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/18 05:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/08/02 13:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
PRC - [2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/04/14 00:04:01 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2007/04/09 12:32:32 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008/04/24 13:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/08/21 11:16:56 | 00,267,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/05/01 07:38:00 | 00,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/09 01:15:10 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/10/15 02:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2008/12/22 15:59:20 | 00,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
PRC - [2008/10/31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008/10/31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/07/22 03:00:10 | 00,081,920 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2009/04/14 00:04:03 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/02/22 21:06:12 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/09 01:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/10/31 07:24:26 | 01,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/03 10:08:41 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/18 18:25:26 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Takumi\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2008/10/23 19:10:09 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/23 19:10:06 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/04/14 00:04:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/04/18 05:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/09 01:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2007/08/02 13:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc [Auto | Running])
SRV - [2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2008/03/06 16:19:44 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2008/03/06 16:19:40 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2008/03/06 16:19:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2008/10/31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher [Auto | Running])
SRV - [2008/10/31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4 [Auto | Running])
SRV - [2008/04/24 13:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2 [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/07/26 05:03:22 | 03,644,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 02:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [1997/12/22 21:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/11/25 19:04:57 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007/04/18 08:59:40 | 00,098,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL [On_Demand | Running])
DRV - [2007/04/12 08:10:26 | 00,164,608 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped])
DRV - [2007/04/10 04:19:30 | 00,511,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2007/04/10 04:20:38 | 00,520,488 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2007/04/12 08:10:16 | 00,546,048 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL [On_Demand | Running])
DRV - [2007/04/10 04:21:06 | 00,347,128 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2007/04/12 08:10:18 | 00,168,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 08:10:20 | 00,280,320 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 08:10:22 | 00,128,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped])
DRV - [2007/04/12 08:10:22 | 00,323,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped])
DRV - [2007/04/12 08:10:20 | 00,094,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 08:10:24 | 01,317,632 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 08:10:26 | 00,066,816 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped])
DRV - [2007/04/10 04:25:46 | 00,014,632 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2007/04/12 08:10:16 | 00,560,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL [On_Demand | Running])
DRV - [2007/04/10 06:00:24 | 00,157,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2007/04/10 04:28:36 | 00,092,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/04/10 04:29:10 | 00,797,992 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2007/04/10 04:31:18 | 00,163,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2007/04/10 04:32:06 | 00,189,736 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Stopped])
DRV - [2006/04/12 21:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006/04/12 21:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/10/21 18:52:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2008/06/01 03:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (npf [Auto | Running])
DRV - [2008/09/17 23:55:00 | 06,132,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007/04/10 05:59:04 | 00,126,760 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2007/04/10 04:32:34 | 00,016,168 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2008/04/09 01:14:04 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/09 01:14:00 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2001/08/23 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2008/12/02 07:05:34 | 00,118,656 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/10/31 07:09:06 | 00,270,888 | R--- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw [System | Running])
DRV - [2008/06/21 04:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\DRIVERS\sbfwim.sys -- (SBFWIMCL [On_Demand | Running])
DRV - [2008/06/21 04:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips [System | Running])
DRV - [2005/07/14 20:32:28 | 00,040,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\sdcplh.sys -- (sdcplh [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www15.yoog.co.../search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: filtersetg@updater:0.3.1.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://www15.yoog.co.../search.php?q="

FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www15.yoog.co.../search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www15.yoog.co.../search.php?q="
FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/14 00:04:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/17 17:20:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/19 08:21:04 | 00,000,000 | ---D | M]

