I need help to remove zlob DNSchanger.

Azzurro · Oct 26, 2008

Hello, everyone, I am Azzurro.
Today, I'd like to ask anybody to remove zlob DNSchanger.
A lot of pop-up windows appear on the screen.
Then, I checked my computer by using spybot.
The spybot found zlob DNSchanger trojan.
I tried to remove it by the spybot, kasperski, and other anti-virus soft,
but I couldn't.
So, I tried to clean install several times, but zlob revived
after even clean install.
Then, pop-up advertisements appear frequently.
So, I need help to remove this zlob.

I pasted my hijack file below.
Some parts are included my country's languages, so that you will not be
able to see them.

Thank you very much in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:16:37, on 2008/10/26
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: "アンチバナーへ追加" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ウェブアンチウイルス - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://dynabook.fresheye.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: McAfee Application Installer Cleanup (0154591224999483) (0154591224999483mcinstcleanup) - Unknown owner - C:\Users\azzurro\AppData\Local\Temp\015459~1.EXE (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4641 bytes

katana · Oct 27, 2008

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

Azzurro · Oct 28, 2008

log.txt and info.txt.

Thank you for the reply, Mr.Katana.
I read all instructions carefully.

I pasted two logs here.
Several Japanese words are here and there.

Thank you for taking your time.

Azzurro

Logfile of random's system information tool 1.04 (written by random/random)
Run by azzurro at 2008-10-27 20:30:48
MicrosoftR Windows Vista? Home Premium
System drive C: has 115 GB (86%) free of 134 GB
Total RAM: 2037 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:58, on 2008/10/27
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\system32\taskeng.exe
C:\Users\azzurro\Desktop\RSIT.exe
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files\Trend Micro\HijackThis\azzurro.exe
C:\Windows\system32\SearchFilterHost.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: "アンチバナーへ追加" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ウェブアンチウイルス - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.f-secure.co.jp/ols/ols33/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0154591224999483) (0154591224999483mcinstcleanup) - Unknown owner - C:\Users\azzurro\AppData\Local\Temp\015459~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5895 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{EA35EBB3-0381-4A67-BA1E-60C4F94FD654}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-03-11 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-24 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-24 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-19 411768]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-02-01 835584]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-01-18 448632]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-06 4374528]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-01-30 126976]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-01-30 131072]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-01-30 151552]
"IME JPN 2007 Migration"=C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE [2006-10-26 59184]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-01-30 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe"="C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe:*:Enabled:VideoStreamer.exe"
"C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe"="C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe:*:Enabled:VSStream.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-10-27 20:30:48 ----D---- C:\rsit
2008-10-27 20:23:31 ----D---- C:\Users\azzurro\AppData\Roaming\U3
2008-10-27 01:00:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 00:56:40 ----D---- C:\Windows\Minidump
2008-10-27 00:24:48 ----D---- C:\Users\azzurro\AppData\Roaming\skypePM
2008-10-27 00:24:17 ----D---- C:\Users\azzurro\AppData\Roaming\Skype
2008-10-27 00:22:20 ----D---- C:\Program Files\Skype
2008-10-27 00:22:20 ----D---- C:\Program Files\Common Files\Skype
2008-10-26 22:22:21 ----A---- C:\Users\azzurro\AppData\Roaming\SetValue.bat
2008-10-26 22:22:20 ----A---- C:\Users\azzurro\AppData\Roaming\GetValue.vbs
2008-10-26 22:20:09 ----A---- C:\Windows\system32\tmp.txt
2008-10-26 22:20:06 ----A---- C:\rapport.txt
2008-10-26 18:26:51 ----D---- C:\Users\azzurro\AppData\Roaming\Apple Computer
2008-10-26 18:26:39 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-26 18:26:39 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-26 18:26:14 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 18:26:14 ----D---- C:\Program Files\iPod
2008-10-26 18:26:13 ----D---- C:\Program Files\iTunes
2008-10-26 18:25:34 ----D---- C:\Program Files\Bonjour
2008-10-26 18:24:55 ----D---- C:\Program Files\QuickTime
2008-10-26 18:24:53 ----D---- C:\ProgramData\Apple Computer
2008-10-26 18:24:15 ----D---- C:\Program Files\Apple Software Update
2008-10-26 18:23:00 ----D---- C:\Program Files\Common Files\Apple
2008-10-26 18:22:59 ----D---- C:\ProgramData\Apple
2008-10-26 11:41:41 ----D---- C:\Users\azzurro\AppData\Roaming\WinRAR
2008-10-26 10:56:41 ----D---- C:\Program Files\Microsoft Works
2008-10-26 10:56:14 ----D---- C:\Program Files\Microsoft Visual Studio
2008-10-26 10:56:14 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-26 10:56:00 ----D---- C:\Windows\PCHEALTH
2008-10-26 10:56:00 ----D---- C:\Program Files\Microsoft.NET
2008-10-26 10:52:56 ----D---- C:\Program Files\Microsoft Office
2008-10-26 10:52:54 ----D---- C:\ProgramData\Microsoft Help
2008-10-26 10:52:11 ----RHD---- C:\MSOCache
2008-10-26 01:31:11 ----D---- C:\Windows\SoftwareDistribution
2008-10-25 23:11:44 ----D---- C:\ProgramData\Kaspersky Lab
2008-10-25 23:11:44 ----D---- C:\Program Files\Kaspersky Lab
2008-10-25 22:42:28 ----D---- C:\Users\azzurro\AppData\Roaming\GlarySoft
2008-10-25 21:07:45 ----D---- C:\Users\azzurro\AppData\Roaming\Malwarebytes
2008-10-25 21:07:41 ----D---- C:\ProgramData\Malwarebytes
2008-10-25 20:06:40 ----A---- C:\Windows\ntbtlog.txt
2008-10-25 01:56:16 ----HD---- C:\ProgramData\CanonBJ
2008-10-25 01:54:58 ----A---- C:\Windows\system32\CNMLM8U.DLL
2008-10-25 01:24:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-25 01:24:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-24 22:06:07 ----D---- C:\Users\azzurro\AppData\Roaming\Macromedia
2008-10-24 22:04:27 ----A---- C:\Windows\system32\PanInstaller.dll
2008-10-24 22:04:25 ----A---- C:\Windows\system32\FirstLoad.dll
2008-10-24 22:04:20 ----D---- C:\Program Files\PANDORA.TV
2008-10-24 22:04:09 ----D---- C:\Temp
2008-10-24 22:02:04 ----D---- C:\Users\azzurro\AppData\Roaming\Adobe
2008-10-24 21:44:23 ----D---- C:\Users\azzurro\AppData\Roaming\Mozilla
2008-10-24 21:44:14 ----D---- C:\Program Files\Mozilla Firefox
2008-10-24 21:43:22 ----N---- C:\Windows\system32\vxblock.dll
2008-10-24 21:43:22 ----N---- C:\Windows\system32\pxwave.dll
2008-10-24 21:43:22 ----N---- C:\Windows\system32\pxsfs.dll
2008-10-24 21:43:22 ----N---- C:\Windows\system32\pxmas.dll
2008-10-24 21:43:22 ----N---- C:\Windows\system32\pxinsa64.exe
2008-10-24 21:43:22 ----N---- C:\Windows\system32\pxhpinst.exe
2008-10-24 21:43:22 ----N---- C:\Windows\system32\pxdrv.dll
2008-10-24 21:43:22 ----N---- C:\Windows\system32\pxcpya64.exe
2008-10-24 21:43:22 ----N---- C:\Windows\system32\pxafs.dll
2008-10-24 21:43:22 ----N---- C:\Windows\system32\px.dll
2008-10-24 21:43:19 ----D---- C:\Users\azzurro\AppData\Roaming\Winamp
2008-10-24 21:43:19 ----D---- C:\Program Files\Winamp
2008-10-24 21:41:23 ----A---- C:\Windows\system32\rmoc3260.dll
2008-10-24 21:41:23 ----A---- C:\Windows\system32\pndx5032.dll
2008-10-24 21:41:23 ----A---- C:\Windows\system32\pndx5016.dll
2008-10-24 21:41:23 ----A---- C:\Windows\system32\pncrt.dll
2008-10-24 21:41:22 ----A---- C:\Windows\system32\unrar.dll
2008-10-24 21:41:22 ----A---- C:\Windows\avisplitter.ini
2008-10-24 21:41:19 ----A---- C:\Windows\system32\yv12vfw.dll
2008-10-24 21:41:19 ----A---- C:\Windows\system32\xvidvfw.dll
2008-10-24 21:41:19 ----A---- C:\Windows\system32\xvidcore.dll
2008-10-24 21:41:18 ----A---- C:\Windows\system32\qt-dx331.dll
2008-10-24 21:41:18 ----A---- C:\Windows\system32\dpl100.dll
2008-10-24 21:41:18 ----A---- C:\Windows\system32\divx.dll
2008-10-24 21:41:17 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-10-24 21:41:17 ----A---- C:\Windows\system32\ff_vfw.dll
2008-10-24 21:41:16 ----A---- C:\Windows\system32\msvcr71.dll
2008-10-24 21:41:16 ----A---- C:\Windows\system32\msvcp71.dll
2008-10-24 21:41:15 ----D---- C:\Users\azzurro\AppData\Roaming\Real
2008-10-24 21:41:15 ----D---- C:\ProgramData\Real
2008-10-24 21:41:15 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-24 21:39:29 ----D---- C:\Users\azzurro\AppData\Roaming\Google
2008-10-24 21:39:14 ----D---- C:\ProgramData\Google
2008-10-24 21:39:11 ----D---- C:\Program Files\Google
2008-10-24 21:37:55 ----D---- C:\ProgramData\Skype
2008-10-24 21:37:06 ----D---- C:\Program Files\KeyHoleTV
2008-10-24 21:36:44 ----D---- C:\Program Files\WinRAR
2008-10-24 21:36:08 ----D---- C:\Users\azzurro\AppData\Roaming\Media Player Classic
2008-10-24 21:22:57 ----D---- C:\Program Files\TeraPad
2008-10-24 20:47:51 ----D---- C:\Users\azzurro\AppData\Roaming\goo
2008-10-24 20:46:29 ----D---- C:\Program Files\Trend Micro
2008-10-24 20:40:15 ----A---- C:\Windows\NDSTray.INI
2008-10-24 20:39:42 ----A---- C:\Windows\system32\IVIresizeW7.dll
2008-10-24 20:39:42 ----A---- C:\Windows\system32\IVIresizePX.dll
2008-10-24 20:39:42 ----A---- C:\Windows\system32\IVIresizeP6.dll
2008-10-24 20:39:42 ----A---- C:\Windows\system32\IVIresizeM6.dll
2008-10-24 20:39:42 ----A---- C:\Windows\system32\IVIresizeA6.dll
2008-10-24 20:39:42 ----A---- C:\Windows\system32\IVIresize.dll
2008-10-24 20:39:17 ----D---- C:\Windows\RegisteredPackages
2008-10-24 20:39:09 ----D---- C:\Program Files\Windows Media Components
2008-10-24 20:35:11 ----D---- C:\Program Files\Ulead Systems
2008-10-24 20:35:11 ----D---- C:\Program Files\Common Files\Ulead Systems
2008-10-24 20:35:10 ----D---- C:\ProgramData\Ulead Systems
2008-10-24 20:31:42 ----D---- C:\Program Files\McAfee.com
2008-10-24 20:31:40 ----D---- C:\Program Files\Common Files\McAfee
2008-10-24 20:31:08 ----D---- C:\Program Files\McAfee
2008-10-24 20:30:53 ----D---- C:\ProgramData\Toshiba
2008-10-24 20:30:50 ----D---- C:\ProgramData\McAfee
2008-10-24 20:30:43 ----A---- C:\Windows\system32\igfxres.dll
2008-10-24 20:30:20 ----D---- C:\Users\azzurro\AppData\Roaming\Identities
2008-10-24 20:30:10 ----SD---- C:\Users\azzurro\AppData\Roaming\Microsoft
2008-10-24 20:30:10 ----D---- C:\Users\azzurro\AppData\Roaming\Media Center Programs
2008-10-24 20:25:40 ----D---- C:\Windows\SoftwareDistributionOLD
2008-10-24 20:24:22 ----D---- C:\Program Files\goo
2008-10-24 20:24:16 ----HD---- C:\Windows\msdownld.tmp
2008-10-24 20:23:30 ----D---- C:\Windows\Options
2008-10-24 20:23:30 ----D---- C:\Program Files\Atheros
2008-10-24 20:23:13 ----D---- C:\ProgramData\Atheros
2008-10-24 20:17:43 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2008-10-27 20:30:58 ----D---- C:\Windows\Prefetch
2008-10-27 20:30:50 ----D---- C:\Windows\Temp
2008-10-27 20:25:48 ----D---- C:\Windows\System32
2008-10-27 20:25:47 ----D---- C:\Windows\inf
2008-10-27 20:25:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-27 01:00:18 ----D---- C:\Windows\system32\drivers
2008-10-27 01:00:15 ----RD---- C:\Program Files
2008-10-27 00:56:40 ----D---- C:\Windows
2008-10-27 00:55:07 ----SD---- C:\Windows\Downloaded Program Files
2008-10-27 00:24:49 ----HD---- C:\ProgramData
2008-10-27 00:22:33 ----SHD---- C:\Windows\Installer
2008-10-27 00:22:20 ----D---- C:\Program Files\Common Files
2008-10-26 23:41:07 ----D---- C:\Windows\system32\WDI
2008-10-26 18:26:40 ----D---- C:\Windows\system32\catroot
2008-10-26 18:25:22 ----D---- C:\Program Files\Internet Explorer
2008-10-26 18:24:09 ----D---- C:\Windows\winsxs
2008-10-26 10:57:33 ----RSD---- C:\Windows\assembly
2008-10-26 10:56:36 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-26 10:56:03 ----RSD---- C:\Windows\Fonts
2008-10-26 10:56:00 ----SD---- C:\ProgramData\Microsoft
2008-10-26 10:53:48 ----A---- C:\Windows\win.ini
2008-10-26 10:53:45 ----D---- C:\Program Files\Common Files\System
2008-10-26 10:53:30 ----D---- C:\Windows\ShellNew
2008-10-26 00:27:57 ----D---- C:\Windows\Tasks
2008-10-26 00:16:24 ----D---- C:\Windows\system32\Tasks
2008-10-25 23:00:10 ----D---- C:\Windows\system32\NDF
2008-10-25 22:55:03 ----D---- C:\Windows\system32\catroot2
2008-10-25 01:54:12 ----RSD---- C:\Windows\Media
2008-10-25 01:53:54 ----D---- C:\Windows\twain_32
2008-10-24 20:39:39 ----D---- C:\Program Files\InterVideo
2008-10-24 20:39:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-24 20:30:36 ----SHD---- C:\$Recycle.Bin
2008-10-24 20:30:10 ----RD---- C:\Users
2008-10-24 20:26:38 ----D---- C:\Windows\rescache
2008-10-24 20:26:01 ----D---- C:\Program Files\Windows NT
2008-10-24 20:26:00 ----D---- C:\Windows\Debug
2008-10-24 20:24:28 ----D---- C:\TOSAPINS
2008-10-24 20:23:16 ----D---- C:\Windows\system32\restore
2008-10-24 20:21:02 ----D---- C:\Windows\Panther

