Malware problem: Crashes DOS, Blocks Microsoft/Kaspersky/norton etc

Solved
By mylonite
Oct 10, 2010
Topic Status:
Not open for further replies.
  1. Hi all having an annoying problem with a laptop currently in my possession. I believe it's malware.

    The problems I am facing are:

    Crashes DOS
    Blocks various websites such as microsoft, kaspersly and every other antivirus website I can think of.

    So far I have run in this order:
    Malwarebytes (This crashes upon the final minutes of a full scan (within the system32 folder, always in the same place whether in safe mode, or not. I have quick scanned the folder and it crashes the program everytime)
    HitManPro35 (This picked up a .dll file and got rid of it)
    TDSS Killer (This picks up no threats)

    When I get back home I'm going to run windows-kb890830-v3.11.exe
    (Microsoft® Windows® Malicious Software Removal Tool (KB890830) )

    I am open to any suggestions if you care to lend a hand.

    Thanks very much :)

    warmest regards
  2. Broni

    Broni Malware Annihilator Posts: 45,175   +242

  3. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    Hi Broni thanks for your help. After a lengthy GMER scan (3 hours) I have what you asked for in Preliminary Removal Instructions.

    Not sure if this is correct but I have added a second scan using GMER, this is because the first log it prompted me with was very short and I though it may be no use. I hope it's ok to post both.

    GMER.log

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-10-11 17:25:21
    Windows 5.1.2600 Service Pack 3
    Running: y4jmd1yj.exe; Driver: C:\DOCUME~1\YUKIKO\LOCALS~1\Temp\awlcipog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA885650A]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA885632E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA8856468]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/ALWIL Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] adzirvbgb <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
  4. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    GMER 2.log

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-11 20:32:14
    Windows 5.1.2600 Service Pack 3
    Running: y4jmd1yj.exe; Driver: C:\DOCUME~1\YUKIKO\LOCALS~1\Temp\awlcipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA92D2C08]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA92D2AC4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA92D3078]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA92D2FA2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA92D269A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA92D2B9E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA92D25DA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA92D263E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA92D2CBE]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA92D3146]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA92D2C7E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA92D2DFE]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002
    IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys
    Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys
    Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sdcplh.sys

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] adzirvbgb <-- ROOTKIT !!!
  5. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    CONTINUED

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft TV/\x30d3\x30c7\x30aa接続 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@RAS 非同期\x30a2\x30c0\x30d7\x30bf 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xff910\xff710\xff830\xff880 \0\xff790\xff710\xff780\x30fb\x30fb\x30fb \0\xff9f0\xff8b0\xff9d0\x30fb\xff880\0\0\0 1?2?3?4?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (L2TP) 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPTP) 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPPOE) 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xe326\xff65c\xff910\x30fb\x30fb\x30fb\0\0\0 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IP) 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@1394 \x30cd\x30c3\x30c8 \x30a2\x30c0\x30d7\x30bf 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IPX) 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Services\adzirvbgb@DisplayName Helper Installer
    Reg HKLM\SYSTEM\CurrentControlSet\Services\adzirvbgb@Type 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\adzirvbgb@Start 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\adzirvbgb@ErrorControl 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\adzirvbgb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\adzirvbgb@ObjectName LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\adzirvbgb@Description ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\Services\adzirvbgb\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\adzirvbgb\Parameters@ServiceDll C:\WINDOWS\system32\mzales.dll
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft TV/\x30d3\x30c7\x30aa接続 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@RAS 非同期\x30a2\x30c0\x30d7\x30bf 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xff910\xff710\xff830\xff880 \0\xff790\xff710\xff780\x30fb\x30fb\x30fb \0\xff9f0\xff8b0\xff9d0\x30fb\xff880\0\0\0 1?2?3?4?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (L2TP) 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPTP) 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPPOE) 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\xe326\xff65c\xff910\x30fb\x30fb\x30fb\0\0\0 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IP) 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@1394 \x30cd\x30c3\x30c8 \x30a2\x30c0\x30d7\x30bf 1?
    Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IPX) 1?
    Reg HKLM\SYSTEM\ControlSet003\Services\adzirvbgb@DisplayName Helper Installer
    Reg HKLM\SYSTEM\ControlSet003\Services\adzirvbgb@Type 32
    Reg HKLM\SYSTEM\ControlSet003\Services\adzirvbgb@Start 2
    Reg HKLM\SYSTEM\ControlSet003\Services\adzirvbgb@ErrorControl 0
    Reg HKLM\SYSTEM\ControlSet003\Services\adzirvbgb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet003\Services\adzirvbgb@ObjectName LocalSystem
    Reg HKLM\SYSTEM\ControlSet003\Services\adzirvbgb@Description ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet003\Services\adzirvbgb\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\adzirvbgb\Parameters@ServiceDll C:\WINDOWS\system32\mzales.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\自宅名刺\x30ec\x30a4\x30a2\x30a6\x30c802.icd 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\会社名刺\x30ec\x30a4\x30a2\x30a6\x30c803.icd 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\会社名刺\x30ec\x30a4\x30a2\x30a6\x30c802.icd 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\会社名刺\x30ec\x30a4\x30a2\x30a6\x30c801.icd 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\自宅名刺\x30ec\x30a4\x30a2\x30a6\x30c801.icd 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\自宅名刺\x30ec\x30a4\x30a2\x30a6\x30c801.gif 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\会社名刺\x30ec\x30a4\x30a2\x30a6\x30c804.icd 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\会社名刺\x30ec\x30a4\x30a2\x30a6\x30c801.gif 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\会社名刺\x30ec\x30a4\x30a2\x30a6\x30c802.gif 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\自宅名刺\x30ec\x30a4\x30a2\x30a6\x30c802.gif 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\会社名刺\x30ec\x30a4\x30a2\x30a6\x30c803.gif 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\自宅名刺\x30ec\x30a4\x30a2\x30a6\x30c803.icd 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\自宅名刺\x30ec\x30a4\x30a2\x30a6\x30c803.gif 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\自宅名刺\x30ec\x30a4\x30a2\x30a6\x30c804.icd 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\自宅名刺\x30ec\x30a4\x30a2\x30a6\x30c804.gif 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Microsoft Office\InterConnect Lite\My Designs\Template\会社名刺\x30ec\x30a4\x30a2\x30a6\x30c804.gif 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-\xf8f33\xf8f3 \0\16f\35g 49280
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-\xf8f33\xf8f3 \0000\xf8f3\16f\35g 16512
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-\xf8f33\xf8f3 \0\xff740\xff770\xff830\xff6f0 32896
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-\xf8f33\xf8f3 \0000\xf8f3\xff740\xff770\xff830\xff6f0 128
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@@MS \x30b4\x30b7\x30c3\x30af 41088
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@@MS P\x30b4\x30b7\x30c3\x30af 8320

    ---- EOF - GMER 1.0.15 ----
  6. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    DDS.txt