[2008/08/27 00:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Extensions
[2008/08/27 00:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/19 08:30:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions
[2009/04/15 17:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/12/23 08:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\filtersetg@updater
[2008/12/05 08:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\[email protected]
[2009/01/01 17:18:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\[email protected]
[2009/01/01 17:18:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Takumi\Application Data\mozilla\Firefox\Profiles\ic13sxoy.default\extensions\[email protected]
[2009/04/14 13:49:47 | 00,000,247 | ---- | M] () -- C:\Documents and Settings\Takumi\Application Data\Mozilla\FireFox\Profiles\ic13sxoy.default\searchplugins\Yoog Search.xml
[2009/04/19 08:30:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/03 10:08:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/14 00:04:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/03 10:08:40 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/03 10:08:40 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/05 11:19:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/05 11:19:01 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/05 11:19:01 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/05 11:19:01 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/05 11:19:01 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/05 11:19:01 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/05 11:19:01 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [LifeChat] "c:\Program Files\Microsoft LifeChat\LifeChat.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun (Microsoft Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....015/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1134503868311 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15021/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/08 01:57:49 | 00,000,000 | ---D | M] - C:\AutoEquip -- [ NTFS ]
O32 - AutoRun File - [2005/12/13 15:28:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/19 08:23:26 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/18 18:35:49 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/18 18:32:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/18 18:31:34 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Takumi\Desktop\NTREGOPT.lnk
[2009/04/18 18:31:34 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Takumi\Desktop\ERUNT.lnk
[2009/04/18 18:31:34 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/18 18:25:26 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Takumi\Desktop\OTListIt2.exe
[2009/04/18 18:25:13 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Takumi\Desktop\Rooter.exe
[2009/04/18 18:23:59 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Takumi\Desktop\erunt_setup.exe
[2009/04/18 18:23:51 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Takumi\Desktop\SysRestorePoint.exe
[2009/04/18 18:20:27 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/18 18:19:55 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Takumi\Desktop\LopSD.exe
[2009/04/18 03:29:51 | 00,048,590 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\untitled(2)
[2009/04/18 03:28:53 | 00,040,534 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\untitled
[2009/04/16 16:26:26 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 16:26:26 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 16:26:26 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 16:26:26 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 16:26:26 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 16:26:25 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 16:26:25 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 16:26:25 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 16:26:25 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 16:25:17 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 16:25:15 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 16:25:14 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 18:02:46 | 00,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/04/14 17:51:00 | 00,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2009/04/14 17:51:00 | 00,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2009/04/14 17:10:24 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009/04/14 17:08:31 | 06,000,608 | ---- | C] (Sunbelt Software ) -- C:\Documents and Settings\Takumi\My Documents\sunbelt-personal-firewall.exe
[2009/04/14 13:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/14 13:45:58 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/14 13:45:53 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/14 13:45:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Takumi\Application Data\SUPERAntiSpyware.com
[2009/04/14 13:45:04 | 06,237,728 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\SUPERAntiSpyware.exe
[2009/04/14 12:29:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Takumi\Application Data\Malwarebytes
[2009/04/14 12:29:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/14 12:29:39 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/14 12:29:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/14 12:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/14 12:29:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/14 12:26:08 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Takumi\My Documents\mbam-setup.exe
[2009/04/14 08:11:15 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Takumi\Desktop\HijackThis.lnk
[2009/04/14 08:11:15 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/14 08:10:18 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Takumi\My Documents\HJTInstall.exe
[2009/04/13 23:29:05 | 00,085,665 | ---- | C] () -- C:\WINDOWS\System32\905c76cb-a1ef-c887-c315-96e0a1412a20.exe
[2009/04/13 23:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009/04/13 23:16:02 | 08,453,554 | ---- | C] (Neoretix Laboratory ) -- C:\Documents and Settings\Takumi\My Documents\setup_3_wcap.exe
[2009/03/31 15:51:03 | 02,348,416 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\FixDwndp.exe
[2009/03/28 00:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/28 00:13:28 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/28 00:13:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/28 00:10:18 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/28 00:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/26 20:29:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Takumi\Application Data\vlc
[2009/03/26 20:28:15 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/03/26 20:23:40 | 16,320,472 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\vlc-0.9.8a-win32.exe
[2009/03/26 20:01:31 | 00,170,712 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\CoreAAC-1.2.0.575rev3.zip
[2009/03/26 19:58:49 | 00,021,764 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2009/03/26 19:58:38 | 00,223,171 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\CoreAAC-1.2.0.573.exe
[2009/03/26 19:52:28 | 03,168,382 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\SopCast.zip
[2009/03/24 07:45:23 | 11,041,561 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\01_-_under_star.mp3
[2009/03/24 07:43:41 | 14,972,1154 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\Hajime No Ippo Ost 1 - First KO.zip
[2009/03/23 21:22:19 | 10,306,354 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\Gundam 00 S2 - Trust You.mp3
[2009/03/23 21:07:41 | 16,343,2733 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\[Nipponsei] Gundam 00 Original Soundtrack 02.zip
[2009/03/23 20:59:15 | 11,780,2039 | ---- | C] () -- C:\Documents and Settings\Takumi\My Documents\[Nipponsei] Gundam 00 Original Soundtrack 01.zip