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-10-25 216080]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-01-23 689664]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-01-31 1608192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-06 1739816]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-02-01 182328]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-17 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-23 290304]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-08 221696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\Users\azzurro\AppData\Local\Temp\Low\OnlineScanner\Anti-Virus\fsgk.sys []
S3 HdAudAddService;Microsoft 1.1 UAA ファンクションドライバ (High Definition Audio 用) サービス; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-01-31 1608192]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys [2008-10-25 216080]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB スキャナドライバ; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 usbvideo;USB ビデオデバイス (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 Bonjour Service;Bonjour サービス; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2006-12-19 428152]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R3 iPod Service;iPod サービス; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 0154591224999483mcinstcleanup;McAfee Application Installer Cleanup (0154591224999483); C:\Users\azzurro\AppData\Local\Temp\015459~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-27 20:31:00

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Windows\IsUninst.exe -f"C:\Program Files\Adobe\PDF IFilter 6.0\Uninst.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5116A40-6B07-11D5-86F7-0001031E5712}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x11
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x11
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PDF IFilter 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PDF IFilter 6.0\Uninst.isu"
Adobe Reader 8 - Japanese-->MsiExec.exe /I{AC76BA86-7AD7-1041-7B44-A80000000002}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe" -l0x11 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CD/DVD静音ユーティリティ-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x11
DVD MovieWriter for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x11
dynabookランチャー-->MsiExec.exe /I{0BDE919C-E522-4530-ABDD-EBBE4B164CA0}
dynabookランチャー用バナー-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286B5435-9A16-4A06-8E56-87E7EC4E1315}\setup.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KeyHoleTV-->"C:\Program Files\KeyHoleTV\uninstall.exe"
K-Lite Mega Codec Pack 4.2.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Office Excel MUI (Japanese) 2007-->MsiExec.exe /X{90120000-0016-0411-0000-0000000FF1CE}
Microsoft Office IME (Japanese) 2007-->MsiExec.exe /X{90120000-0028-0411-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Japanese) 2007-->MsiExec.exe /X{90120000-001A-0411-0000-0000000FF1CE}
Microsoft Office Personal 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PERSONALR /dll OSETUP.DLL
Microsoft Office Personal 2007-->MsiExec.exe /X{91120000-0033-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Japanese) 2007-->MsiExec.exe /X{90120000-001F-0411-0000-0000000FF1CE}
Microsoft Office Proofing (Japanese) 2007-->MsiExec.exe /X{90120000-002C-0411-0000-0000000FF1CE}
Microsoft Office Shared MUI (Japanese) 2007-->MsiExec.exe /X{90120000-006E-0411-0000-0000000FF1CE}
Microsoft Office Word MUI (Japanese) 2007-->MsiExec.exe /X{90120000-001B-0411-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PANDORATV VIDEO STREAMER-->"C:\Program Files\PANDORA.TV\Video Streamer\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x11 -removeonly
Skype? 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeraPad-->"C:\Program Files\TeraPad\epuninst.exe" /s
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0411
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0011uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\Setup.exe -runfromtemp -l0x0411
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B97599D2-01F7-4551-96D8-674D3D886F7B}\setup.exe" -l0x11
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{744E2BC2-EC6F-44D5-AA68-451B4131383B}\setup.exe" -l0x11
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0411
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media エンコーダ 9 シリーズ-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media エンコーダ 9 シリーズ-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0411
WinRAR アーカイバ-->C:\Program Files\WinRAR\uninstall.exe
おたすけナビ-->MsiExec.exe /I{14A2F742-AAAD-4591-96EF-E8778E8048A9}
カスペルスキーインターネットセキュリティ 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
カスペルスキーインターネットセキュリティ 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
はじめてガイド-->MsiExec.exe /X{F2079739-3864-4B7C-8FB3-ABD67EAFEF79}
電子マニュアル-->MsiExec.exe /X{17DBC479-7782-4B00-BB23-F6BAF85CDC26}
東芝お客様登録-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4087BD66-5D8E-4AA3-BA92-F6B014E04C97}\Setup.exe"
便利な使いかた-->MsiExec.exe /X{0F0788EC-9598-4D04-941E-A8124692746E}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: カスペルスキーインターネットセキュリティ (disabled)
FW: カスペルスキーインターネットセキュリティ (disabled)
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
AS: カスペルスキーインターネットセキュリティ (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

katana · Oct 28, 2008

There is no obvious malware showing in your log, do you use a Router ?

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See HERE for help
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Azzurro · Oct 28, 2008

Hello, Mr.Katana,

Thank you for the reply.
Is my computer not infected any viruses?
However, spybot still detects zlob DNS changer.
What is going on my computer?
a lot of Pop-ups still happen and I cannot use windows update too.
I pasted my Combofix log here.
I usually use wireless broad band router at my home.
Three computers share the one Internet line.

Thank you.

Azzurro

ComboFix 08-10-28.01 - azzurro 2008-10-28 14:01:24.1 - NTFSx86

Running from: C:\Users\azzurro\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.

2008-10-27 21:50 . 2008-10-27 21:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-27 20:30 . 2008-10-27 20:31 <DIR> d-------- C:\rsit
2008-10-27 20:23 . 2008-10-28 01:24 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\U3
2008-10-27 01:00 . 2008-10-27 01:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 01:00 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-27 01:00 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-27 00:56 . 2008-10-27 00:56 200,177,987 --a------ C:\Windows\MEMORY.DMP
2008-10-27 00:24 . 2008-10-27 23:15 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\skypePM
2008-10-27 00:24 . 2008-10-27 23:37 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\Skype
2008-10-27 00:24 . 2008-10-27 00:24 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-10-27 00:24 . 2008-10-27 00:24 56 --ah----- C:\ProgramData\ezsidmv.dat
2008-10-27 00:22 . 2008-10-27 00:22 <DIR> d-------- C:\Program Files\Skype
2008-10-27 00:22 . 2008-10-27 00:22 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-10-26 22:22 . 2008-10-26 22:22 691 --a------ C:\Users\azzurro\AppData\Roaming\GetValue.vbs
2008-10-26 22:22 . 2008-10-26 22:22 35 --a------ C:\Users\azzurro\AppData\Roaming\SetValue.bat
2008-10-26 22:20 . 2008-10-26 22:22 1,874 --a------ C:\Windows\System32\tmp.reg
2008-10-26 18:26 . 2008-10-26 18:26 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-10-26 18:26 . 2008-10-26 18:31 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\Apple Computer
2008-10-26 18:26 . 2008-10-26 18:26 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 18:26 . 2008-10-26 18:26 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 18:26 . 2008-10-26 18:26 <DIR> d-------- C:\Program Files\iTunes
2008-10-26 18:26 . 2008-10-26 18:26 <DIR> d-------- C:\Program Files\iPod
2008-10-26 18:26 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-10-26 18:26 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-10-26 18:25 . 2008-10-26 18:25 <DIR> d-------- C:\Program Files\Bonjour
2008-10-26 18:24 . 2008-10-26 18:26 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-10-26 18:24 . 2008-10-26 18:26 <DIR> d-------- C:\ProgramData\Apple Computer
2008-10-26 18:24 . 2008-10-26 18:25 <DIR> d-------- C:\Program Files\QuickTime
2008-10-26 18:24 . 2008-10-26 18:24 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-26 18:23 . 2008-10-26 18:25 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-26 18:22 . 2008-10-26 18:22 <DIR> d-------- C:\Users\All Users\Apple
2008-10-26 18:22 . 2008-10-26 18:22 <DIR> d-------- C:\ProgramData\Apple
2008-10-26 17:14 . 2008-10-26 17:14 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-10-26 16:20 . 2008-10-26 16:20 <DIR> d-------- C:\Users\azzurro\dwhelper
2008-10-26 10:56 . 2008-10-26 10:56 <DIR> d-------- C:\Windows\PCHEALTH
2008-10-26 10:56 . 2008-10-26 10:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-26 10:56 . 2008-10-26 10:56 <DIR> d-------- C:\Program Files\Microsoft Works
2008-10-26 10:52 . 2008-10-26 10:57 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-10-26 10:52 . 2008-10-26 10:57 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-10-26 10:52 . 2008-10-26 10:52 <DIR> dr-h----- C:\MSOCache
2008-10-25 23:12 . 2008-10-25 23:12 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2008-10-25 23:12 . 2008-10-25 23:12 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-10-25 23:11 . 2008-10-28 13:52 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-10-25 23:11 . 2008-10-28 13:52 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-10-25 23:11 . 2008-10-25 23:11 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-25 23:04 . 2008-10-28 13:51 2,211,360 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-10-25 23:04 . 2008-10-28 13:51 294,944 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-10-25 23:04 . 2008-10-28 13:51 18,356 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-10-25 23:04 . 2008-10-28 13:51 2,088 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-10-25 22:42 . 2008-10-25 22:42 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\GlarySoft
2008-10-25 21:07 . 2008-10-25 21:07 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\Malwarebytes
2008-10-25 21:07 . 2008-10-25 21:07 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-25 21:07 . 2008-10-25 21:07 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-25 01:56 . 2008-10-25 01:56 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-10-25 01:56 . 2008-10-25 01:56 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-10-25 01:54 . 2007-04-01 22:00 215,040 --a------ C:\Windows\System32\CNMLM8U.DLL
2008-10-25 01:24 . 2008-10-26 00:34 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-25 01:24 . 2008-10-26 00:34 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-25 01:24 . 2008-10-26 00:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-24 22:04 . 2008-10-24 22:04 <DIR> d-------- C:\Temp
2008-10-24 22:04 . 2008-10-24 22:04 <DIR> d-------- C:\Program Files\PANDORA.TV
2008-10-24 22:04 . 2008-05-20 10:17 1,039,896 --a------ C:\Windows\System32\MiniAX.ocx
2008-10-24 22:04 . 2008-10-24 22:04 124,432 --a------ C:\Windows\System32\PanInstaller.dll
2008-10-24 22:04 . 2008-10-24 22:04 83,480 --a------ C:\Windows\System32\FirstLoad.dll
2008-10-24 21:43 . 2008-10-24 21:59 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\Winamp
2008-10-24 21:43 . 2008-10-24 21:43 <DIR> d-------- C:\Program Files\Winamp
2008-10-24 21:43 . 2007-03-07 16:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-10-24 21:41 . 2008-10-24 21:41 <DIR> d-------- C:\Users\All Users\Real
2008-10-24 21:41 . 2008-10-24 21:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-24 21:39 . 2008-10-28 01:35 <DIR> d-------- C:\Users\All Users\Google
2008-10-24 21:39 . 2008-10-28 01:35 <DIR> d-------- C:\Program Files\Google
2008-10-24 21:37 . 2008-10-27 00:22 <DIR> d-------- C:\Users\All Users\Skype
2008-10-24 21:37 . 2008-10-27 00:22 <DIR> d-------- C:\ProgramData\Skype
2008-10-24 21:37 . 2008-10-24 21:37 <DIR> d-------- C:\Program Files\KeyHoleTV
2008-10-24 21:36 . 2008-10-24 21:36 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\Media Player Classic
2008-10-24 21:22 . 2008-10-24 21:23 <DIR> d-------- C:\Program Files\TeraPad
2008-10-24 20:47 . 2008-10-24 20:47 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\goo
2008-10-24 20:46 . 2008-10-24 20:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-24 20:40 . 2008-10-24 20:40 0 --a------ C:\Windows\NDSTray.INI
2008-10-24 20:39 . 2008-10-24 20:39 <DIR> d-------- C:\Program Files\Windows Media Components
2008-10-24 20:39 . 2002-11-21 10:57 204,800 --a------ C:\Windows\System32\IVIresizeW7.dll
2008-10-24 20:39 . 2002-11-21 10:57 200,704 --a------ C:\Windows\System32\IVIresizeA6.dll
2008-10-24 20:39 . 2002-11-21 10:57 192,512 --a------ C:\Windows\System32\IVIresizeP6.dll
2008-10-24 20:39 . 2002-11-21 10:57 192,512 --a------ C:\Windows\System32\IVIresizeM6.dll
2008-10-24 20:39 . 2002-11-21 10:57 188,416 --a------ C:\Windows\System32\IVIresizePX.dll
2008-10-24 20:39 . 2002-11-21 10:57 20,480 --a------ C:\Windows\System32\IVIresize.dll
2008-10-24 20:35 . 2008-10-24 20:38 <DIR> d-------- C:\Users\All Users\Ulead Systems
2008-10-24 20:35 . 2008-10-24 20:38 <DIR> d-------- C:\ProgramData\Ulead Systems
2008-10-24 20:35 . 2008-10-24 20:35 <DIR> d-------- C:\Program Files\Ulead Systems
2008-10-24 20:35 . 2008-10-24 20:39 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-10-24 20:31 . 2008-10-24 20:31 <DIR> d-------- C:\Program Files\McAfee.com
2008-10-24 20:31 . 2008-10-24 22:17 <DIR> d-------- C:\Program Files\McAfee
2008-10-24 20:31 . 2008-10-24 20:33 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-10-24 20:30 . 2008-10-24 20:30 <DIR> dr------- C:\Users\azzurro\Videos
2008-10-24 20:30 . 2008-10-24 20:30 <DIR> dr------- C:\Users\azzurro\Searches
2008-10-24 20:30 . 2008-10-24 20:30 <DIR> dr------- C:\Users\azzurro\Saved Games
2008-10-24 20:30 . 2008-10-26 12:09 <DIR> dr------- C:\Users\azzurro\Pictures
2008-10-24 20:30 . 2008-10-28 10:03 <DIR> dr------- C:\Users\azzurro\Music
2008-10-24 20:30 . 2008-10-24 20:30 <DIR> dr------- C:\Users\azzurro\Links
2008-10-24 20:30 . 2008-10-25 02:02 <DIR> dr------- C:\Users\azzurro\Downloads
2008-10-24 20:30 . 2008-10-26 17:58 <DIR> dr------- C:\Users\azzurro\Documents
2008-10-24 20:30 . 2008-10-24 20:30 <DIR> dr------- C:\Users\azzurro\Contacts
2008-10-24 20:30 . 2006-11-02 05:37 <DIR> d-------- C:\Users\azzurro\AppData\Roaming\Media Center Programs
2008-10-24 20:30 . 2008-10-24 20:30 <DIR> d--h----- C:\Users\azzurro\AppData
2008-10-24 20:30 . 2008-10-26 18:23 <DIR> d-------- C:\Users\azzurro
2008-10-24 20:30 . 2008-10-24 20:30 <DIR> d-------- C:\Users\All Users\Toshiba
2008-10-24 20:30 . 2008-10-24 20:34 <DIR> d-------- C:\Users\All Users\McAfee
2008-10-24 20:30 . 2008-10-24 20:30 <DIR> d-------- C:\ProgramData\Toshiba
2008-10-24 20:30 . 2008-10-24 20:34 <DIR> d-------- C:\ProgramData\McAfee
2008-10-24 20:30 . 2007-01-30 23:43 131,072 --a------ C:\Windows\System32\igfxres.dll
2008-10-24 20:25 . 2008-10-24 20:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-10-24 20:25 . 2008-10-24 20:45 <DIR> d-------- C:\Windows\SoftwareDistributionOLD
2008-10-24 20:24 . 2008-10-24 20:39 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-10-24 20:24 . 2008-10-24 21:47 <DIR> d-------- C:\Program Files\goo
2008-10-24 20:23 . 2008-10-24 20:23 <DIR> d-------- C:\Windows\Options
2008-10-24 20:23 . 2008-10-24 20:23 <DIR> d-------- C:\Users\All Users\Atheros
2008-10-24 20:23 . 2008-10-24 20:23 <DIR> d-------- C:\ProgramData\Atheros
2008-10-24 20:23 . 2008-10-24 20:23 <DIR> d-------- C:\Program Files\Atheros
2008-10-24 20:23 . 2007-01-23 00:25 689,664 --a------ C:\Windows\System32\drivers\athr.sys
2008-10-24 20:23 . 2007-01-23 00:25 689,664 --a------ C:\Windows\System32\athr.sys
2008-10-24 20:23 . 2007-01-23 00:24 61,293 --a------ C:\Windows\System32\netathr.inf
2008-10-24 20:23 . 2007-01-25 04:47 26,888 --a------ C:\Windows\System32\athrext.cat
2008-10-24 20:23 . 2008-10-24 20:23 0 -rahs---- C:\Windows\System32\drivers\1179_TOSHIBA_dynabook TX67CBB_S3A6151D001_PATX67CLPBB.MRK
2008-10-01 13:01 . 2008-10-01 13:01 32,000 --a------ C:\Windows\System32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 03:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-25 03:39 --------- d-----w C:\Program Files\InterVideo
2008-09-16 00:14 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-09-16 00:11 683,520 ----a-w C:\Windows\System32\divx.dll
2008-08-29 17:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-07-30 03:21 218,376 ----a-w C:\Windows\System32\klogon.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-01 835584]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-01-18 448632]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-01-30 126976]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-01-30 131072]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-01-30 151552]
"IME JPN 2007 Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2006-10-26 59184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D0796E3A-D368-4265-835C-6760C7D351C8}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{937FDC09-0497-4D9B-BBFE-F960FD9BB15C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B8C91025-B03C-46B8-9121-9E664DD33C13}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{61E375C1-7E91-40B3-BB14-768E75BD068F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6205CD79-4796-4FD2-B212-6BD5CFE3432F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EFA66DE1-0D78-4E4A-930A-34A52E461271}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\PANDORA.TV\\Video Streamer\\VideoStreamer.exe"= C:\Program Files\pandora.tv\Video Streamer\VideoStreamer.exe:*:Enabled:VideoStreamer.exe
"C:\\Program Files\\PANDORA.TV\\Video Streamer\\VSStream.exe"= C:\Program Files\pandora.tv\Video Streamer\VSStream.exe:*:Enabled:VSStream.exe

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-08 221696]
S2 0154591224999483mcinstcleanup;McAfee Application Installer Cleanup (0154591224999483);C:\Users\azzurro\AppData\Local\Temp\015459~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0f4d5bf-a246-11dd-9a80-00a0d1796497}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-28 C:\Windows\Tasks\User_Feed_Synchronization-{EA35EBB3-0381-4A67-BA1E-60C4F94FD654}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 02:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\azzurro\AppData\Roaming\Mozilla\Firefox\Profiles\r41i88k2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.co.jp/index.html
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\PANDORA.TV\Launcher\npmini.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 14:07:14
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-28 14:09:15
ComboFix-quarantined-files.txt 2008-10-28 21:09:09

Pre-Run: 118,818,652,160 バイトの空き領域
Post-Run: 118,478,340,096 バイトの空き領域

245

katana · Oct 28, 2008

Are the other computers having any problems ?

Spybot Report
Please retrieve the last scan that you did with Spybot

Open Spybot S&D
Click Mode (on the top bar)
Put a check next to Advanced. Click Yes at the prompt.
Click Tools (left hand column near the bottom)
Click View Report (left hand column near the top)
Put a tick next to
- Include results of last check in report
(make sure that the rest are unchecked)
Click View Report (top of page)
Click Export (top of page)
Save the report to your desktop

Please post this report in your reply

Azzurro · Oct 29, 2008

Spybot report.

Hello, Mr.Katana,
Thank you for the reply quickly.
I'm not sure other computers have problems or not.
I do not hear any other computers have problems currently.

Here is my spybot last report.
Thank you for your help.

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #1 (Undefined) (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer=208.67.220.220,208.67.222.222 1.2.3.4

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #2 (Undefined) (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E3BE59C8-D6A9-490D-9B9E-42E647D1967D}\DhcpNameServer=208.67.220.220,208.67.222.222 1.2.3.4

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-10-26 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi (*)
2008-10-14 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-22 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-07 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-10-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-10-08 Includes\Malware.sbi (*)
2008-10-22 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-10-14 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-10-22 Includes\Spyware.sbi (*)
2008-10-14 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-10-15 Includes\Trojans.sbi (*)
2008-10-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

katana · Oct 30, 2008

Those DNS settings are for OPEN DNS, they are safe.
At some point you must have set the tcp/ip settings to use a prefered address, Spybot is letting you know that the settings are not standard in case you were not aware of the change.

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

You can also delete any logs we have produced, and empty your Recycle bin.

The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy <<< A must have program
- It includes host protection and registry protection
- A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware <<< A New and effective program
a-squared Free <<< A good "realtime" or "on demand" scanner
superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    - Change the Download signed ActiveX controls to Prompt
    - Change the Download unsigned ActiveX controls to Disable
    - Change the Initialise and script ActiveX controls not marked as safe to Disable
    - Change the Installation of desktop items to Prompt
    - Change the Launching programs and files in an IFRAME to Prompt
    - Change the Navigate sub-frames across different domains to Prompt
    - When all these settings have been made, click on the OK button.
    - If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
- FireFox
  - With many addons available that make customization easy this is a very popular choice
  - NoScript and AdBlockPlus addons are essential
- Opera
  - Another popular alternative
- Netscape
  - Another popular alternative
  - Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Azzurro · Nov 1, 2008

Thank you very much for your help.

Hello, Mr.Katana,
Thank you very much for your help.
I do not know how to thank you enough.

Pop-up advertisements do not appear on the screen now.
Thank you for taking your time to help me much.

I appreciate you.

Azzurro

Azzurro · Nov 2, 2008

Pop-up advertisements again.

Hello, Mr.Katana,

Pop-ups appear again.
What is the cause?
My home Internet line has a problem?
I do not know what they appear.
Is a router a cause?
Please let me know if you have a chance.

Azzurro

katana · Nov 2, 2008

Please post a fresh RSIT log (see post #2)
Only one log will be produced this time.

Azzurro · Nov 4, 2008

RSIT Log

Hello, Mr.Katana,

I pasted RSIT log here.
Thank you for your help again.
In fact, I usually use iPhone to check web sites.
When I used browser safari to see a website at home,
pop-up advertisements appear on the iphone screen by using only my home's Internet line. If I connect another Internet line where is an another place,
Pop-ups do not appear on the screen.
There seems to be a problem on a router or the Internet line?
I do not have a chance to hear that other computers have problems or not.

Thank you very much.

Azzurro

Logfile of random's system information tool 1.04 (written by random/random)
Run by azzurro at 2008-11-03 17:50:04
MicrosoftR Windows Vista? Home Premium
System drive C: has 87 GB (65%) free of 134 GB
Total RAM: 2037 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:21, on 2008/11/03
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\azzurro\Desktop\RSIT.exe
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\azzurro.exe
C:\Windows\system32\SearchFilterHost.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: "アンチバナーへ追加" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ウェブアンチウイルス - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.f-secure.co.jp/ols/ols33/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0154591224999483) (0154591224999483mcinstcleanup) - Unknown owner - C:\Users\azzurro\AppData\Local\Temp\015459~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXUS 使用状況調査プログラム (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7913 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{EA35EBB3-0381-4A67-BA1E-60C4F94FD654}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-03-11 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-10-28 193136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll [2008-10-28 651760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-10-28 193136]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-10-09 463872]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-09-26 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-19 411768]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-06 4374528]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-06 55416]
"IME JPN 2007 Migration"=C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE [2007-08-23 66936]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-28 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
""= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe"="C:\Program Files\pandora.tv\Video Streamer\VideoStreamer.exe:*:Enabled:VideoStreamer.exe"
"C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe"="C:\Program Files\pandora.tv\Video Streamer\VSStream.exe:*:Enabled:VSStream.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0f4d5bf-a246-11dd-9a80-00a0d1796497}]
shell\AutoRun\command - I:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2008-11-03 01:15:19 ----D---- C:\Program Files\Shukusen
2008-11-03 01:12:02 ----D---- C:\ProgramData\trimde
2008-11-03 01:11:42 ----D---- C:\Program Files\trimde
2008-11-03 00:46:10 ----D---- C:\Users\azzurro\AppData\Roaming\Canon
2008-11-03 00:45:48 ----D---- C:\ProgramData\CanonIJPLM
2008-11-03 00:44:46 ----A---- C:\Windows\MAXLINK.INI
2008-11-03 00:44:44 ----D---- C:\ProgramData\InstallShield
2008-11-03 00:44:29 ----D---- C:\Users\azzurro\AppData\Roaming\ScanSoft
2008-11-03 00:43:56 ----D---- C:\ProgramData\ScanSoft
2008-11-03 00:43:56 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-11-03 00:43:08 ----D---- C:\Program Files\ScanSoft
2008-11-03 00:41:11 ----D---- C:\Program Files\Common Files\CANON
2008-11-03 00:38:05 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2008-11-03 00:37:24 ----HD---- C:\Program Files\CanonBJ
2008-11-03 00:36:38 ----D---- C:\Program Files\Canon
2008-11-02 22:20:31 ----D---- C:\Users\azzurro\AppData\Roaming\CravingExplorer
2008-11-02 21:52:28 ----D---- C:\Program Files\CravingExplorer
2008-11-01 17:35:24 ----D---- C:\Program Files\Simplify Media
2008-11-01 16:38:54 ----D---- C:\Program Files\Yahoo!
2008-11-01 16:38:43 ----D---- C:\Program Files\CCleaner
2008-11-01 16:25:48 ----D---- C:\Windows\Downloaded Installations
2008-11-01 16:12:47 ----D---- C:\Program Files\GRETECH
2008-11-01 10:11:00 ----D---- C:\Users\azzurro\AppData\Roaming\IBM
2008-10-31 21:21:32 ----D---- C:\Users\azzurro\AppData\Roaming\toshiba
2008-10-31 21:08:05 ----A---- C:\Windows\system32\msonpmon.dll
2008-10-31 21:00:33 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-10-31 19:09:43 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-10-31 19:02:55 ----A---- C:\Windows\system32\mfc71u.dll
2008-10-31 19:02:55 ----A---- C:\Windows\system32\Mfc42loc.dll
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71KOR.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71JPN.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71ITA.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71FRA.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71ESP.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71ENU.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71DEU.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71CHT.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71CHS.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\mfc71.dll
2008-10-31 19:02:39 ----D---- C:\Program Files\IBM Homepage Builder V12
2008-10-31 18:39:17 ----D---- C:\Program Files\DAEMON Tools Lite
2008-10-31 18:04:55 ----D---- C:\Users\azzurro\AppData\Roaming\DAEMON Tools
2008-10-31 17:50:15 ----D---- C:\ProgramData\TEMP
2008-10-31 17:50:03 ----D---- C:\Program Files\SpywareBlaster
2008-10-31 17:48:37 ----D---- C:\Users\azzurro\AppData\Roaming\WinPatrol
2008-10-31 17:48:29 ----D---- C:\Program Files\BillP Studios
2008-10-31 17:39:59 ----D---- C:\Windows\temp
2008-10-31 17:39:58 ----A---- C:\ComboFix.txt
2008-10-31 17:28:18 ----D---- C:\ComboFix
2008-10-31 16:32:38 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-31 16:05:28 ----A---- C:\Windows\system32\winipsec.dll
2008-10-31 16:05:28 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-10-31 16:05:28 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-10-31 16:05:27 ----A---- C:\Windows\system32\polstore.dll
2008-10-31 16:04:24 ----A---- C:\Windows\system32\riched32.dll
2008-10-31 16:04:24 ----A---- C:\Windows\system32\riched20.dll
2008-10-31 16:04:22 ----A---- C:\Windows\system32\rasser.dll
2008-10-31 16:04:22 ----A---- C:\Windows\system32\rasdiag.dll
2008-10-31 16:04:22 ----A---- C:\Windows\system32\rascfg.dll
2008-10-31 16:04:21 ----A---- C:\Windows\system32\rasmxs.dll
2008-10-31 16:04:21 ----A---- C:\Windows\system32\netcfgx.dll
2008-10-31 16:04:21 ----A---- C:\Windows\system32\msftedit.dll
2008-10-31 16:04:20 ----A---- C:\Windows\system32\ipnathlp.dll
2008-10-31 16:04:20 ----A---- C:\Windows\system32\icsunattend.exe
2008-10-31 16:04:19 ----A---- C:\Windows\system32\wshqos.dll
2008-10-31 16:04:19 ----A---- C:\Windows\system32\traffic.dll
2008-10-31 16:04:19 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-31 16:04:19 ----A---- C:\Windows\system32\localspl.dll
2008-10-31 16:04:18 ----A---- C:\Windows\system32\dps.dll
2008-10-31 16:04:18 ----A---- C:\Windows\system32\cdd.dll
2008-10-31 16:03:22 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-10-31 16:03:19 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-10-31 16:03:18 ----A---- C:\Windows\system32\gameux.dll
2008-10-31 16:02:09 ----A---- C:\Windows\system32\msoert2.dll
2008-10-31 16:02:09 ----A---- C:\Windows\system32\msoeacct.dll
2008-10-31 16:02:09 ----A---- C:\Windows\system32\ACCTRES.dll
2008-10-31 16:01:04 ----A---- C:\Windows\system32\wtsapi32.dll
2008-10-31 16:01:01 ----A---- C:\Windows\system32\sysmain.dll
2008-10-31 16:01:01 ----A---- C:\Windows\explorer.exe
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlansvc.dll
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlansec.dll
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlanmsm.dll
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlanhlp.dll
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlanapi.dll
2008-10-31 16:00:05 ----A---- C:\Windows\system32\WebClnt.dll
2008-10-31 15:59:14 ----A---- C:\Windows\system32\newdev.exe
2008-10-31 15:59:14 ----A---- C:\Windows\system32\newdev.dll
2008-10-31 15:56:20 ----A---- C:\Windows\system32\mcmde.dll
2008-10-31 15:56:20 ----A---- C:\Windows\system32\EncDec.dll
2008-10-31 15:56:19 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 15:55:20 ----A---- C:\Windows\system32\winsrv.dll
2008-10-31 15:55:20 ----A---- C:\Windows\system32\csrsrv.dll
2008-10-31 15:54:33 ----A---- C:\Windows\system32\RacEngn.dll
2008-10-31 15:51:15 ----A---- C:\Windows\system32\shell32.dll
2008-10-31 15:47:17 ----A---- C:\Windows\system32\tzres.dll
2008-10-31 15:45:59 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2008-10-31 15:44:47 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-31 15:43:13 ----A---- C:\Windows\system32\msscp.dll
2008-10-31 15:42:22 ----A---- C:\Windows\system32\wmploc.DLL
2008-10-31 15:42:21 ----A---- C:\Windows\system32\wmp.dll
2008-10-31 15:42:20 ----A---- C:\Windows\system32\spwmp.dll
2008-10-31 15:42:20 ----A---- C:\Windows\system32\dxmasf.dll
2008-10-31 15:42:19 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-10-31 15:41:10 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-10-31 15:41:09 ----A---- C:\Windows\system32\wfapigp.dll
2008-10-31 15:41:09 ----A---- C:\Windows\system32\MPSSVC.dll
2008-10-31 15:41:09 ----A---- C:\Windows\system32\icfupgd.dll
2008-10-31 15:41:09 ----A---- C:\Windows\system32\cmifw.dll
2008-10-31 15:41:08 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-10-31 15:40:21 ----A---- C:\Windows\system32\netapi32.dll
2008-10-31 15:36:46 ----A---- C:\Windows\system32\DWWIN.EXE
2008-10-31 15:36:08 ----A---- C:\Windows\system32\msxml3r.dll
2008-10-31 15:36:08 ----A---- C:\Windows\system32\msxml3.dll
2008-10-31 15:32:52 ----A---- C:\Windows\system32\hccoin.dll
2008-10-31 15:32:51 ----A---- C:\Windows\system32\hcrstco.dll
2008-10-31 15:31:28 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-10-31 15:31:28 ----A---- C:\Windows\system32\netiougc.exe
2008-10-31 15:31:28 ----A---- C:\Windows\system32\netcfg.exe
2008-10-31 15:30:42 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-10-31 15:30:42 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-10-31 15:30:42 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-10-31 15:30:41 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-10-31 15:30:41 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-10-31 15:30:41 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-10-31 15:30:41 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-10-31 15:30:40 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-10-31 15:30:40 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-10-31 15:30:39 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-10-31 15:30:39 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-10-31 15:30:38 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-10-31 15:30:37 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-10-31 15:30:36 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-10-31 15:30:35 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-10-31 15:30:35 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-10-31 15:30:34 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-10-31 15:30:34 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-10-31 15:30:33 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-10-31 15:30:32 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-10-31 15:30:32 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-10-31 15:30:31 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-10-31 15:30:31 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-10-31 15:30:30 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-10-31 15:30:30 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-10-31 15:30:29 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-10-31 15:30:29 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-10-31 15:30:29 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-10-31 15:30:28 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-10-31 15:30:27 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-10-31 15:30:27 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-10-31 15:30:26 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-10-31 15:30:26 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-10-31 15:30:26 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-10-31 15:30:25 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-10-31 15:30:25 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-10-31 15:30:24 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-10-31 15:30:23 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-10-31 15:30:23 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-10-31 15:30:23 ----A---- C:\Windows\system32\NlsData0045.dll
2008-10-31 15:30:22 ----A---- C:\Windows\system32\NlsData0049.dll
2008-10-31 15:30:22 ----A---- C:\Windows\system32\NlsData0047.dll
2008-10-31 15:30:22 ----A---- C:\Windows\system32\NlsData0046.dll
2008-10-31 15:30:21 ----A---- C:\Windows\system32\NlsData0039.dll
2008-10-31 15:30:21 ----A---- C:\Windows\system32\NlsData0021.dll
2008-10-31 15:30:21 ----A---- C:\Windows\system32\NlsData0020.dll
2008-10-31 15:30:20 ----A---- C:\Windows\system32\NlsData0027.dll
2008-10-31 15:30:20 ----A---- C:\Windows\system32\NlsData0026.dll
2008-10-31 15:30:20 ----A---- C:\Windows\system32\NlsData0024.dll
2008-10-31 15:30:20 ----A---- C:\Windows\system32\NlsData0022.dll
2008-10-31 15:30:19 ----A---- C:\Windows\system32\NlsData0011.dll
2008-10-31 15:30:19 ----A---- C:\Windows\system32\NlsData0010.dll
2008-10-31 15:30:18 ----A---- C:\Windows\system32\NlsData0018.dll
2008-10-31 15:30:18 ----A---- C:\Windows\system32\NlsData0013.dll
2008-10-31 15:30:18 ----A---- C:\Windows\system32\NlsData0000.dll
2008-10-31 15:30:17 ----A---- C:\Windows\system32\NlsData0019.dll
2008-10-31 15:30:17 ----A---- C:\Windows\system32\NlsData0002.dll
2008-10-31 15:30:17 ----A---- C:\Windows\system32\NlsData0001.dll
2008-10-31 15:30:16 ----A---- C:\Windows\system32\NlsData0007.dll
2008-10-31 15:30:16 ----A---- C:\Windows\system32\NlsData0003.dll
2008-10-31 15:30:15 ----A---- C:\Windows\system32\NlsData004b.dll
2008-10-31 15:30:15 ----A---- C:\Windows\system32\NlsData004a.dll
2008-10-31 15:30:15 ----A---- C:\Windows\system32\NlsData0009.dll
2008-10-31 15:30:14 ----A---- C:\Windows\system32\NlsData004e.dll
2008-10-31 15:30:14 ----A---- C:\Windows\system32\NlsData004c.dll
2008-10-31 15:30:14 ----A---- C:\Windows\system32\NlsData003e.dll
2008-10-31 15:30:13 ----A---- C:\Windows\system32\NlsData002a.dll
2008-10-31 15:30:13 ----A---- C:\Windows\system32\NlsData001b.dll
2008-10-31 15:30:13 ----A---- C:\Windows\system32\NlsData001a.dll
2008-10-31 15:30:12 ----A---- C:\Windows\system32\NlsData001d.dll
2008-10-31 15:30:11 ----A---- C:\Windows\system32\NlsData000f.dll
2008-10-31 15:30:11 ----A---- C:\Windows\system32\NlsData000d.dll
2008-10-31 15:30:11 ----A---- C:\Windows\system32\NlsData000c.dll
2008-10-31 15:30:11 ----A---- C:\Windows\system32\NlsData000a.dll
2008-10-31 15:30:10 ----A---- C:\Windows\system32\NlsData0416.dll
2008-10-31 15:30:10 ----A---- C:\Windows\system32\NlsData0414.dll
2008-10-31 15:30:09 ----A---- C:\Windows\system32\NlsData081a.dll
2008-10-31 15:30:09 ----A---- C:\Windows\system32\NlsData0816.dll
2008-10-31 15:30:09 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-10-31 15:30:08 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-10-31 15:30:08 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-10-31 15:24:48 ----A---- C:\Windows\system32\setupapi.dll
2008-10-31 15:24:14 ----A---- C:\Windows\system32\srdelayed.exe
2008-10-31 15:24:14 ----A---- C:\Windows\system32\srcore.dll
2008-10-31 15:24:14 ----A---- C:\Windows\system32\srclient.dll
2008-10-31 15:24:14 ----A---- C:\Windows\system32\rstrui.exe
2008-10-31 15:24:13 ----A---- C:\Windows\system32\wpd_ci.dll
2008-10-31 15:24:13 ----A---- C:\Windows\system32\winresume.exe
2008-10-31 15:24:13 ----A---- C:\Windows\system32\winload.exe
2008-10-31 15:24:13 ----A---- C:\Windows\system32\kd1394.dll
2008-10-31 15:24:13 ----A---- C:\Windows\system32\ci.dll
2008-10-31 15:24:12 ----A---- C:\Windows\system32\drvinst.exe
2008-10-31 15:24:12 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\oleaut32.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\nshhttp.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\kbd106n.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\dpx.dll
2008-10-31 15:24:10 ----A---- C:\Windows\system32\unlodctr.exe
2008-10-31 15:24:10 ----A---- C:\Windows\system32\prflbmsg.dll
2008-10-31 15:24:10 ----A---- C:\Windows\system32\lodctr.exe
2008-10-31 15:24:10 ----A---- C:\Windows\system32\loadperf.dll
2008-10-31 15:24:09 ----A---- C:\Windows\system32\schedsvc.dll
2008-10-31 15:24:09 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-10-31 15:24:08 ----A---- C:\Windows\system32\dispci.dll
2008-10-31 15:24:08 ----A---- C:\Windows\system32\batt.dll
2008-10-31 15:21:12 ----A---- C:\Windows\system32\WMASF.DLL
2008-10-31 15:21:12 ----A---- C:\Windows\system32\LAPRXY.DLL
2008-10-31 15:21:12 ----A---- C:\Windows\system32\asferror.dll
2008-10-31 15:18:35 ----A---- C:\Windows\system32\gdi32.dll
2008-10-31 15:17:55 ----A---- C:\Windows\system32\slwmi.dll
2008-10-31 15:17:55 ----A---- C:\Windows\system32\SLC.dll
2008-10-31 15:17:55 ----A---- C:\Windows\system32\mcbuilder.exe
2008-10-31 15:17:54 ----A---- C:\Windows\system32\SLUINotify.dll
2008-10-31 15:17:54 ----A---- C:\Windows\system32\SLUI.exe
2008-10-31 15:17:54 ----A---- C:\Windows\system32\SLLUA.exe
2008-10-31 15:17:54 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-10-31 15:17:53 ----A---- C:\Windows\system32\SLsvc.exe
2008-10-31 15:17:53 ----A---- C:\Windows\system32\slcinst.dll
2008-10-31 15:17:12 ----A---- C:\Windows\system32\msxml6r.dll
2008-10-31 15:17:12 ----A---- C:\Windows\system32\msxml6.dll
2008-10-31 15:16:06 ----A---- C:\Windows\system32\schannel.dll
2008-10-31 15:16:06 ----A---- C:\Windows\system32\ntprint.exe
2008-10-31 15:16:06 ----A---- C:\Windows\system32\ntprint.dll
2008-10-31 15:16:04 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-10-31 15:16:04 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-10-31 15:16:04 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2008-10-31 15:16:04 ----A---- C:\Windows\system32\authui.dll
2008-10-31 15:16:03 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-10-31 15:16:02 ----A---- C:\Windows\system32\msvfw32.dll
2008-10-31 15:16:02 ----A---- C:\Windows\system32\mciavi32.dll
2008-10-31 15:16:02 ----A---- C:\Windows\system32\avicap32.dll
2008-10-31 15:16:01 ----A---- C:\Windows\system32\sendmail.dll
2008-10-31 15:16:01 ----A---- C:\Windows\system32\msvidc32.dll
2008-10-31 15:16:01 ----A---- C:\Windows\system32\msrle32.dll
2008-10-31 15:16:01 ----A---- C:\Windows\system32\avifil32.dll
2008-10-31 15:15:22 ----A---- C:\Windows\system32\win32spl.dll
2008-10-31 15:15:22 ----A---- C:\Windows\system32\printcom.dll
2008-10-31 15:14:54 ----A---- C:\Windows\system32\wshrm.dll
2008-10-31 15:14:24 ----A---- C:\Windows\system32\sbunattend.exe
2008-10-31 15:13:37 ----A---- C:\Windows\system32\dnsrslvr.dll
2008-10-31 15:13:37 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-10-31 15:13:37 ----A---- C:\Windows\system32\dnsapi.dll
2008-10-31 15:04:10 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-31 15:03:26 ----A---- C:\Windows\system32\INETRES.dll
2008-10-31 15:03:26 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-31 15:02:58 ----A---- C:\Windows\system32\wmi.dll
2008-10-31 15:02:57 ----A---- C:\Windows\system32\imagehlp.dll
2008-10-31 15:02:32 ----A---- C:\Windows\system32\quartz.dll
2008-10-31 15:02:06 ----A---- C:\Windows\system32\msshsq.dll
2008-10-31 15:01:28 ----D---- C:\Program Files\MSXML 4.0
2008-10-31 15:01:08 ----A---- C:\Windows\system32\poqexec.exe
2008-10-31 15:00:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-31 15:00:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-31 14:59:57 ----A---- C:\Windows\system32\user32.dll
2008-10-31 14:57:45 ----A---- C:\Windows\system32\advpack.dll
2008-10-31 14:57:44 ----A---- C:\Windows\system32\wininet.dll
2008-10-31 14:57:44 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-31 14:57:44 ----A---- C:\Windows\system32\ieapfltr.dll
2008-10-31 14:57:43 ----A---- C:\Windows\system32\dxtrans.dll
2008-10-31 14:57:43 ----A---- C:\Windows\system32\dxtmsft.dll
2008-10-31 14:57:42 ----A---- C:\Windows\system32\ieui.dll
2008-10-31 14:57:42 ----A---- C:\Windows\system32\ieframe.dll
2008-10-31 14:57:40 ----A---- C:\Windows\system32\mshtmled.dll
2008-10-31 14:57:39 ----A---- C:\Windows\system32\mshtml.dll
2008-10-31 14:57:37 ----A---- C:\Windows\system32\mstime.dll
2008-10-31 14:57:37 ----A---- C:\Windows\system32\icardie.dll
2008-10-31 14:57:35 ----A---- C:\Windows\system32\ieUnatt.exe
2008-10-31 14:57:34 ----A---- C:\Windows\system32\urlmon.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\pngfilt.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\iesetup.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\iertutil.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\iernonce.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\ie4uinit.exe
2008-10-31 14:56:12 ----A---- C:\Windows\system32\qmgr.dll
2008-10-30 08:53:51 ----A---- C:\Windows\system32\wups2.dll
2008-10-30 08:53:51 ----A---- C:\Windows\system32\wucltux.dll
2008-10-30 08:53:51 ----A---- C:\Windows\system32\wuaueng.dll
2008-10-30 08:53:51 ----A---- C:\Windows\system32\wuauclt.exe
2008-10-30 08:52:57 ----A---- C:\Windows\system32\wups.dll
2008-10-30 08:52:57 ----A---- C:\Windows\system32\wudriver.dll
2008-10-30 08:52:56 ----A---- C:\Windows\system32\wuapi.dll
2008-10-30 08:52:13 ----A---- C:\Windows\system32\wuwebv.dll
2008-10-30 08:52:13 ----A---- C:\Windows\system32\wuapp.exe
2008-10-30 00:14:45 ----D---- C:\Program Files\Veoh Networks
2008-10-28 12:59:52 ----A---- C:\Windows\zip.exe
2008-10-28 12:59:52 ----A---- C:\Windows\VFIND.exe
2008-10-28 12:59:52 ----A---- C:\Windows\SWXCACLS.exe
2008-10-28 12:59:52 ----A---- C:\Windows\SWSC.exe
2008-10-28 12:59:52 ----A---- C:\Windows\SWREG.exe
2008-10-28 12:59:52 ----A---- C:\Windows\sed.exe
2008-10-28 12:59:52 ----A---- C:\Windows\NIRCMD.exe
2008-10-28 12:59:52 ----A---- C:\Windows\grep.exe
2008-10-28 12:59:52 ----A---- C:\Windows\fdsv.exe
2008-10-28 12:46:09 ----D---- C:\Windows\ERDNT
2008-10-28 12:46:09 ----D---- C:\Qoobox
2008-10-27 20:50:18 ----D---- C:\Program Files\Common Files\Adobe
2008-10-27 19:30:48 ----D---- C:\rsit
2008-10-27 19:23:31 ----D---- C:\Users\azzurro\AppData\Roaming\U3
2008-10-26 23:56:40 ----D---- C:\Windows\Minidump
2008-10-26 23:24:48 ----D---- C:\Users\azzurro\AppData\Roaming\skypePM
2008-10-26 23:24:17 ----D---- C:\Users\azzurro\AppData\Roaming\Skype
2008-10-26 23:22:20 ----D---- C:\Program Files\Skype
2008-10-26 23:22:20 ----D---- C:\Program Files\Common Files\Skype
2008-10-26 21:22:21 ----A---- C:\Users\azzurro\AppData\Roaming\SetValue.bat
2008-10-26 21:22:20 ----A---- C:\Users\azzurro\AppData\Roaming\GetValue.vbs
2008-10-26 21:20:09 ----A---- C:\Windows\system32\tmp.txt
2008-10-26 21:20:06 ----A---- C:\rapport.txt
2008-10-26 17:26:51 ----D---- C:\Users\azzurro\AppData\Roaming\Apple Computer