    DDS (Ver_10-10-10.03) - NTFSx86
    Run by YUKIKO at 20:32:41.03 on 2010/10/11
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1041.18.502.110 [GMT 11:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\JUSTSYSTEM\PersonalShelter\TxVDrvSvc.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ICO.EXE
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Sony\SetGamma\SetGamma.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\YUKIKO\デスクトップ\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.yahoo.co.jp/
    uDefault_Page_URL = hxxp://www.yahoo.co.jp/
    uWindow Title = Windows Internet Explorer の提供元: Yahoo! JAPAN
    mSearch Page =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxy.une.edu.au:8080
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: かんたん登録2: {0dd41ae7-6196-42e7-bde5-4f393997449e} - c:\progra~1\justsy~1\simple~1\AtInBnd.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo!ツールバーフィッシング警告: {1f68e72c-50e5-44b8-8f56-6a54d3af1da4} - c:\program files\yahoo!j\toolbar\7_2_0_5\modules\ypho.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: FeliCaブラウザエクステンション: {ec5d2125-d8ab-4a18-a599-d97d2731de19} - c:\program files\sony\felicabrowserextension\fbe.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\6.0.472.63\npchrome_frame.dll
    BHO: Yahoo!ツールバーヘルパー: {eeba90e6-2b14-413f-9bf8-61a8bdf92258} - c:\program files\yahoo!j\toolbar\7_2_0_5\modules\YahooToolBar.dll
    TB: かんたん登録2 ツールバー: {833cfe4e-05bd-43a3-97a7-a4e80d742f0f} - c:\progra~1\justsy~1\simple~1\AtInBnd.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: Yahoo!ツールバー: {aef44653-c059-42cb-a5b7-41c640da4a67} - c:\program files\yahoo!j\toolbar\7_2_0_5\modules\YahooToolBar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: &Yahoo!ツールバー: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Mouse Suite 98 Daemon] ICO.EXE
    mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
    mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [SetGamma] c:\program files\sony\setgamma\SetGamma.exe
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album mini\3.0\apps\apdproxy.exe"
    mRun: [VAIO Update 5] "c:\program files\sony\vaio update 5\VAIOUpdt.exe" /Stationary
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    dRun: [ctfmon.exe] ctfmon.exe
    IE: Google サイドウィキ... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - c:\progra~1\yahoo!j\messen~1\YPagerj.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\6.0.472.63\npchrome_frame.dll
    Handler: msjwwdat - {BAAB02DC-913E-40aa-B9ED-8068DEE42CFA} - c:\program files\microsoft office\home style\jww\JWWData.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\yukiko\applic~1\mozilla\firefox\profiles\ereofzvx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\yukiko\application data\mozilla\firefox\profiles\ereofzvx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\ytoolbar.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-11 162768]
    R1 TxVDrv;TxVDrv;c:\windows\system32\drivers\TxVDrv.sys [2005-10-13 22272]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-11 19024]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-11 40384]
    R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-7-11 1251720]
    R2 TxVDrvSvc;TXVDrv Service;c:\program files\justsystem\personalshelter\TxVDrvSvc.exe [2005-10-13 45056]
    R3 Sonyddpu;Sony FeliCa Reader/Writer;c:\windows\system32\drivers\Sonyddpu.sys [2006-7-10 49664]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-10 30080]
    S2 adzirvbgb;Helper Installer;c:\windows\system32\svchost.exe -k netsvcs [2006-7-10 14336]
    S2 gupdate1c9f282e893c17c;Google アップデート サービス (gupdate1c9f282e893c17c);c:\program files\google\update\GoogleUpdate.exe [2009-6-22 133104]
    S3 1c8be513-c822-4292-85e3-ffd0e13e4b16;1c8be513-c822-4292-85e3-ffd0e13e4b16;\??\f:\cds300\cds300.dll --> f:\cds300\cds300.dll [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-11 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-11 40384]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-7-10 16194]
    S3 BeService;Smart Network Service;c:\program files\sony\smart network\BeService.exe [2005-10-13 77824]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-11 38224]
    S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [2010-8-23 103552]
    S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-1-17 722288]

    =============== Created Last 30 ================

    2010-10-11 06:04:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-10-10 23:17:16 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2010-10-10 22:57:23 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-10-10 22:57:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2010-10-10 22:57:11 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-10-10 13:37:41 -------- d-----w- c:\docume~1\yukiko\applic~1\Malwarebytes
    2010-10-10 13:37:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-10 13:37:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-10 13:37:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-10 13:37:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-10 02:30:42 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-10-08 08:28:57 417792 ----a-w- c:\program files\windows media player\plugins\wmp_scrobbler.dll
    2010-10-08 08:28:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Last.fm
    2010-10-08 08:26:46 -------- d-----w- c:\docume~1\yukiko\locals~1\applic~1\Last.fm
    2010-10-08 08:26:16 -------- d-----w- c:\program files\Last.fm
    2010-10-04 03:13:57 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-10-04 03:09:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-10-04 03:09:41 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-04 03:09:41 423656 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-10-01 06:03:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-10-01 06:03:25 -------- d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================


    ============= FINISH: 20:34:00.20 ===============
  7. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    Attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2006/09/17 17:36:46
    System Uptime: 2010/10/11 17:38:26 (3 hours ago)

    Motherboard: Sony Corporation | | Q-Project
    Processor: Intel(R) Celeron(R) M processor 1.60GHz | N/A | 1595/100mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 6.963 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 10.432 GiB free.
    E: is CDROM ()
    G: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81F1104D&REV_10\4&AD1B67F&0&40F0
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81F1104D&REV_10\4&AD1B67F&0&40F0
    Service: RTL8023xp

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 ネット アダプタ
    Device ID: V1394\NIC1394\22C245E8004603
    Manufacturer: Microsoft
    Name: 1394 ネット アダプタ
    PNP Device ID: V1394\NIC1394\22C245E8004603
    Service: NIC1394

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: LAN-Express AS IEEE 802.11g miniPCI Adapter
    Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_04061468&REV_01\4&AD1B67F&0&50F0
    Manufacturer: LAN-Express
    Name: LAN-Express AS IEEE 802.11g miniPCI Adapter
    PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_04061468&REV_01\4&AD1B67F&0&50F0
    Service: LEX_AS_NIC_SERVICE_YNOS

    Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ROOT\SCSIADAPTER\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\SCSIADAPTER\0000
    Service:

    ==== System Restore Points ===================

    RP1: 2010/09/14 20:30:02 - システム チェックポイント
    RP2: 2010/09/21 18:11:49 - システム チェックポイント
    RP3: 2010/09/22 20:21:33 - システム チェックポイント
    RP4: 2010/09/24 0:07:53 - システム チェックポイント
    RP5: 2010/10/01 12:54:29 - システム チェックポイント
    RP6: 2010/10/01 16:02:20 - 復元操作
    RP7: 2010/10/02 18:44:30 - システム チェックポイント
    RP8: 2010/10/03 21:52:30 - システム チェックポイント
    RP9: 2010/10/04 14:08:50 - Java(TM) 6 Update 21 をインストールしました
    RP10: 2010/10/04 14:13:56 - Installed System Requirements Lab for Intel
    RP11: 2010/10/05 18:32:30 - システム チェックポイント
    RP12: 2010/10/06 21:09:32 - システム チェックポイント
    RP13: 2010/10/07 21:16:31 - システム チェックポイント
    RP14: 2010/10/09 0:03:45 - システム チェックポイント
    RP15: 2010/10/10 13:04:59 - 削除済み SonicStage
    RP16: 2010/10/10 13:05:28 - Installed Music Server Controller
    RP17: 2010/10/10 13:05:58 - Installed OpenMG Secure Module
    RP18: 2010/10/10 13:07:46 - インストール済み SonicStage
    RP19: 2010/10/10 13:09:16 - インストール済み SonicStage Add-on
    RP20: 2010/10/11 14:54:15 - システム チェックポイント
    RP21: 2010/10/11 17:04:00 - avast! Free Antivirus Setup