[2009/03/21 10:06:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2008/11/09 16:47:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/01 03:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/25 18:50:08 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/06/15 19:56:23 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/04/12 08:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 00,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/08/28 18:56:21 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/09 20:58:36 | 00,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2006/05/19 16:18:15 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/01/20 20:43:41 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/10 19:37:27 | 00,050,372 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/01/10 19:37:27 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/13 15:55:10 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/11/11 14:47:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/11 14:47:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/11 14:47:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/11 14:47:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/11/11 14:47:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/11 14:47:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/29 20:00:42 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/08/29 19:56:58 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/06/16 19:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/01/30 09:37:50 | 00,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/03/21 18:56:12 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2002/10/06 14:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/03/01 14:43:34 | 00,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
[2001/12/03 16:50:58 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 00,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2001/08/23 08:00:00 | 00,000,684 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/07/07 06:49:30 | 00,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 16:28:12 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 00,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/19 08:30:32 | 00,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/19 08:30:22 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/04/19 08:29:04 | 00,193,389 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/19 08:28:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/19 08:28:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/19 08:27:21 | 00,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/19 08:27:21 | 00,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/19 08:27:21 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/19 08:27:21 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/19 08:27:21 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000004-00001102-00000004-20021102}.rfx
[2009/04/19 08:26:42 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000004-20021102}.CDF
[2009/04/19 08:26:42 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000004-20021102}.BAK
[2009/04/18 18:31:34 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Takumi\Desktop\NTREGOPT.lnk
[2009/04/18 18:31:34 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Takumi\Desktop\ERUNT.lnk
[2009/04/18 18:25:26 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Takumi\Desktop\OTListIt2.exe
[2009/04/18 18:25:14 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Takumi\Desktop\Rooter.exe
[2009/04/18 18:24:02 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Takumi\Desktop\erunt_setup.exe
[2009/04/18 18:23:52 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Takumi\Desktop\SysRestorePoint.exe
[2009/04/18 18:19:56 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Takumi\Desktop\LopSD.exe
[2009/04/18 03:29:51 | 00,048,590 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\untitled(2)
[2009/04/18 03:28:53 | 00,040,534 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\untitled
[2009/04/17 21:52:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/17 17:18:29 | 00,522,706 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/17 17:18:29 | 00,441,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 17:18:29 | 00,071,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 23:40:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 18:02:46 | 00,000,264 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2009/04/14 17:21:05 | 00,000,684 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/14 17:21:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/14 17:21:05 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/14 17:13:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/04/14 17:09:33 | 06,000,608 | ---- | M] (Sunbelt Software ) -- C:\Documents and Settings\Takumi\My Documents\sunbelt-personal-firewall.exe
[2009/04/14 16:38:10 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Takumi\Local Settings\Application Data\IconCache.db
[2009/04/14 16:35:41 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/14 13:45:58 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/14 13:45:24 | 06,237,728 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\SUPERAntiSpyware.exe
[2009/04/14 12:29:39 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/14 12:26:14 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Takumi\My Documents\mbam-setup.exe
[2009/04/14 08:11:15 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Takumi\Desktop\HijackThis.lnk
[2009/04/14 08:10:18 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Takumi\My Documents\HJTInstall.exe
[2009/04/13 23:29:05 | 00,085,665 | ---- | M] () -- C:\WINDOWS\System32\905c76cb-a1ef-c887-c315-96e0a1412a20.exe
[2009/04/13 23:16:26 | 08,453,554 | ---- | M] (Neoretix Laboratory ) -- C:\Documents and Settings\Takumi\My Documents\setup_3_wcap.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 19:46:06 | 00,113,664 | ---- | M] () -- C:\Documents and Settings\Takumi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/05 19:39:08 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/31 15:51:09 | 02,348,416 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\FixDwndp.exe
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/26 20:27:46 | 16,320,472 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\vlc-0.9.8a-win32.exe
[2009/03/26 20:22:04 | 00,042,560 | ---- | M] () -- C:\Documents and Settings\Takumi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/26 20:01:48 | 00,021,764 | ---- | M] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2009/03/26 20:01:31 | 00,170,712 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\CoreAAC-1.2.0.575rev3.zip
[2009/03/26 19:58:44 | 00,223,171 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\CoreAAC-1.2.0.573.exe
[2009/03/26 19:53:16 | 03,168,382 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\SopCast.zip
[2009/03/24 07:54:57 | 14,972,1154 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\Hajime No Ippo Ost 1 - First KO.zip
[2009/03/24 07:46:36 | 11,041,561 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\01_-_under_star.mp3
[2009/03/23 21:23:08 | 10,306,354 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\Gundam 00 S2 - Trust You.mp3
[2009/03/23 21:21:00 | 16,343,2733 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\[Nipponsei] Gundam 00 Original Soundtrack 02.zip
[2009/03/23 21:06:37 | 11,780,2039 | ---- | M] () -- C:\Documents and Settings\Takumi\My Documents\[Nipponsei] Gundam 00 Original Soundtrack 01.zip
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Takumi\My Documents\picresized_1221551636_Young.jpg:_SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Takumi\My Documents\Omega.mp3:Roxio EMC Stream
< End of report >