2008-10-26 17:26:39 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-26 17:26:39 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-26 17:26:14 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 17:26:14 ----D---- C:\Program Files\iPod
2008-10-26 17:26:13 ----D---- C:\Program Files\iTunes
2008-10-26 17:25:34 ----D---- C:\Program Files\Bonjour
2008-10-26 17:24:55 ----D---- C:\Program Files\QuickTime
2008-10-26 17:24:53 ----D---- C:\ProgramData\Apple Computer
2008-10-26 17:24:15 ----D---- C:\Program Files\Apple Software Update
2008-10-26 17:23:00 ----D---- C:\Program Files\Common Files\Apple
2008-10-26 17:22:59 ----D---- C:\ProgramData\Apple
2008-10-26 10:41:41 ----D---- C:\Users\azzurro\AppData\Roaming\WinRAR
2008-10-26 09:56:41 ----D---- C:\Program Files\Microsoft Works
2008-10-26 09:56:14 ----D---- C:\Program Files\Microsoft Visual Studio
2008-10-26 09:56:14 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-26 09:56:00 ----D---- C:\Windows\PCHEALTH
2008-10-26 09:56:00 ----D---- C:\Program Files\Microsoft.NET
2008-10-26 09:52:56 ----D---- C:\Program Files\Microsoft Office
2008-10-26 09:52:54 ----D---- C:\ProgramData\Microsoft Help
2008-10-26 09:52:11 ----RHD---- C:\MSOCache
2008-10-26 00:31:11 ----D---- C:\Windows\SoftwareDistribution
2008-10-25 22:11:44 ----D---- C:\ProgramData\Kaspersky Lab
2008-10-25 22:11:44 ----D---- C:\Program Files\Kaspersky Lab
2008-10-25 21:42:28 ----D---- C:\Users\azzurro\AppData\Roaming\GlarySoft
2008-10-25 20:07:45 ----D---- C:\Users\azzurro\AppData\Roaming\Malwarebytes
2008-10-25 20:07:41 ----D---- C:\ProgramData\Malwarebytes
2008-10-25 00:56:16 ----HD---- C:\ProgramData\CanonBJ
2008-10-25 00:54:58 ----A---- C:\Windows\system32\CNMLM8U.DLL
2008-10-25 00:24:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-25 00:24:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-24 21:06:07 ----D---- C:\Users\azzurro\AppData\Roaming\Macromedia
2008-10-24 21:04:27 ----A---- C:\Windows\system32\PanInstaller.dll
2008-10-24 21:04:25 ----A---- C:\Windows\system32\FirstLoad.dll
2008-10-24 21:04:20 ----D---- C:\Program Files\PANDORA.TV
2008-10-24 21:04:09 ----D---- C:\Temp
2008-10-24 21:02:04 ----D---- C:\Users\azzurro\AppData\Roaming\Adobe
2008-10-24 20:44:23 ----D---- C:\Users\azzurro\AppData\Roaming\Mozilla
2008-10-24 20:44:14 ----D---- C:\Program Files\Mozilla Firefox
2008-10-24 20:43:22 ----N---- C:\Windows\system32\vxblock.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxwave.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxsfs.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxmas.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxinsa64.exe
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxhpinst.exe
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxdrv.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxcpya64.exe
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxafs.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\px.dll
2008-10-24 20:43:19 ----D---- C:\Users\azzurro\AppData\Roaming\Winamp
2008-10-24 20:43:19 ----D---- C:\Program Files\Winamp
2008-10-24 20:41:23 ----A---- C:\Windows\system32\rmoc3260.dll
2008-10-24 20:41:23 ----A---- C:\Windows\system32\pndx5032.dll
2008-10-24 20:41:23 ----A---- C:\Windows\system32\pndx5016.dll
2008-10-24 20:41:23 ----A---- C:\Windows\system32\pncrt.dll
2008-10-24 20:41:22 ----A---- C:\Windows\system32\unrar.dll
2008-10-24 20:41:22 ----A---- C:\Windows\avisplitter.ini
2008-10-24 20:41:19 ----A---- C:\Windows\system32\yv12vfw.dll
2008-10-24 20:41:19 ----A---- C:\Windows\system32\xvidvfw.dll
2008-10-24 20:41:19 ----A---- C:\Windows\system32\xvidcore.dll
2008-10-24 20:41:18 ----A---- C:\Windows\system32\qt-dx331.dll
2008-10-24 20:41:18 ----A---- C:\Windows\system32\dpl100.dll
2008-10-24 20:41:18 ----A---- C:\Windows\system32\divx.dll
2008-10-24 20:41:17 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-10-24 20:41:17 ----A---- C:\Windows\system32\ff_vfw.dll
2008-10-24 20:41:16 ----A---- C:\Windows\system32\msvcr71.dll
2008-10-24 20:41:16 ----A---- C:\Windows\system32\msvcp71.dll
2008-10-24 20:41:15 ----D---- C:\Users\azzurro\AppData\Roaming\Real
2008-10-24 20:41:15 ----D---- C:\ProgramData\Real
2008-10-24 20:41:15 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-24 20:39:29 ----D---- C:\Users\azzurro\AppData\Roaming\Google
2008-10-24 20:39:14 ----D---- C:\ProgramData\Google
2008-10-24 20:39:11 ----D---- C:\Program Files\Google
2008-10-24 20:37:55 ----D---- C:\ProgramData\Skype
2008-10-24 20:37:06 ----D---- C:\Program Files\KeyHoleTV
2008-10-24 20:36:44 ----D---- C:\Program Files\WinRAR
2008-10-24 20:36:08 ----D---- C:\Users\azzurro\AppData\Roaming\Media Player Classic
2008-10-24 20:22:57 ----D---- C:\Program Files\TeraPad
2008-10-24 19:47:51 ----D---- C:\Users\azzurro\AppData\Roaming\goo
2008-10-24 19:46:29 ----D---- C:\Program Files\Trend Micro
2008-10-24 19:40:15 ----A---- C:\Windows\NDSTray.INI
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizeW7.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizePX.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizeP6.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizeM6.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizeA6.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresize.dll
2008-10-24 19:39:17 ----D---- C:\Windows\RegisteredPackages
2008-10-24 19:39:09 ----D---- C:\Program Files\Windows Media Components
2008-10-24 19:35:11 ----D---- C:\Program Files\Ulead Systems
2008-10-24 19:35:11 ----D---- C:\Program Files\Common Files\Ulead Systems
2008-10-24 19:35:10 ----D---- C:\ProgramData\Ulead Systems
2008-10-24 19:31:42 ----D---- C:\Program Files\McAfee.com
2008-10-24 19:31:40 ----D---- C:\Program Files\Common Files\McAfee
2008-10-24 19:31:08 ----D---- C:\Program Files\McAfee
2008-10-24 19:30:53 ----D---- C:\ProgramData\Toshiba
2008-10-24 19:30:50 ----D---- C:\ProgramData\McAfee
2008-10-24 19:30:20 ----D---- C:\Users\azzurro\AppData\Roaming\Identities
2008-10-24 19:30:10 ----SD---- C:\Users\azzurro\AppData\Roaming\Microsoft
2008-10-24 19:30:10 ----D---- C:\Users\azzurro\AppData\Roaming\Media Center Programs
2008-10-24 19:25:40 ----D---- C:\Windows\SoftwareDistributionOLD
2008-10-24 19:24:22 ----D---- C:\Program Files\goo
2008-10-24 19:24:16 ----HD---- C:\Windows\msdownld.tmp
2008-10-24 19:23:30 ----D---- C:\Windows\Options
2008-10-24 19:23:30 ----D---- C:\Program Files\Atheros
2008-10-24 19:23:13 ----D---- C:\ProgramData\Atheros
2008-10-24 19:17:43 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2008-11-03 17:45:18 ----D---- C:\Windows\System32
2008-11-03 17:45:18 ----D---- C:\Windows\inf
2008-11-03 17:45:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-03 17:43:54 ----HD---- C:\ProgramData
2008-11-03 01:15:19 ----RD---- C:\Program Files
2008-11-03 01:15:08 ----D---- C:\Windows\system32\Tasks
2008-11-03 00:44:47 ----SHD---- C:\Windows\Installer
2008-11-03 00:44:46 ----D---- C:\Windows
2008-11-03 00:44:40 ----D---- C:\Windows\winsxs
2008-11-03 00:43:56 ----D---- C:\Program Files\Common Files
2008-11-03 00:43:54 ----SD---- C:\Windows\Downloaded Program Files
2008-11-03 00:43:54 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-02 03:04:14 ----D---- C:\Windows\system32\catroot2
2008-11-01 16:44:46 ----D---- C:\Windows\Debug
2008-11-01 16:38:57 ----D---- C:\Windows\Prefetch
2008-11-01 16:30:40 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-31 21:08:15 ----RSD---- C:\Windows\assembly
2008-10-31 21:05:59 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-31 21:05:53 ----D---- C:\Program Files\MSBuild
2008-10-31 21:05:21 ----D---- C:\Windows\ShellNew
2008-10-31 21:04:30 ----RSD---- C:\Windows\Fonts
2008-10-31 21:04:09 ----SD---- C:\ProgramData\Microsoft
2008-10-31 20:59:51 ----A---- C:\Windows\win.ini
2008-10-31 18:05:17 ----D---- C:\Windows\system32\drivers
2008-10-31 17:57:47 ----D---- C:\Windows\Logs
2008-10-31 17:37:55 ----A---- C:\Windows\system.ini
2008-10-31 17:32:00 ----D---- C:\Windows\AppPatch
2008-10-31 17:28:18 ----D---- C:\Windows\system32\en-US
2008-10-31 16:37:40 ----D---- C:\Windows\system32\catroot
2008-10-31 16:19:41 ----D---- C:\Windows\Microsoft.NET
2008-10-31 16:16:58 ----ASH---- C:\Program Files\desktop.ini
2008-10-31 16:16:40 ----D---- C:\Windows\rescache
2008-10-31 16:10:32 ----D---- C:\Windows\system32\ras
2008-10-31 16:10:32 ----D---- C:\Program Files\Windows Calendar
2008-10-31 16:10:31 ----D---- C:\Windows\system32\icsxml
2008-10-31 16:10:28 ----D---- C:\Program Files\Windows Mail
2008-10-31 16:10:28 ----D---- C:\Program Files\Common Files\System
2008-10-31 16:10:27 ----D---- C:\Windows\system32\wbem
2008-10-31 16:10:26 ----D---- C:\Windows\system32\XPSViewer
2008-10-31 16:10:26 ----D---- C:\Windows\ehome
2008-10-31 16:10:25 ----D---- C:\Program Files\Windows Defender
2008-10-31 16:10:23 ----D---- C:\Windows\system32\ja-JP
2008-10-31 16:10:23 ----D---- C:\Windows\servicing
2008-10-31 16:10:23 ----D---- C:\Program Files\Windows Media Player
2008-10-31 16:10:21 ----D---- C:\Windows\system32\migration
2008-10-31 16:10:17 ----D---- C:\Windows\system32\SLUI
2008-10-31 16:10:14 ----D---- C:\Program Files\Windows Sidebar
2008-10-31 16:10:11 ----D---- C:\Program Files\Internet Explorer
2008-10-31 15:06:29 ----D---- C:\Windows\system32\WDI
2008-10-28 12:39:36 ----D---- C:\Windows\system32\LogFiles
2008-10-27 20:51:14 ----D---- C:\Program Files\Adobe
2008-10-27 20:50:29 ----D---- C:\ProgramData\Adobe
2008-10-25 23:27:57 ----D---- C:\Windows\Tasks
2008-10-25 22:00:10 ----D---- C:\Windows\system32\NDF
2008-10-25 00:54:12 ----RSD---- C:\Windows\Media
2008-10-25 00:53:54 ----D---- C:\Windows\twain_32
2008-10-24 19:39:39 ----D---- C:\Program Files\InterVideo
2008-10-24 19:30:36 ----SHD---- C:\$Recycle.Bin
2008-10-24 19:30:10 ----RD---- C:\Users
2008-10-24 19:26:01 ----D---- C:\Program Files\Windows NT
2008-10-24 19:24:28 ----D---- C:\TOSAPINS
2008-10-24 19:23:16 ----D---- C:\Windows\system32\restore
2008-10-24 19:21:02 ----D---- C:\Windows\Panther
2008-10-07 11:19:42 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-10-25 216080]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-29 919552]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-31 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-06 1739816]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-10-31 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-17 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-23 290304]
R3 usbscan;USB スキャナドライバ; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-08 221696]
S3 a7b2f273;a7b2f273; C:\Windows\system32\drivers\a7b2f273.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\Users\azzurro\AppData\Local\Temp\Low\OnlineScanner\Anti-Virus\fsgk.sys []
S3 HdAudAddService;Microsoft 1.1 UAA ファンクションドライバ (High Definition Audio 用) サービス; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys [2008-10-25 216080]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbvideo;USB ビデオデバイス (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 Bonjour Service;Bonjour サービス; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 IJPLMSVC;PIXUS 使用状況調査プログラム; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2006-12-19 428152]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-22 49152]
S2 0154591224999483mcinstcleanup;McAfee Application Installer Cleanup (0154591224999483); C:\Users\azzurro\AppData\Local\Temp\015459~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-28 156656]
S3 iPod Service;iPod サービス; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Azzurro · Nov 4, 2008