    ==== Installed Programs ======================


    「時事通信社・家庭の医学」「血液サラサラ健康事典」
    AC3 Encoder / Decoder
    Adobe Download Manager 2.2 (削除のみ)
    Adobe Flash Player 10 Plugin
    Adobe Reader 9 - Japanese
    Adobe(R) Photoshop(R) Album Mini 3.0
    Amazon MP3 Downloader 1.0.0+6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATLAS 翻訳パーソナル 2006 LE
    avast! Free Antivirus
    Bonjour
    CD Burning 4
    Click to DVD 2.0.03 Menu Data
    Click to DVD 2.5.30
    Do VAIO
    Do VAIO バックアップツール
    DVgate Plus
    Edy Viewer
    FeliCaブラウザエクステンション
    Google Chrome
    Google Chrome フレーム
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google アップデータ
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    HD革命/BackUp (バンドル版)
    High Definition Audio Driver Package - KB835221
    Hitman Pro 3.5
    Hotfix for Windows Media Format 11 SDK (KB929399)
    i-フィルター 4
    IFL
    Image Converter 2 Plus
    Intel(R) Graphics Media Accelerator Driver for Mobile
    InterActual Player
    InterVideo WinDVD for VAIO
    InterVideo WinDVDX
    its-moNavi PC
    iTunes
    J2SE Runtime Environment 5.0 Update 7
    Java Auto Updater
    Java(TM) 6 Update 21
    LAN-Express AS IEEE 802.11 Wireless LAN
    Last.fm 1.5.4.24567
    LiveUpdate 3.0 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Malwarebytes' Anti-Malware
    mCore
    mDriver
    Memory Stick Formatter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Japanese Language Pack
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Home Style+
    Microsoft Office Personal Edition 2003
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mMHouse
    Mozilla Firefox (2.0.0.20)
    mPfMgr
    mProSafe
    MSN
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    NoteBurner 2.22
    OCNスタートパック
    OpenMG Secure Module 5.0.00
    PC Suite
    PictureGear Studio 2.0
    QuickTime
    Readiris Pro 10
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Roxio DigitalMedia Audio
    Roxio DigitalMedia Copy
    Roxio DigitalMedia Data
    Safari
    Security Update for CAPICOM (KB931906)
    Setting Utility Series
    SFCard Viewer 2
    Skype Toolbar for Outlook Express
    Skype Toolbars
    Skype? 4.2
    Smart Network Ver. 2.2.02
    So-net簡単スターターV2.3
    SonicStage 4.4
    SonicStage Mastering Studio 2.2
    SonicStage Mastering Studio オーディオフィルタ機能
    SonicStage Mastering Studio オーディオフィルタ機能 カスタムプリセット
    SonicStage Mastering Studio プラグイン
    Sony FeliCa リーダー/ライター ソフトウェア
    Sony MP4 Shared Library
    Sony USB Mouse
    Sony Utilities DLL
    Sony Video Shared Library
    Step by Step Interactive Training 用セキュリティ更新プログラム (KB898458)
    Step by Step Interactive Training 用セキュリティ更新プログラム (KB923723)
    Symantec KB-DocID:2003093015493306
    System Requirements Lab for Intel
    VAIO Aqua Breeze Wallpaper
    VAIO CameraVJ Screen Saver
    VAIO Cozy Orange Wallpaper
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Guide
    VAIO Guide Movie Components
    VAIO Hardware Diagnostics
    VAIO Launcher
    VAIO Long Battery Life Wallpaper
    VAIO Media (再配布) 5.0
    VAIO Media 5.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Integrated Server 5.0
    VAIO Media Registration Tool 5.0
    VAIO Original Screen Saver
    VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
    VAIO Photo Fall WIDE
    VAIO Tender Green Wallpaper
    VAIO Update
    VAIO オンラインカスタマー登録
    VAIO カメラユーティリティ
    VAIO 省電力設定
    VideoLAN VLC media player 0.8.6e
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 7 セキュリティ更新 (KB938127)
    Windows Internet Explorer 7 セキュリティ更新 (KB950759)
    Windows Internet Explorer 7 セキュリティ更新 (KB956390)
    Windows Internet Explorer 7 セキュリティ更新 (KB958215)
    Windows Internet Explorer 7 セキュリティ更新 (KB960714)
    Windows Internet Explorer 7 セキュリティ更新 (KB961260)
    Windows Internet Explorer 7 セキュリティ更新 (KB963027)
    Windows Internet Explorer 7 セキュリティ更新 (KB969897)
    Windows Internet Explorer 8
    Windows Internet Explorer 8 セキュリティ更新 (KB971961)
    Windows Internet Explorer 8 セキュリティ更新 (KB976325)
    Windows Internet Explorer 8 セキュリティ更新 (KB978207)
    Windows Internet Explorer 8 セキュリティ更新 (KB981332)
    Windows Internet Explorer 8 セキュリティ更新 (KB982381)
    Windows Internet Explorer 8 更新 (KB975364)
    Windows Internet Explorer 8 更新 (KB976662)
    Windows Internet Explorer 8 更新 (KB980182)
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar RSS フィード検出 (Windows Live Toolbar)
    Windows Live へのリンク (Windows Live Toolbar)
    Windows Media Format 11 runtime
    Windows Media Player (KB911564) セキュリティ問題の修正プログラム
    Windows Media Player (KB952069) セキュリティ問題の修正プログラム
    Windows Media Player (KB954155) セキュリティ問題の修正プログラム
    Windows Media Player (KB968816) セキュリティ問題の修正プログラム
    Windows Media Player (KB973540) セキュリティ問題の修正プログラム
    Windows Media Player (KB978695) セキュリティ問題の修正プログラム
    Windows Media Player 10 (KB911565) セキュリティ問題の修正プログラム
    Windows Media Player 10 (KB917734) セキュリティ問題の修正プログラム
    Windows Media Player 11
    Windows Media Player 11 (KB936782) セキュリティ問題の修正プログラム
    Windows Media Player 11 (KB939683) ホットフィックス
    Windows Media Player 11 (KB954154) セキュリティ問題の修正プログラム
    Windows Media Player 11 (KB959772) 重要な更新
    Windows Media Player 6.4 (KB925398) セキュリティ問題の修正プログラム
    Windows XP (KB941569) セキュリティ問題の修正プログラム
    Windows XP Service Pack 3
    Windows XP セキュリティ更新 (KB2229593)
    Windows XP セキュリティ更新 (KB2286198)
    Windows XP セキュリティ更新 (KB923561)
    Windows XP セキュリティ更新 (KB938464-v2)
    Windows XP セキュリティ更新 (KB938464)
    Windows XP セキュリティ更新 (KB946648)
    Windows XP セキュリティ更新 (KB950760)
    Windows XP セキュリティ更新 (KB950762)
    Windows XP セキュリティ更新 (KB950974)
    Windows XP セキュリティ更新 (KB951066)
    Windows XP セキュリティ更新 (KB951376-v2)
    Windows XP セキュリティ更新 (KB951698)
    Windows XP セキュリティ更新 (KB951748)
    Windows XP セキュリティ更新 (KB952004)
    Windows XP セキュリティ更新 (KB952954)
    Windows XP セキュリティ更新 (KB954211)
    Windows XP セキュリティ更新 (KB954459)
    Windows XP セキュリティ更新 (KB954600)
    Windows XP セキュリティ更新 (KB955069)
    Windows XP セキュリティ更新 (KB956391)
    Windows XP セキュリティ更新 (KB956572)
    Windows XP セキュリティ更新 (KB956744)
    Windows XP セキュリティ更新 (KB956802)
    Windows XP セキュリティ更新 (KB956803)
    Windows XP セキュリティ更新 (KB956841)
    Windows XP セキュリティ更新 (KB956844)
    Windows XP セキュリティ更新 (KB957095)
    Windows XP セキュリティ更新 (KB957097)
    Windows XP セキュリティ更新 (KB958644)
    Windows XP セキュリティ更新 (KB958687)
    Windows XP セキュリティ更新 (KB958690)
    Windows XP セキュリティ更新 (KB958869)
    Windows XP セキュリティ更新 (KB959426)
    Windows XP セキュリティ更新 (KB960225)
    Windows XP セキュリティ更新 (KB960715)
    Windows XP セキュリティ更新 (KB960803)
    Windows XP セキュリティ更新 (KB960859)
    Windows XP セキュリティ更新 (KB961371-v2)
    Windows XP セキュリティ更新 (KB961371)
    Windows XP セキュリティ更新 (KB961373)
    Windows XP セキュリティ更新 (KB961501)
    Windows XP セキュリティ更新 (KB968537)
    Windows XP セキュリティ更新 (KB969059)
    Windows XP セキュリティ更新 (KB969898)
    Windows XP セキュリティ更新 (KB969947)
    Windows XP セキュリティ更新 (KB970238)
    Windows XP セキュリティ更新 (KB970430)
    Windows XP セキュリティ更新 (KB971468)
    Windows XP セキュリティ更新 (KB971486)
    Windows XP セキュリティ更新 (KB971557)
    Windows XP セキュリティ更新 (KB971633)
    Windows XP セキュリティ更新 (KB971657)
    Windows XP セキュリティ更新 (KB972270)
    Windows XP セキュリティ更新 (KB973346)
    Windows XP セキュリティ更新 (KB973354)
    Windows XP セキュリティ更新 (KB973507)
    Windows XP セキュリティ更新 (KB973525)
    Windows XP セキュリティ更新 (KB973869)
    Windows XP セキュリティ更新 (KB973904)
    Windows XP セキュリティ更新 (KB974112)
    Windows XP セキュリティ更新 (KB974318)
    Windows XP セキュリティ更新 (KB974392)
    Windows XP セキュリティ更新 (KB974571)
    Windows XP セキュリティ更新 (KB975025)
    Windows XP セキュリティ更新 (KB975467)
    Windows XP セキュリティ更新 (KB975560)
    Windows XP セキュリティ更新 (KB975561)
    Windows XP セキュリティ更新 (KB975562)
    Windows XP セキュリティ更新 (KB975713)
    Windows XP セキュリティ更新 (KB977165)
    Windows XP セキュリティ更新 (KB977816)
    Windows XP セキュリティ更新 (KB977914)
    Windows XP セキュリティ更新 (KB978037)
    Windows XP セキュリティ更新 (KB978251)
    Windows XP セキュリティ更新 (KB978262)
    Windows XP セキュリティ更新 (KB978338)
    Windows XP セキュリティ更新 (KB978542)
    Windows XP セキュリティ更新 (KB978601)
    Windows XP セキュリティ更新 (KB978706)
    Windows XP セキュリティ更新 (KB979309)
    Windows XP セキュリティ更新 (KB979482)
    Windows XP セキュリティ更新 (KB979559)
    Windows XP セキュリティ更新 (KB979683)
    Windows XP セキュリティ更新 (KB980195)
    Windows XP セキュリティ更新 (KB980218)
    Windows XP セキュリティ更新 (KB980232)
    Windows XP ホットフィックス (KB952287)
    Windows XP ホットフィックス (KB970653-v3)
    Windows XP ホットフィックス (KB976098-v2)
    Windows XP ホットフィックス (KB979306)
    Windows XP ホットフィックス (KB981793)
    Windows XP 更新 (KB951072-v2)
    Windows XP 更新 (KB951978)
    Windows XP 更新 (KB955759)
    Windows XP 更新 (KB955839)
    Windows XP 更新 (KB967715)
    Windows XP 更新 (KB968389)
    Windows XP 更新 (KB971737)
    Windows XP 更新 (KB973687)
    Windows XP 更新 (KB973815)
    WinRAR archiver
    xrecode II 1.0.0.59
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo!7 Messenger
    Yahoo!かんたんパソコン設定
    Yahoo!ツールバー
    Yahoo!メッセンジャー
    インテル(R) PROSet/Wireless ソフトウェア
    えいご漬け 改訂版(体験版)
    かざしてログオン
    かざそうFeliCa
    かざポン for VAIO
    かんたん登録2
    サンリオ タイニーパークV
    スクリーンセーバーロック2
    スマート メニュー (Windows Live Toolbar)
    タイピング競馬 体験版
    タブ ブラウズ (Windows Live Toolbar)
    ドラネットキッズ入学準備 体験版
    ドラネット小学一年生 体験版
    パーソナルシェルター
    バイオの設定
    バイオ電子マニュアル
    バイオ電子マニュアル データベース
    はじめよう! ワイヤレスLAN
    ホットスポット・ツール
    みんなでTV電話スタータ
    わが家の家計簿
    一太郎ビューア
    駅すぱあと
    学研電子辞典
    静止画色補正
    大富豪Plus5 体験版
    筆ぐるめ Ver.13

    ==== End Of File ===========================


    Hope the Japanese doesn't confuse you too much :)
  8. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Please, do NOT wrap logs in a code.

    You have some Norton's leftovers.
    Please, run Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    =====================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000005c

    Kernel Drivers (total 136):
    0x804D9000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D2000 \WINDOWS\system32\hal.dll
    0xF8A35000 \WINDOWS\system32\KDCOM.DLL
    0xF8945000 \WINDOWS\system32\BOOTVID.dll
    0xF8406000 ACPI.sys
    0xF8A37000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF83F5000 pci.sys
    0xF8535000 isapnp.sys
    0xF8545000 ohci1394.sys
    0xF8555000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF8949000 compbatt.sys
    0xF894D000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF8AFD000 pciide.sys
    0xF87B5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF8A39000 intelide.sys
    0xF83D7000 pcmcia.sys
    0xF8565000 MountMgr.sys
    0xF83B8000 ftdisk.sys
    0xF8951000 ACPIEC.sys
    0xF8AFE000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF87BD000 PartMgr.sys
    0xF8575000 VolSnap.sys
    0xF83A0000 atapi.sys
    0xF8585000 disk.sys
    0xF8595000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF8380000 fltmgr.sys
    0xF836E000 sr.sys
    0xF85A5000 PxHelp20.sys
    0xF8357000 KSecDD.sys
    0xF82CA000 Ntfs.sys
    0xF829D000 NDIS.sys
    0xF8283000 Mup.sys
    0xF8605000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7AF9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF79D4000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF79C0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7998000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF888D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF7974000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF8895000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7961000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
    0xF7943000 \SystemRoot\system32\drivers\tifmsony.sys
    0xF889D000 \SystemRoot\System32\Drivers\SonyNC.sys
    0xF8615000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF88A5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7929000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xF88AD000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8625000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7AF1000 \SystemRoot\system32\drivers\pfc.sys
    0xF8635000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF8645000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7906000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF88B5000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF7AE9000 \SystemRoot\system32\DRIVERS\fsvga.sys
    0xF8BEB000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF8655000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7AE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF78EF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF8665000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF8675000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF88BD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF78DE000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF8685000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF88C5000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF88CD000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF8695000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF8A73000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF7880000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7AD5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF86A5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAA355000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xAA331000 \SystemRoot\system32\drivers\portcls.sys
    0xF86D5000 \SystemRoot\system32\drivers\drmk.sys
    0xAA2FF000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    0xAA20B000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xAA15A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF88D5000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF86E5000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8A77000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF8A79000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8B05000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8A7B000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF88F5000 \SystemRoot\System32\drivers\vga.sys
    0xF8A7D000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8A7F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF88FD000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF8905000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF8A05000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA9467000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA940E000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF86F5000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xA93E6000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF8A11000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xA93C4000 \SystemRoot\System32\drivers\afd.sys
    0xF8705000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF890D000 \SystemRoot\System32\Drivers\TxVDrv.SYS
    0xF8715000 \SystemRoot\System32\drivers\sdcplh.sys
    0xA9371000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9301000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF8725000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA92DB000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF8735000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF8B5A000 \SystemRoot\system32\DRIVERS\DMICall.sys
    0xA928C000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF891D000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xF8745000 \SystemRoot\System32\Drivers\Sonyddpu.sys
    0xA924F000 \SystemRoot\System32\Drivers\usbvm321.sys
    0xF8755000 \SystemRoot\System32\Drivers\STREAM.SYS
    0xF8925000 \SystemRoot\System32\Drivers\USBCAMD2.SYS
    0xF892D000 \SystemRoot\system32\DRIVERS\SonyImgF.sys
    0xF8775000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF7108000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8935000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8B54000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF041000 \SystemRoot\System32\ialmdev5.DLL
    0xBF075000 \SystemRoot\System32\ialmdd5.DLL
    0xA918F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xF87E5000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xA9009000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
    0xA921F000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
    0xA909B000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA9005000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA8DEA000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xA8E81000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
    0xA8C1D000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA8F61000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA8920000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA88B7000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA8810000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA88AB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF87FD000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x7C940000 \WINDOWS\system32\ntdll.dll

    Processes (total 56):
    0 System Idle Process
    4 System
    464 C:\WINDOWS\system32\smss.exe
    512 csrss.exe
    536 C:\WINDOWS\system32\winlogon.exe
    580 C:\WINDOWS\system32\services.exe
    592 C:\WINDOWS\system32\lsass.exe
    744 C:\WINDOWS\system32\svchost.exe
    800 svchost.exe
    868 C:\WINDOWS\system32\svchost.exe
    904 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1152 C:\WINDOWS\explorer.exe
    1236 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1292 svchost.exe
    1376 svchost.exe
    1484 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1880 C:\WINDOWS\system32\spoolsv.exe
    1388 svchost.exe
    1520 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1536 C:\Program Files\Bonjour\mDNSResponder.exe
    1856 C:\WINDOWS\system32\svchost.exe
    1976 C:\Program Files\Java\jre6\bin\jqs.exe
    184 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    628 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    372 C:\WINDOWS\system32\svchost.exe
    1112 C:\Program Files\Justsystem\PersonalShelter\TxVDrvSvc.exe
    1140 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    1280 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    1532 wmpnetwk.exe
    2100 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    2184 igfxext.exe
    2224 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    2232 igfxsrvc.exe
    2724 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    2924 alg.exe
    3104 C:\Program Files\Apoint\Apoint.exe
    3120 C:\WINDOWS\system32\hkcmd.exe
    3196 C:\WINDOWS\system32\igfxpers.exe
    3324 C:\WINDOWS\RTHDCPL.EXE
    3356 C:\WINDOWS\system32\ico.exe
    3384 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    3424 C:\Program Files\Sony\SetGamma\SetGamma.exe
    3472 C:\Program Files\Apoint\ApntEx.exe
    3496 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    3508 C:\WINDOWS\system32\conime.exe
    3512 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    3584 C:\Program Files\iTunes\iTunesHelper.exe
    3596 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3688 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
    3720 C:\WINDOWS\system32\ctfmon.exe
    3752 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4048 C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2808 C:\Program Files\iPod\bin\iPodService.exe
    2680 C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4004 C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3880 C:\Documents and Settings\YUKIKO\

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`a1372600 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`f1dda400 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHV2060BHPL, Rev: 00000029

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!











    Combofix coming
  10. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    MBRCheck log looks good :)
  11. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    That's great news!

    ok here is the combofix log.

    Attached Files:

  12. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Oooops....I got nothing...LOL
  13. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    Should be there now.. I posted without attaching accidentally.

    Thankyou Broni
     
  14. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Are you familiar with this?
    proxy.une.edu.au:8080

    ======================================================================

    Do you use non-English Windows version?

    =======================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Driver::
    adzirvbgb
    1c8be513-c822-4292-85e3-ffd0e13e4b16
    
    NetSvc::
    adzirvbgb
    
    
    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adzirvbgb]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  15. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    Yes proxy.une.edu.au on port 8080 is familiar to this computer, just an old local network that this was once used on. It still remains I guess.

    Yes this computer does not use English as the main language, it's Japanese. I hope this will not hamper anything.

    The log is attached as requested.

    Attached Files:

  16. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    It looks good now :)

    I assume, you don't use that "proxy" anymore?

    How is computer doing at the moment?

    My bed time is coming, so I'll leave you with a "homework" :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    HI there Broni, thanks for your help. It's appreciated.

    No the proxy is not used anymore, not for the last few months anyway,

    The computer is running well, I can now access Kaspersky.com、Microsoft.com, Mcafee.com etc. So it seems you have beat the culprit that bought me here, for now anyway. This computer is well due for a reinstall sometime soon as it hasn't been managed well. Just need to locate the reinstall discs.

    Here is one log:

    OTL Log

    OTL logfile created on: 2010/10/12 17:15:29 - Run 1
    OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\YUKIKO\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

    502.00 Mb Total Physical Memory | 176.00 Mb Available Physical Memory | 35.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 6.66 Gb Free Space | 17.88% Space Free | Partition Type: NTFS
    Drive D: | 12.10 Gb Total Space | 10.42 Gb Free Space | 86.06% Space Free | Partition Type: NTFS

    Computer Name: TOYOMASU | User Name: YUKIKO | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/12 17:06:11 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\YUKIKO\My Documents\Downloads\OTL.exe
    PRC - [2010/09/08 01:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/04/08 10:45:58 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    PRC - [2010/03/13 23:10:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2009/05/26 23:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2008/04/14 13:26:11 | 001,027,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/14 13:26:08 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
    PRC - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2006/06/09 20:49:02 | 000,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    PRC - [2006/04/13 15:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2006/04/04 16:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2005/12/27 15:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    PRC - [2005/12/14 14:00:00 | 000,045,056 | ---- | M] (Texim Corporarion.) -- C:\Program Files\Justsystem\PersonalShelter\TxVDrvSvc.exe
    PRC - [2005/11/28 15:39:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    PRC - [2005/11/28 15:39:30 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2005/08/10 22:24:48 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\SetGamma\SetGamma.exe
    PRC - [2005/08/05 12:56:58 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
    PRC - [2005/06/30 18:50:40 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Mini\3.0\Apps\apdproxy.exe
    PRC - [2004/11/17 22:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2004/08/19 11:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2002/03/14 18:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/12 17:06:11 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\YUKIKO\My Documents\Downloads\OTL.exe
    MOD - [2008/04/14 13:24:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/05/10 15:42:30 | 000,851,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\IMJP9K.DLL
    MOD - [2007/03/22 21:17:42 | 000,482,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\IMJP9.IME
    MOD - [2007/03/22 21:17:28 | 000,106,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\IME\IMJP9\DICTS\IMJPCD.DIC
    MOD - [2007/03/22 21:17:22 | 000,048,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\IME\IMJP9\IMJPSQM.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/04/08 10:45:58 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
    SRV - [2007/12/17 13:21:00 | 000,075,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe -- (SSScsiSV)
    SRV - [2007/12/17 13:20:56 | 000,107,808 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SsBeSvc.exe -- (SonicStage Back-End Service)
    SRV - [2007/11/28 02:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2007/11/28 02:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2007/11/28 01:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2006/06/13 10:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
    SRV - [2006/06/09 22:11:40 | 000,417,792 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
    SRV - [2006/06/09 20:49:02 | 000,143,360 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
    SRV - [2006/06/07 11:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
    SRV - [2006/05/18 12:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
    SRV - [2006/05/18 12:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
    SRV - [2006/04/13 15:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2006/04/04 16:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2005/12/14 14:00:00 | 000,045,056 | ---- | M] (Texim Corporarion.) [Auto | Running] -- C:\Program Files\Justsystem\PersonalShelter\TxVDrvSvc.exe -- (TxVDrvSvc)
    SRV - [2005/11/28 15:39:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
    SRV - [2005/11/28 15:39:30 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2005/11/25 15:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2005/07/14 21:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
    SRV - [2003/07/10 19:45:32 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Smart Network\BeService.exe -- (BeService)
  18. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\YUKIKO\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/08 00:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/08 00:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/08 00:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2009/04/22 17:54:15 | 000,103,552 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qscnusb.sys -- (MobileAdapter)
    DRV - [2008/04/14 05:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) Microsoft UAA バス ドライバ (High Definition Audio 用)
    DRV - [2007/02/28 16:42:00 | 000,080,896 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
    DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006/06/29 21:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Windows XP 用 インテル(R)
    DRV - [2006/05/02 23:46:28 | 000,022,272 | ---- | M] (Texim Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TxVDrv.sys -- (TxVDrv)
    DRV - [2006/03/06 20:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
    DRV - [2005/11/30 13:38:50 | 000,232,448 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
    DRV - [2005/10/18 18:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/10/18 18:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/10/18 18:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/08/09 18:43:46 | 003,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005/06/24 15:11:12 | 000,040,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
    DRV - [2005/03/24 18:26:20 | 000,049,664 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sonyddpu.sys -- (Sonyddpu)
    DRV - [2005/03/04 13:10:00 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
    DRV - [2005/01/04 22:24:44 | 000,394,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
    DRV - [2004/12/06 13:26:06 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2004/11/22 15:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2004/08/05 23:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/05 23:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2004/08/05 23:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
    DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2002/04/11 19:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
    DRV - [2000/12/05 18:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
    DRV - [2000/11/09 21:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.yahoo.co.jp/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.jp/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.une.edu.au:8080

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
    FF - prefs.js..network.proxy.autoconfig_url: "http;//proxy.une.edu.au/proxy"
    FF - prefs.js..network.proxy.ftp: "proxy.une.edu.au"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.gopher: "proxy.une.edu.au"
    FF - prefs.js..network.proxy.gopher_port: 8080
    FF - prefs.js..network.proxy.http: "proxy.une.edu.au"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "proxy.une.edu.au"
    FF - prefs.js..network.proxy.socks_port: 8080
    FF - prefs.js..network.proxy.ssl: "proxy.une.edu.au"
    FF - prefs.js..network.proxy.ssl_port: 8080

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/13 23:12:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/28 18:05:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/09 15:44:43 | 000,000,000 | ---D | M]

    [2010/05/10 21:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\Mozilla\Firefox\Profiles\ereofzvx.default\extensions
    [2008/07/06 00:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\YUKIKO\Application Data\Mozilla\Firefox\Profiles\ereofzvx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/10/04 14:09:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/04/06 12:02:28 | 000,000,000 | ---D | M] (Yahoo!繝・・繝ォ繝舌・) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/10/04 14:09:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2009/03/26 13:33:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
    [2008/04/06 12:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\yahoo-jp@partners.mozilla.com
    [2009/03/26 13:32:23 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
    [2009/03/26 13:32:23 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
    [2009/03/26 13:32:24 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
    [2009/03/26 13:32:32 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
    [2009/03/26 13:32:33 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
    [2010/10/04 14:09:12 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/03/26 13:33:19 | 000,001,989 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-jp.xml
    [2009/03/26 13:33:20 | 000,000,886 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\goo.xml
    [2009/03/26 13:33:20 | 000,002,650 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-jp.xml
    [2009/03/26 13:33:21 | 000,000,827 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\rakuten.xml
    [2009/03/26 13:33:21 | 000,000,907 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp-auctions.xml
    [2009/03/26 13:33:21 | 000,000,820 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp-shopping.xml
    [2009/03/26 13:33:21 | 000,001,017 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp.xml

    O1 HOSTS File: ([2010/10/12 16:16:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (かんたん登録2) - {0DD41AE7-6196-42E7-BDE5-4F393997449E} - C:\Program Files\Justsystem\SimpleAutoInput\AtInBnd.dll (株式会社ジャストシステム)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (FeliCaブラウザエクステンション) - {EC5D2125-D8AB-4a18-A599-D97D2731DE19} - C:\Program Files\Sony\FeliCaBrowserExtension\fbe.dll (Sony Corp.)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (かんたん登録2 ツールバー) - {833CFE4E-05BD-43A3-97A7-A4E80D742F0F} - C:\Program Files\Justsystem\SimpleAutoInput\AtInBnd.dll (株式会社ジャストシステム)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Mini\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
    O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IMJPMIG9.0] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP9\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SetGamma] C:\Program Files\Sony\SetGamma\SetGamma.exe (Sony Corporation)
    O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VAIO Update 5] C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
    O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google サイドウィキ... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\Program Files\Yahoo!J\Messenger\YPagerj.exe (Yahoo! Japan Corporation.)
    O9 - Extra 'Tools' menuitem : Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\Program Files\Yahoo!J\Messenger\YPagerj.exe (Yahoo! Japan Corporation.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O18 - Protocol\Handler\cf - No CLSID value found
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msjwwdat {BAAB02DC-913E-40aa-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  19. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop Components:0 (現在のホーム ページ) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/07/10 16:09:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56871556046913536)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/12 14:56:07 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/10/12 09:43:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/12 09:41:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/12 09:41:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/12 09:41:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/12 09:41:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/12 09:40:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/12 09:40:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/11 17:04:58 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/10/11 17:04:58 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/10/11 17:04:56 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/10/11 17:04:55 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/10/11 17:04:53 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/10/11 17:04:53 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/10/11 17:04:52 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/10/11 17:04:24 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/10/11 17:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/11 17:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/10/11 16:50:17 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\YUKIKO\デスクトップ\TFC.exe
    [2010/10/11 10:17:16 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
    [2010/10/11 09:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/10/11 09:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2010/10/11 00:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\YUKIKO\Application Data\Malwarebytes
    [2010/10/11 00:37:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/11 00:37:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/11 00:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/11 00:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/10 12:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
    [2010/10/10 12:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
    [2010/10/08 19:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Last.fm
    [2010/10/08 19:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Last.fm
    [2010/10/08 19:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
    [2010/10/08 18:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\YUKIKO\My Documents\ITP
    [2010/10/04 14:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
    [2010/10/04 14:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/08/25 18:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\YUKIKO\Application Data\UNBALANCE
    [2010/08/23 11:53:45 | 000,103,552 | R--- | C] (QUALCOMM Incorporated) -- C:\WINDOWS\System32\drivers\qscnusb.sys
    [2010/08/23 11:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Suite
    [2010/07/21 22:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