Malwarebytes' Anti-Malware 1.36
Database version: 2009
Windows 5.1.2600 Service Pack 3

4/19/2009 9:04:58 AM
mbam-log-2009-04-19 (09-04-58).txt

Scan type: Quick Scan
Objects scanned: 76580
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





As for how my computer is running now, it seems to be running about the same honestly. Perhaps it loads a little quicker but things like how quickly it navigates pages in firefox are the same.
  • 0

#6
heir
Posted 19 April 2009 - 07:44 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

As for how my computer is running now, it seems to be running about the same honestly. Perhaps it loads a little quicker but things like how quickly it navigates pages in firefox are the same.

What about this

Avira constantly pops up the detection boxes and simply will not delete it.

Are they gone?

As for the slow navigation it can be due to that temporary files has been removed and needs to be loaded again.

Let's run yet an other scanner in case there is something hiding in there.

Step 1.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Step 2.
Things I would like to see in your reply:

  • Which P2P softwares did you uninstall in step 1 in my previous post.
  • The content of the report from Kaspersky Online Scanner from Step 1.

  • 0

#7
Taksam
Posted 19 April 2009 - 10:21 AM

Taksam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello Heir,

I have removed all the programs you listed before including Frostwire and Bitcomet. As for the Avira warning box, yes it stopped popping up. My apologies for not stating so earlier. I have the results of the scans from Kaspersky.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, April 19, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, April 19, 2009 16:04:41
Records in database: 2060744
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 63188
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:43:04


File name / Threat name / Threats count
C:\Documents and Settings\Takumi\Shared 2\closer to love.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Takumi\Shared 2\fly song of liberation 2009.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

The selected area was scanned.


Seems like were making progress :).
  • 0

#8
heir
Posted 19 April 2009 - 10:45 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

I have removed all the programs you listed before including Frostwire and Bitcomet. As for the Avira warning box, yes it stopped popping up. My apologies for not stating so earlier.

No worries we are humans, we can and are allowed to forget. :)

Seems like were making progress :)

We certainly are. Almost there.

Let's remove stuff then

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:Files
C:\Documents and Settings\Takumi\Shared 2\closer to love.mp3
C:\Documents and Settings\Takumi\Shared 2\fly song of liberation 2009.mp3
C:\Program Files\BitComet
C:\Program Files\FrostWire
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

  • 0

#9
Taksam
Posted 19 April 2009 - 10:53 AM

Taksam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The log as requested:


========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Documents and Settings\Takumi\Shared 2\closer to love.mp3 moved successfully.
C:\Documents and Settings\Takumi\Shared 2\fly song of liberation 2009.mp3 moved successfully.
C:\Program Files\BitComet\torrents moved successfully.
C:\Program Files\BitComet\tmp moved successfully.
C:\Program Files\BitComet\share moved successfully.
C:\Program Files\BitComet\rules moved successfully.
C:\Program Files\BitComet moved successfully.
C:\Program Files\FrostWire moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Temp\etilqs_SvPnS0Q6LQ3QyUsvJJcQ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\2848 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_694.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04192009_124734

Files moved on Reboot...
File C:\Documents and Settings\Takumi\Local Settings\Temp\etilqs_SvPnS0Q6LQ3QyUsvJJcQ not found!
C:\Documents and Settings\Takumi\Local Settings\Temp\hpodvd09.log moved successfully.
File C:\WINDOWS\temp\hsperfdata_SYSTEM\2848 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_694.dat not found!
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Takumi\Local Settings\Application Data\Mozilla\Firefox\Profiles\ic13sxoy.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...
  • 0

#10
heir
Posted 19 April 2009 - 11:37 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hey there, Taksam !

OK! Well done, your log is clean again! :)

Time for some housekeeping.

Step 1.
Clean up:

First:
We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Double-click OTListIt2.exe to start it.
Click the Clean up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTListIt2 Clean Up.


Second:
Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
System Restore will now be active again.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,


Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!
  • 0

#11
Taksam
Posted 19 April 2009 - 12:13 PM

Taksam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much Heir for all your help! It was an eye opener to see where viruses lurked in my computer. I will be sure to do monthly scans. Thanks again and have a great day! :)
  • 0

#12
heir
Posted 23 April 2009 - 12:41 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP