Problemsrbad
Posts: 117 +0
This is my friends other desktop it is a Win XP emachines. Need some assistance on making sure its malware free please.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6750
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/2/2011 12:52:42 AM
mbam-log-2011-06-02 (00-52-42).txt
Scan type: Quick scan
Objects scanned: 141916
Time elapsed: 3 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-02 01:01:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12 Hitachi_HDT721016SLA380 rev.ST1OA31B
Running: oib5cj6p.exe; Driver: C:\DOCUME~1\JAMES'~1\LOCALS~1\Temp\fxroiuog.sys
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-06-01.06) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by JAMES'S BABII GIRL at 1:01:54 on 2011-06-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.368 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\CustoPackTools\utils\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0411&m=el1300g
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
mWinlogon: UIHost=c:\windows\system32\logonuicpt.exe
mWinlogon: SFCDisable=4 (0x4)
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
uRun: [RocketDock] "c:\program files\custopacktools\utils\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\james's babii girl\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TransBar] "c:\documents and settings\all users\custopacktools\softwares\transbar\TransBar.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-1 353168]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2011-4-2 24576]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-1 821080]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-1 366640]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-1 22712]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-3-13 14336]
.
=============== Created Last 30 ================
.
2011-06-02 03:26:59 -------- d-----w- c:\windows\system32\winrm
2011-06-02 03:26:59 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-02 03:26:51 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-02 02:11:36 -------- d-----w- c:\program files\TuneUpMedia
2011-06-02 02:11:31 -------- d-----w- c:\documents and settings\james's babii girl\application data\TuneUpMedia
2011-06-02 02:11:25 -------- d-----w- c:\documents and settings\all users\application data\TuneUpMedia
2011-06-02 02:09:20 -------- d-----w- c:\documents and settings\james's babii girl\application data\Azureus
2011-06-02 02:08:39 -------- d-----w- c:\program files\Vuze
2011-06-01 23:38:45 -------- d-----w- C:\Torrent Magnets
2011-06-01 23:35:21 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-06-01 23:33:35 -------- d-----w- c:\documents and settings\james's babii girl\application data\Search Settings
2011-06-01 23:33:31 -------- d-----w- c:\program files\Application Updater
2011-06-01 23:33:30 -------- d-----w- c:\program files\IObit Toolbar
2011-06-01 23:33:30 -------- d-----w- c:\program files\common files\Spigot
2011-06-01 23:32:34 -------- d-----w- c:\documents and settings\james's babii girl\application data\IObit
2011-06-01 23:32:32 -------- d-----w- c:\program files\IObit
2011-06-01 23:30:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 22:25:06 -------- d-----w- c:\documents and settings\james's babii girl\application data\Malwarebytes
2011-06-01 22:24:56 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-01 22:24:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-01 22:24:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-01 22:24:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 22:22:03 -------- d-----w- c:\documents and settings\james's babii girl\application data\Panda Security
2011-06-01 22:20:13 -------- d-----w- c:\program files\Panda Security
2011-06-01 22:20:13 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2011-06-01 22:18:27 -------- d-----w- C:\Program Installers
2011-05-16 00:30:21 451 ----a-w- c:\program files\0515201120302095.bat
2011-05-15 23:58:13 -------- d-----w- c:\program files\Oberon Media
2011-05-15 23:58:00 -------- d-----w- c:\documents and settings\all users\application data\Oberon Media
2011-05-15 23:57:48 -------- d-----w- c:\documents and settings\james's babii girl\application data\Oberon Media
2011-05-15 23:57:41 -------- d-----w- c:\program files\common files\Oberon Media
2011-05-15 23:54:30 -------- d-----w- c:\documents and settings\james's babii girl\local settings\application data\Oberon Media
2011-05-11 22:51:36 -------- d-----w- c:\program files\DVD Shrink
2011-05-11 22:48:49 -------- d-----w- c:\documents and settings\james's babii girl\local settings\application data\WinZip
2011-05-07 01:20:19 -------- d-----w- c:\program files\iPod
2011-05-07 01:20:02 -------- d-----w- c:\program files\iTunes
2011-05-07 01:16:19 -------- d-----w- c:\program files\Bonjour
2011-05-06 01:56:26 -------- d-----w- c:\windows\ServicePackFiles
.
==================== Find3M ====================
.