    ========== Files - Modified Within 90 Days ==========

    [2010/10/12 17:18:58 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BEF629C3-04D1-47E6-907A-43645553FC6E}.job
    [2010/10/12 16:59:00 | 000,000,692 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/12 16:16:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/12 16:15:56 | 000,000,688 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/12 16:15:56 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2665302396-3341232491-1889479886-1008.job
    [2010/10/12 16:15:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/12 16:15:43 | 526,569,472 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/12 15:02:39 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/10/12 14:56:09 | 000,003,058 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/10/12 14:35:16 | 003,877,241 | R--- | M] () -- C:\Documents and Settings\YUKIKO\デスクトップ\ComboFix.exe
    [2010/10/12 09:43:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/12 09:35:04 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\YUKIKO\デスクトップ\MBRCheck.exe
    [2010/10/11 17:36:48 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\YUKIKO\デスクトップ\dds.scr
    [2010/10/11 17:07:12 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\YUKIKO\デスクトップ\y4jmd1yj.exe
    [2010/10/11 16:50:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\YUKIKO\デスクトップ\TFC.exe
    [2010/10/11 10:17:16 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
    [2010/10/10 23:02:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2665302396-3341232491-1889479886-1008.job
    [2010/10/10 21:57:10 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\YUKIKO\My Documents\Microsoft Office Word 2003.lnk
    [2010/10/04 13:56:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/04 13:55:26 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\YUKIKO\My Documents\Default.rdp
    [2010/10/03 16:21:28 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\YUKIKO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/03 12:16:13 | 000,383,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/03 12:16:13 | 000,190,588 | ---- | M] () -- C:\WINDOWS\System32\perfh011.dat
    [2010/10/03 12:16:13 | 000,053,942 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/03 12:16:13 | 000,053,936 | ---- | M] () -- C:\WINDOWS\System32\perfc011.dat
    [2010/09/23 09:46:43 | 003,072,054 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
    [2010/09/08 01:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/09/08 01:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/09/08 00:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/09/08 00:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/09/08 00:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/09/08 00:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/07/15 03:05:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files Created - No Company Name ==========

    [2010/10/12 09:43:36 | 000,000,210 | ---- | C] () -- C:\Boot.bak
    [2010/10/12 09:43:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/12 09:41:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/12 09:41:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/12 09:41:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/12 09:41:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/12 09:41:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/12 09:36:40 | 003,877,241 | R--- | C] () -- C:\Documents and Settings\YUKIKO\デスクトップ\ComboFix.exe
    [2010/10/12 09:36:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\YUKIKO\デスクトップ\MBRCheck.exe
    [2010/10/11 21:07:42 | 007,358,422 | ---- | C] () -- C:\Documents and Settings\YUKIKO\デスクトップ\XirrusWiFiMonitorXPWidget1.1.widget
    [2010/10/11 17:36:47 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\YUKIKO\デスクトップ\dds.scr
    [2010/10/11 17:09:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\YUKIKO\デスクトップ\y4jmd1yj.exe
    [2010/10/11 11:24:38 | 526,569,472 | -HS- | C] () -- C:\hiberfil.sys
    [2010/10/11 09:57:23 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/10/04 13:55:26 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\YUKIKO\My Documents\Default.rdp
    [2010/08/01 23:36:41 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/10 00:23:58 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2008/01/26 23:56:28 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
    [2007/12/28 18:03:22 | 000,000,057 | ---- | C] () -- C:\WINDOWS\NWDECDU.INI
    [2007/12/28 18:02:34 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
    [2007/12/10 00:32:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2007/06/26 16:14:24 | 000,000,134 | ---- | C] () -- C:\WINDOWS\Readiris.ini
    [2007/06/26 16:14:18 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
    [2007/03/16 20:01:04 | 000,004,628 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/01/15 17:24:09 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\YUKIKO\Application Data\dm.ini
    [2007/01/15 17:24:08 | 000,001,541 | ---- | C] () -- C:\Documents and Settings\YUKIKO\Application Data\AdobeDLM.log
    [2006/10/14 03:01:41 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2006/09/25 03:54:32 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\YUKIKO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/09/24 13:53:54 | 000,003,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/09/17 18:37:04 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\YUKIKO\Local Settings\Application Data\fusioncache.dat
    [2006/07/11 12:57:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/07/11 11:52:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006/07/11 11:52:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006/07/11 11:52:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006/07/11 11:52:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006/07/11 11:52:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006/07/11 11:52:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006/07/10 17:08:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
    [2006/07/10 16:23:19 | 000,000,942 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/07/10 16:02:41 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/07/10 15:54:57 | 000,002,144 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/07/10 15:54:43 | 000,065,392 | ---- | C] () -- C:\WINDOWS\System32\msimek.sys
    [2006/07/10 15:54:43 | 000,054,700 | ---- | C] () -- C:\WINDOWS\System32\$ias.sys
    [2006/07/10 15:54:43 | 000,044,496 | ---- | C] () -- C:\WINDOWS\System32\msimei.sys
    [2006/07/10 15:54:43 | 000,042,841 | ---- | C] () -- C:\WINDOWS\System32\key02.sys
    [2006/07/10 15:54:43 | 000,042,633 | ---- | C] () -- C:\WINDOWS\System32\keyax.sys
    [2006/07/10 15:54:43 | 000,039,808 | ---- | C] () -- C:\WINDOWS\System32\msime.sys
    [2006/07/10 15:54:43 | 000,027,956 | ---- | C] () -- C:\WINDOWS\System32\appsicon.dll
    [2006/07/10 15:54:43 | 000,020,688 | ---- | C] () -- C:\WINDOWS\System32\$disp.sys
    [2006/07/10 15:54:43 | 000,013,597 | ---- | C] () -- C:\WINDOWS\System32\msimed.sys
    [2006/07/10 15:54:43 | 000,004,701 | ---- | C] () -- C:\WINDOWS\System32\kkcfunc.sys
    [2006/07/10 15:54:43 | 000,004,125 | ---- | C] () -- C:\WINDOWS\System32\$prnescp.sys
    [2006/07/10 15:54:43 | 000,002,990 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys
    [2006/07/10 15:54:43 | 000,000,901 | ---- | C] () -- C:\WINDOWS\System32\ntfont.sys
    [2006/07/10 15:54:43 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys
    [2006/07/10 15:54:07 | 000,229,088 | ---- | C] () -- C:\WINDOWS\System32\lanman.drv
    [2006/07/05 12:07:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/10/13 03:16:19 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\IMX.DLL
    [2005/10/13 03:03:04 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/10/13 02:52:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
    [2005/10/13 02:51:41 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
    [2005/10/13 02:43:14 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2005/10/13 02:41:56 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
    [2005/10/13 02:38:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fsslckhk.dll
    [2003/09/18 15:22:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\AmiJapanDataPilotUninstSupport.dll
    [2003/04/03 14:00:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\VSPpg8.dll
    [2003/02/19 17:36:06 | 000,005,099 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
  20. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    ========== LOP Check ==========

    [2010/10/11 17:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2005/10/13 02:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FujisoftABC
    [2010/10/11 10:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2005/10/13 02:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JUSTSYSTEM
    [2010/10/08 19:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
    [2005/10/13 02:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MEGASOFT
    [2009/04/08 13:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/28 18:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/08/02 05:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2008/10/26 23:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\Audacity
    [2006/10/24 18:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\Fujitsu
    [2007/03/07 20:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\InterVideo
    [2008/03/22 02:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\ivivo
    [2006/10/24 18:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\Justsystem
    [2006/10/15 03:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\Leadertech
    [2008/02/04 12:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\MEGASOFT
    [2006/09/19 22:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\MSNInstaller
    [2007/08/06 21:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\s-woman_ticker
    [2010/08/25 18:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YUKIKO\Application Data\UNBALANCE
    [2010/10/12 17:18:58 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BEF629C3-04D1-47E6-907A-43645553FC6E}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/07/10 16:09:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/05/24 15:22:35 | 000,000,210 | ---- | M] () -- C:\Boot.bak
    [2010/10/12 09:43:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/05 23:00:00 | 000,132,398 | RHS- | M] () -- C:\bootfont.bin
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/12 16:24:16 | 000,019,854 | ---- | M] () -- C:\ComboFix.txt
    [2006/07/10 16:09:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/10/12 16:15:43 | 526,569,472 | -HS- | M] () -- C:\hiberfil.sys
    [2006/10/14 03:01:48 | 000,001,119 | ---- | M] () -- C:\INSTALL.LOG
    [2006/07/10 16:09:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/07/10 16:09:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/05 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/05/18 23:14:38 | 000,260,800 | RHS- | M] () -- C:\ntldr
    [2010/10/12 16:15:42 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2008/08/21 21:27:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/08/21 22:43:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/08/25 19:00:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/01/05 01:58:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/08/01 01:31:25 | 000,000,280 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010/05/25 22:13:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/05/25 22:13:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/05/25 22:14:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/05/25 22:14:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010/05/25 22:14:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/05/25 22:14:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/05/25 22:15:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/05/25 22:16:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/05/25 22:16:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/05/25 22:16:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/05/25 22:17:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2008/08/01 19:54:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2008/08/02 03:43:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2008/08/03 20:44:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2008/08/09 18:07:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2008/08/21 21:27:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/08/21 22:43:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2008/08/25 19:00:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/01/05 01:58:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/08/01 01:31:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010/05/25 22:13:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/05/25 22:13:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/05/25 22:14:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/05/25 22:14:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010/05/25 22:14:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/05/25 22:14:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/05/25 22:15:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/05/25 22:16:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/05/25 22:16:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/05/25 22:16:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/05/25 22:17:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2008/08/01 19:54:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2008/08/02 03:43:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2008/08/03 20:44:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2008/08/09 18:07:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2010/10/11 10:18:33 | 000,079,958 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_11.10.2010_10.17.42_log.txt
    [2001/05/24 14:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
    [2007/09/14 15:41:49 | 000,000,158 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/07/10 16:09:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
    [14 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/04/09 15:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/08 01:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/10/10 14:38:05 | 000,001,682 | -H-- | M] () -- C:\Documents and Settings\YUKIKO\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/07/11 01:00:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/07/11 01:00:34 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/07/11 01:00:33 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
  21. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/09/17 18:37:21 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\YUKIKO\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006/07/10 16:12:56 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\YUKIKO\Application Data\Microsoft\Internet Explorer\Quick Launch\デスクトップの表示.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/09/17 18:37:20 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\YUKIKO\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2009/05/24 15:04:24 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\YUKIKO\Cookies\desktop.ini
    [2010/10/12 17:18:55 | 000,573,440 | ---- | M] () -- C:\Documents and Settings\YUKIKO\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/27 16:11:12 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2006/08/02 01:29:44 | 000,577,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 13:25:48 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 03:08:58 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 03:08:58 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/03 01:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 04:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 13:26:19 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 03:08:58 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 03:08:58 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 03:08:58 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 03:08:58 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 03:08:58 | 000,140,919 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
    [1 C:\Program Files\Messenger\*.tmp files -> C:\Program Files\Messenger\*.tmp -> ]

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052

    < End of report >
  22. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    OTL Extras logfile created on: 2010/10/12 17:15:29 - Run 1
    OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\YUKIKO\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

    502.00 Mb Total Physical Memory | 176.00 Mb Available Physical Memory | 35.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 6.66 Gb Free Space | 17.88% Space Free | Partition Type: NTFS
    Drive D: | 12.10 Gb Total Space | 10.42 Gb Free Space | 86.06% Space Free | Partition Type: NTFS

    Computer Name: XXXXXXX | User Name: YUKIKO | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "2541:TCP" = 2541:TCP:*:Enabled:lmzdxmfc