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-04 21:02:35 2288640 ----a-w- c:\windows\system32\TUKernel.exe
2011-04-04 19:52:22 218624 ----a-w- c:\windows\system32\uxtheme.dll
2011-04-03 03:59:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-03 03:59:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 1:02:23.35 ===============
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6750
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/2/2011 12:52:42 AM
mbam-log-2011-06-02 (00-52-42).txt
Scan type: Quick scan
Objects scanned: 141916
Time elapsed: 3 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-02 01:01:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12 Hitachi_HDT721016SLA380 rev.ST1OA31B
Running: oib5cj6p.exe; Driver: C:\DOCUME~1\JAMES'~1\LOCALS~1\Temp\fxroiuog.sys
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-06-01.06) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by JAMES'S BABII GIRL at 1:01:54 on 2011-06-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.368 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\CustoPackTools\utils\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0411&m=el1300g
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
mWinlogon: UIHost=c:\windows\system32\logonuicpt.exe
mWinlogon: SFCDisable=4 (0x4)
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
uRun: [RocketDock] "c:\program files\custopacktools\utils\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\james's babii girl\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TransBar] "c:\documents and settings\all users\custopacktools\softwares\transbar\TransBar.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-1 353168]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2011-4-2 24576]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-1 821080]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-1 366640]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-1 22712]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-3-13 14336]
.
=============== Created Last 30 ================
.
2011-06-02 03:26:59 -------- d-----w- c:\windows\system32\winrm
2011-06-02 03:26:59 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-02 03:26:51 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-02 02:11:36 -------- d-----w- c:\program files\TuneUpMedia
2011-06-02 02:11:31 -------- d-----w- c:\documents and settings\james's babii girl\application data\TuneUpMedia
2011-06-02 02:11:25 -------- d-----w- c:\documents and settings\all users\application data\TuneUpMedia
2011-06-02 02:09:20 -------- d-----w- c:\documents and settings\james's babii girl\application data\Azureus
2011-06-02 02:08:39 -------- d-----w- c:\program files\Vuze
2011-06-01 23:38:45 -------- d-----w- C:\Torrent Magnets
2011-06-01 23:35:21 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-06-01 23:33:35 -------- d-----w- c:\documents and settings\james's babii girl\application data\Search Settings
2011-06-01 23:33:31 -------- d-----w- c:\program files\Application Updater
2011-06-01 23:33:30 -------- d-----w- c:\program files\IObit Toolbar
2011-06-01 23:33:30 -------- d-----w- c:\program files\common files\Spigot
2011-06-01 23:32:34 -------- d-----w- c:\documents and settings\james's babii girl\application data\IObit
2011-06-01 23:32:32 -------- d-----w- c:\program files\IObit
2011-06-01 23:30:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 22:25:06 -------- d-----w- c:\documents and settings\james's babii girl\application data\Malwarebytes
2011-06-01 22:24:56 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-01 22:24:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-01 22:24:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-01 22:24:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 22:22:03 -------- d-----w- c:\documents and settings\james's babii girl\application data\Panda Security
2011-06-01 22:20:13 -------- d-----w- c:\program files\Panda Security
2011-06-01 22:20:13 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2011-06-01 22:18:27 -------- d-----w- C:\Program Installers
2011-05-16 00:30:21 451 ----a-w- c:\program files\0515201120302095.bat
2011-05-15 23:58:13 -------- d-----w- c:\program files\Oberon Media
2011-05-15 23:58:00 -------- d-----w- c:\documents and settings\all users\application data\Oberon Media
2011-05-15 23:57:48 -------- d-----w- c:\documents and settings\james's babii girl\application data\Oberon Media
2011-05-15 23:57:41 -------- d-----w- c:\program files\common files\Oberon Media
2011-05-15 23:54:30 -------- d-----w- c:\documents and settings\james's babii girl\local settings\application data\Oberon Media
2011-05-11 22:51:36 -------- d-----w- c:\program files\DVD Shrink
2011-05-11 22:48:49 -------- d-----w- c:\documents and settings\james's babii girl\local settings\application data\WinZip
2011-05-07 01:20:19 -------- d-----w- c:\program files\iPod
2011-05-07 01:20:02 -------- d-----w- c:\program files\iTunes
2011-05-07 01:16:19 -------- d-----w- c:\program files\Bonjour
2011-05-06 01:56:26 -------- d-----w- c:\windows\ServicePackFiles
.
==================== Find3M ====================
.
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-04 21:02:35 2288640 ----a-w- c:\windows\system32\TUKernel.exe
2011-04-04 19:52:22 218624 ----a-w- c:\windows\system32\uxtheme.dll
2011-04-03 03:59:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-03 03:59:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 1:02:23.35 ===============