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
    "C:\Program Files\Adobe\Photoshop Album Mini\3.0\Apps\Photoshop Album Starter Edition.exe" = C:\Program Files\Adobe\Photoshop Album Mini\3.0\Apps\Photoshop Album Starter Edition.exe:*:Enabled:Adobe Photoshop Album Mini 3.0 -- (Adobe Systems Incorporated)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
    "C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\YUKIKO\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio オーディオフィルタ機能 カスタムプリセット
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
    "{05257AC0-DD20-11D2-AC05-0000F4ADD897}" = HD革命/BackUp (バンドル版)
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
    "{08E55380-1517-4A89-B1FA-CCE7E9EDE4E5}" = 筆ぐるめ Ver.13
    "{0B59411E-1900-463C-AE64-AA106BB2BD58}" = えいご漬け 改訂版(体験版)
    "{0F33B730-E81D-11D3-B72E-00104BC853D6}" = 駅すぱあと
    "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO カメラユーティリティ
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{156E4680-CA1F-4D45-AE9F-D6731E37C175}" = Sony FeliCa リーダー/ライター ソフトウェア
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
    "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
    "{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
    "{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
    "{2EF73726-9C12-42A0-952D-9753FBF86E58}" = IFL
    "{31BBD146-CCC2-4E3F-B560-4D3906E2B041}" = CD Burning 4
    "{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
    "{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
    "{350C97B1-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{4021D88F-E224-402F-919E-B3F053B57724}" = Windows Live Messenger
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{463F8033-9083-4DCE-8A1A-CA588D8EF9AF}" = 静止画色補正
    "{48D2C608-6E46-4978-A2D4-67E34F95E971}" = かんたん登録2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe(R) Photoshop(R) Album Mini 3.0
    "{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
    "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
    "{582C5C46-399D-4A9D-AB9F-C36F6FEC85EA}" = VAIO CameraVJ Screen Saver
    "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media (再配布) 5.0
    "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
    "{597C68AF-3EF7-4310-8725-2E034914613B}" = Microsoft Office Home Style+
    "{5B82682E-C555-45DA-8E2C-CE6525427AC9}" = Click to DVD 2.5.30
    "{5BEB5AA0-7B78-4D85-8D98-F84CA1E063E9}" = かざポン for VAIO
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5E862EC5-40B2-4A7E-A87D-B504E141318A}" = スクリーンセーバーロック2
    "{600D85D0-14E9-4B52-A125-F31668C6BE96}" = FeliCaブラウザエクステンション
    "{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = はじめよう! ワイヤレスLAN
    "{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
    "{63BE6BE8-C96D-4CCD-B6E3-416FEC883D59}" = i-フィルター 4
    "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69E7A57D-89ED-4C16-A37C-AA53EF059F9A}" = かざしてログオン
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{70BF00E7-5187-4C30-8D57-BF9D9E4A5AD3}" = スマート メニュー (Windows Live Toolbar)
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
    "{7D90730F-D29E-4386-95F0-BCF79ECF634E}" = Do VAIO バックアップツール
    "{7FDA96DC-0EFF-4BB4-81BD-6CA64831CAA8}" = VAIO Photo Fall WIDE
    "{802AE695-3C5A-48A2-99B4-066298E659A8}" = Smart Network Ver. 2.2.02
    "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
    "{86579038-5AD4-4399-A34C-C6E2E57539E9}" = 大富豪Plus5 体験版
    "{87246AC6-09F0-46FA-8DCA-E425D51EFEAA}" = ホットスポット・ツール
    "{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8DF01556-CD47-418B-88AA-CBCADA8A8D6F}" = ドラネットキッズ入学準備 体験版
    "{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
    "{90330411-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Personal Edition 2003
    "{90AF0411-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
    "{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
    "{940475B4-367E-4D27-8841-163E3C980F52}" = Windows Live へのリンク (Windows Live Toolbar)
    "{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9C0EA18A-4C72-11D7-B65B-00C04F790F76}" = AC3 Encoder / Decoder
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO 省電力設定
    "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
    "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.4
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A3CD0C7C-A012-48B6-BCD8-3756FA177BD4}" = サンリオ タイニーパークV
    "{A5F3B2A6-CB42-11D6-9161-00E02975BB40}" = 一太郎ビューア
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio オーディオフィルタ機能
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
    "{AC76BA86-7AD7-1041-7B44-A90000000001}" = Adobe Reader 9 - Japanese
    "{AD0DDEC6-4798-4DE5-87DC-4367D694ED06}" = Microsoft .NET Framework 1.1 Japanese Language Pack
    "{AD650226-3335-45BB-9640-D8C973366A1A}" = パーソナルシェルター
    "{ADAB8F0D-D35B-4792-80A0-EF8749D8CF74}" = VAIO Guide Movie Components
    "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
    "{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.59
    "{AFF6B50E-C9C5-49BE-92E8-C9CEC98DE3D0}" = Do VAIO
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
    "{B6300A7D-C1B6-4A25-861D-4AED96202FCD}" = Readiris Pro 10
    "{B8C8E26C-D3DD-4B5B-A4A5-2BD5922C5169}" = バイオ電子マニュアル
    "{B971BB45-3FEC-4464-BF4F-B3203EC17BE2}" = タイピング競馬 体験版
    "{BA4028C1-47C6-40C7-97A2-C2507675B0AD}" = Windows Live Toolbar RSS フィード検出 (Windows Live Toolbar)
    "{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}" = VAIO Long Battery Life Wallpaper
    "{BDCF2850-450F-4643-9C64-2BFB3631AC83}" = タブ ブラウズ (Windows Live Toolbar)
    "{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
    "{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
    "{C58A56A1-33F5-48D0-A84D-88F75A351068}" = VAIO Launcher
    "{C99E6F22-FD0E-4D6E-925A-268AD1C050D6}" = its-moNavi PC
    "{C9D692F4-D762-4A56-801B-9B9EE0AF0C91}" = ATLAS 翻訳パーソナル 2006 LE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD818656-33B7-4B49-808C-7876E9484FAA}" = 「時事通信社・家庭の医学」「血液サラサラ健康事典」
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D30F9503-071B-4354-827D-C72D8E75BB05}" = Edy Viewer
    "{D3B16DA0-1E93-11D5-A26F-009027CB933C}" = So-net簡単スターターV2.3
    "{D97B89AA-D399-4152-81CE-FBB9C3688E36}" = みんなでTV電話スタータ
    "{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
    "{E2AA57CD-A819-406F-B422-A9211DA758B5}" = Windows Live Toolbar
    "{E2C94613-2E76-418B-A8E7-0FFFE9EADCDE}" = VAIO オンラインカスタマー登録
    "{E3F7F270-4ADD-3DA6-8B35-A924C134D49F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{E5E329DF-6C0D-4B6C-8D96-AF0B3F2A40DA}" = バイオ電子マニュアル データベース
    "{E6AD2F37-3B4A-4EEC-ACDB-28BC08A81648}" = ドラネット小学一年生 体験版
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{ED46C765-9EB0-4D4A-AD6C-29CF7E8007B0}" = SFCard Viewer 2
    "{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio プラグイン
    "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F41C96F8-3D72-4F94-9E9E-0B4E8F2B0C61}" = かざそうFeliCa
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
    "{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
    "{FC37C108-821D-4EDE-8F40-D5B497586805}" = バイオの設定
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AdobeESD" = Adobe Download Manager 2.2 (削除のみ)
    "avast5" = avast! Free Antivirus
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "GDBase" = 学研電子辞典
    "Google Chrome Frame" = Google Chrome フレーム
    "Google Updater" = Google アップデータ
    "HitmanPro35" = Hitman Pro 3.5
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
    "InstallShield_{D97B89AA-D399-4152-81CE-FBB9C3688E36}" = みんなでTV電話スタータ
    "InterActual Player" = InterActual Player
    "LastFM_is1" = Last.fm 1.5.4.24567
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "MouseSuite98" = Sony USB Mouse
    "Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NoteBurner_is1" = NoteBurner 2.22
    "OCNスタートパック" = OCNスタートパック
    "PC Suite" = PC Suite
    "ProInst" = インテル(R) PROSet/Wireless ソフトウェア
    "RealPlayer 12.0" = RealPlayer
    "SkypeForOE_is1" = Skype Toolbar for Outlook Express
    "VLC media player" = VideoLAN VLC media player 0.8.6e
    "Windows Live Toolbar" = Windows Live Toolbar
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Internet Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo!7 Messenger" = Yahoo!7 Messenger
    "Yahoo!メッセンジャー" = Yahoo!メッセンジャー
    "わが家の家計簿" = わが家の家計簿
  23. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2010/10/11 4:49:33 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 2010/10/11 4:54:33 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 2010/10/11 4:59:33 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 2010/10/11 5:04:36 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 2010/10/11 5:09:37 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 2010/10/11 5:14:39 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 2010/10/11 5:19:41 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 2010/10/11 5:24:41 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 2010/10/11 5:29:41 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 2010/10/11 5:34:41 | Computer Name = TOYOMASU | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    [ System Events ]
    Error - 2010/10/11 19:23:11 | Computer Name = TOYOMASU | Source = DCOM | ID = 10005
    Description = サーバー: {4991D34B-80A1-4291-83B6-3328366B9097} を実行するために サービス BITS (引数
    "") を起動しようとしたときに、DCOM でエラー "%1058" が発生しました。

    Error - 2010/10/11 19:23:11 | Computer Name = TOYOMASU | Source = DCOM | ID = 10005
    Description = サーバー: {4991D34B-80A1-4291-83B6-3328366B9097} を実行するために サービス BITS (引数
    "") を起動しようとしたときに、DCOM でエラー "%1058" が発生しました。

    Error - 2010/10/11 23:38:14 | Computer Name = TOYOMASU | Source = Service Control Manager | ID = 7031
    Description = Windows Media Player Network Sharing Service サービスは予期せず終了しました。これは 1
    回発生しています。次の修正動作が 30000 ミリ秒以内に行われます: サービスの再開

    Error - 2010/10/11 23:43:56 | Computer Name = TOYOMASU | Source = Service Control Manager | ID = 7031
    Description = Windows Media Player Network Sharing Service サービスは予期せず終了しました。これは 1
    回発生しています。次の修正動作が 30000 ミリ秒以内に行われます: サービスの再開

    Error - 2010/10/11 23:56:09 | Computer Name = TOYOMASU | Source = Service Control Manager | ID = 7006
    Description = ScRegSetValueExW の呼び出しは FailureActions により次のエラーで失敗しました: %%5

    Error - 2010/10/11 23:56:09 | Computer Name = TOYOMASU | Source = Service Control Manager | ID = 7006
    Description = ScRegSetValueExW の呼び出しは FailureActions により次のエラーで失敗しました: %%5

    Error - 2010/10/11 23:56:09 | Computer Name = TOYOMASU | Source = Service Control Manager | ID = 7006
    Description = ScRegSetValueExW の呼び出しは FailureActions により次のエラーで失敗しました: %%5

    Error - 2010/10/11 23:59:06 | Computer Name = TOYOMASU | Source = Service Control Manager | ID = 7023
    Description = Helper Installer は次のエラーで終了しました: %%126

    Error - 2010/10/12 1:04:24 | Computer Name = TOYOMASU | Source = Service Control Manager | ID = 7031
    Description = Windows Media Player Network Sharing Service サービスは予期せず終了しました。これは 1
    回発生しています。次の修正動作が 30000 ミリ秒以内に行われます: サービスの再開

    Error - 2010/10/12 1:10:28 | Computer Name = TOYOMASU | Source = Service Control Manager | ID = 7031
    Description = Windows Media Player Network Sharing Service サービスは予期せず終了しました。これは 1
    回発生しています。次の修正動作が 30000 ミリ秒以内に行われます: サービスの再開


    < End of report >

    Man that's a lot of posts, perhaps this forum could do with a slight upgrade on the characters allowed in a single post :D

    Thanks for this
  24. mylonite

    mylonite Newcomer, in training Topic Starter Posts: 46

    Only one problem now.DOS crashes when I RUN:

    ipconfig /all from the RUN box, though when I run it from DOS it's fine.

    Hmmmmm seems to be happening on my other computer as well.. Damn it!
  25. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    I can't comment until we're done with a whole cleaning procedure....

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.une.edu.au:8080
      FF - prefs.js..network.proxy.autoconfig_url: "http;//proxy.une.edu.au/proxy"
      FF - prefs.js..network.proxy.ftp: "proxy.une.edu.au"
      FF - prefs.js..network.proxy.ftp_port: 8080
      FF - prefs.js..network.proxy.gopher: "proxy.une.edu.au"
      FF - prefs.js..network.proxy.gopher_port: 8080
      FF - prefs.js..network.proxy.http: "proxy.une.edu.au"
      FF - prefs.js..network.proxy.http_port: 8080
      FF - prefs.js..network.proxy.no_proxies_on: "*.local"
      FF - prefs.js..network.proxy.share_proxy_settings: true
      FF - prefs.js..network.proxy.socks: "proxy.une.edu.au"
      FF - prefs.js..network.proxy.socks_port: 8080
      FF - prefs.js..network.proxy.ssl: "proxy.une.edu.au"
      FF - prefs.js..network.proxy.ssl_port: 8080
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans.....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.