RSIT Log

Hello, Mr.Katana,

I pasted RSIT log here.
Thank you for your help again.
In fact, I usually use iPhone to check web sites.
When I used browser safari to see a website at home,
pop-up advertisements appear on the iphone screen
by using only my home's Internet line. If I connect another Internet line where is an another place, Pop-ups do not appear on the screen.
Besides, I cannot see several web sites frequently and the web sites
which I cannot see are changing. I could see yahoo yesterday, but, a few days later, I couldn't see yahoo. I cannot connect to windows update by using my home's Internet line, but If I used another place's Internet line,
I can connect to widows update and see any web sites.
There seems to be a problem on a router or the Internet line?
I do not have a chance to hear that other computers have problems or not.

Thank you very much.

Azzurro

Logfile of random's system information tool 1.04 (written by random/random)
Run by azzurro at 2008-11-03 17:50:04
MicrosoftR Windows Vista? Home Premium
System drive C: has 87 GB (65%) free of 134 GB
Total RAM: 2037 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:21, on 2008/11/03
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\azzurro\Desktop\RSIT.exe
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\azzurro.exe
C:\Windows\system32\SearchFilterHost.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: "アンチバナーへ追加" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ウェブアンチウイルス - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.f-secure.co.jp/ols/ols33/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0154591224999483) (0154591224999483mcinstcleanup) - Unknown owner - C:\Users\azzurro\AppData\Local\Temp\015459~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXUS 使用状況調査プログラム (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7913 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{EA35EBB3-0381-4A67-BA1E-60C4F94FD654}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-03-11 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-10-28 193136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll [2008-10-28 651760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-10-28 193136]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-10-09 463872]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-09-26 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-19 411768]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-06 4374528]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-06 55416]
"IME JPN 2007 Migration"=C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE [2007-08-23 66936]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-28 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
""= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe"="C:\Program Files\pandora.tv\Video Streamer\VideoStreamer.exe:*:Enabled:VideoStreamer.exe"
"C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe"="C:\Program Files\pandora.tv\Video Streamer\VSStream.exe:*:Enabled:VSStream.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0f4d5bf-a246-11dd-9a80-00a0d1796497}]
shell\AutoRun\command - I:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2008-11-03 01:15:19 ----D---- C:\Program Files\Shukusen
2008-11-03 01:12:02 ----D---- C:\ProgramData\trimde
2008-11-03 01:11:42 ----D---- C:\Program Files\trimde
2008-11-03 00:46:10 ----D---- C:\Users\azzurro\AppData\Roaming\Canon
2008-11-03 00:45:48 ----D---- C:\ProgramData\CanonIJPLM
2008-11-03 00:44:46 ----A---- C:\Windows\MAXLINK.INI
2008-11-03 00:44:44 ----D---- C:\ProgramData\InstallShield
2008-11-03 00:44:29 ----D---- C:\Users\azzurro\AppData\Roaming\ScanSoft
2008-11-03 00:43:56 ----D---- C:\ProgramData\ScanSoft
2008-11-03 00:43:56 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-11-03 00:43:08 ----D---- C:\Program Files\ScanSoft
2008-11-03 00:41:11 ----D---- C:\Program Files\Common Files\CANON
2008-11-03 00:38:05 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2008-11-03 00:37:24 ----HD---- C:\Program Files\CanonBJ
2008-11-03 00:36:38 ----D---- C:\Program Files\Canon
2008-11-02 22:20:31 ----D---- C:\Users\azzurro\AppData\Roaming\CravingExplorer
2008-11-02 21:52:28 ----D---- C:\Program Files\CravingExplorer
2008-11-01 17:35:24 ----D---- C:\Program Files\Simplify Media
2008-11-01 16:38:54 ----D---- C:\Program Files\Yahoo!
2008-11-01 16:38:43 ----D---- C:\Program Files\CCleaner
2008-11-01 16:25:48 ----D---- C:\Windows\Downloaded Installations
2008-11-01 16:12:47 ----D---- C:\Program Files\GRETECH
2008-11-01 10:11:00 ----D---- C:\Users\azzurro\AppData\Roaming\IBM
2008-10-31 21:21:32 ----D---- C:\Users\azzurro\AppData\Roaming\toshiba
2008-10-31 21:08:05 ----A---- C:\Windows\system32\msonpmon.dll
2008-10-31 21:00:33 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-10-31 19:09:43 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-10-31 19:02:55 ----A---- C:\Windows\system32\mfc71u.dll
2008-10-31 19:02:55 ----A---- C:\Windows\system32\Mfc42loc.dll
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71KOR.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71JPN.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71ITA.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71FRA.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71ESP.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71ENU.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71DEU.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71CHT.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\MFC71CHS.DLL
2008-10-31 19:02:54 ----A---- C:\Windows\system32\mfc71.dll
2008-10-31 19:02:39 ----D---- C:\Program Files\IBM Homepage Builder V12
2008-10-31 18:39:17 ----D---- C:\Program Files\DAEMON Tools Lite
2008-10-31 18:04:55 ----D---- C:\Users\azzurro\AppData\Roaming\DAEMON Tools
2008-10-31 17:50:15 ----D---- C:\ProgramData\TEMP
2008-10-31 17:50:03 ----D---- C:\Program Files\SpywareBlaster
2008-10-31 17:48:37 ----D---- C:\Users\azzurro\AppData\Roaming\WinPatrol
2008-10-31 17:48:29 ----D---- C:\Program Files\BillP Studios
2008-10-31 17:39:59 ----D---- C:\Windows\temp
2008-10-31 17:39:58 ----A---- C:\ComboFix.txt
2008-10-31 17:28:18 ----D---- C:\ComboFix
2008-10-31 16:32:38 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-31 16:05:28 ----A---- C:\Windows\system32\winipsec.dll
2008-10-31 16:05:28 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-10-31 16:05:28 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-10-31 16:05:27 ----A---- C:\Windows\system32\polstore.dll
2008-10-31 16:04:24 ----A---- C:\Windows\system32\riched32.dll
2008-10-31 16:04:24 ----A---- C:\Windows\system32\riched20.dll
2008-10-31 16:04:22 ----A---- C:\Windows\system32\rasser.dll
2008-10-31 16:04:22 ----A---- C:\Windows\system32\rasdiag.dll
2008-10-31 16:04:22 ----A---- C:\Windows\system32\rascfg.dll
2008-10-31 16:04:21 ----A---- C:\Windows\system32\rasmxs.dll
2008-10-31 16:04:21 ----A---- C:\Windows\system32\netcfgx.dll
2008-10-31 16:04:21 ----A---- C:\Windows\system32\msftedit.dll
2008-10-31 16:04:20 ----A---- C:\Windows\system32\ipnathlp.dll
2008-10-31 16:04:20 ----A---- C:\Windows\system32\icsunattend.exe
2008-10-31 16:04:19 ----A---- C:\Windows\system32\wshqos.dll
2008-10-31 16:04:19 ----A---- C:\Windows\system32\traffic.dll
2008-10-31 16:04:19 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-31 16:04:19 ----A---- C:\Windows\system32\localspl.dll
2008-10-31 16:04:18 ----A---- C:\Windows\system32\dps.dll
2008-10-31 16:04:18 ----A---- C:\Windows\system32\cdd.dll
2008-10-31 16:03:22 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-10-31 16:03:19 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-10-31 16:03:18 ----A---- C:\Windows\system32\gameux.dll
2008-10-31 16:02:09 ----A---- C:\Windows\system32\msoert2.dll
2008-10-31 16:02:09 ----A---- C:\Windows\system32\msoeacct.dll
2008-10-31 16:02:09 ----A---- C:\Windows\system32\ACCTRES.dll
2008-10-31 16:01:04 ----A---- C:\Windows\system32\wtsapi32.dll
2008-10-31 16:01:01 ----A---- C:\Windows\system32\sysmain.dll
2008-10-31 16:01:01 ----A---- C:\Windows\explorer.exe
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlansvc.dll
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlansec.dll
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlanmsm.dll
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlanhlp.dll
2008-10-31 16:00:58 ----A---- C:\Windows\system32\wlanapi.dll
2008-10-31 16:00:05 ----A---- C:\Windows\system32\WebClnt.dll
2008-10-31 15:59:14 ----A---- C:\Windows\system32\newdev.exe
2008-10-31 15:59:14 ----A---- C:\Windows\system32\newdev.dll
2008-10-31 15:56:20 ----A---- C:\Windows\system32\mcmde.dll
2008-10-31 15:56:20 ----A---- C:\Windows\system32\EncDec.dll
2008-10-31 15:56:19 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 15:55:20 ----A---- C:\Windows\system32\winsrv.dll
2008-10-31 15:55:20 ----A---- C:\Windows\system32\csrsrv.dll
2008-10-31 15:54:33 ----A---- C:\Windows\system32\RacEngn.dll
2008-10-31 15:51:15 ----A---- C:\Windows\system32\shell32.dll
2008-10-31 15:47:17 ----A---- C:\Windows\system32\tzres.dll
2008-10-31 15:45:59 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2008-10-31 15:44:47 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-31 15:43:13 ----A---- C:\Windows\system32\msscp.dll
2008-10-31 15:42:22 ----A---- C:\Windows\system32\wmploc.DLL
2008-10-31 15:42:21 ----A---- C:\Windows\system32\wmp.dll
2008-10-31 15:42:20 ----A---- C:\Windows\system32\spwmp.dll
2008-10-31 15:42:20 ----A---- C:\Windows\system32\dxmasf.dll
2008-10-31 15:42:19 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-10-31 15:41:10 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-10-31 15:41:09 ----A---- C:\Windows\system32\wfapigp.dll
2008-10-31 15:41:09 ----A---- C:\Windows\system32\MPSSVC.dll
2008-10-31 15:41:09 ----A---- C:\Windows\system32\icfupgd.dll
2008-10-31 15:41:09 ----A---- C:\Windows\system32\cmifw.dll
2008-10-31 15:41:08 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-10-31 15:40:21 ----A---- C:\Windows\system32\netapi32.dll
2008-10-31 15:36:46 ----A---- C:\Windows\system32\DWWIN.EXE
2008-10-31 15:36:08 ----A---- C:\Windows\system32\msxml3r.dll
2008-10-31 15:36:08 ----A---- C:\Windows\system32\msxml3.dll
2008-10-31 15:32:52 ----A---- C:\Windows\system32\hccoin.dll
2008-10-31 15:32:51 ----A---- C:\Windows\system32\hcrstco.dll
2008-10-31 15:31:28 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-10-31 15:31:28 ----A---- C:\Windows\system32\netiougc.exe
2008-10-31 15:31:28 ----A---- C:\Windows\system32\netcfg.exe
2008-10-31 15:30:42 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-10-31 15:30:42 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-10-31 15:30:42 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-10-31 15:30:41 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-10-31 15:30:41 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-10-31 15:30:41 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-10-31 15:30:41 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-10-31 15:30:40 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-10-31 15:30:40 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-10-31 15:30:39 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-10-31 15:30:39 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-10-31 15:30:38 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-10-31 15:30:37 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-10-31 15:30:36 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-10-31 15:30:35 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-10-31 15:30:35 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-10-31 15:30:34 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-10-31 15:30:34 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-10-31 15:30:33 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-10-31 15:30:32 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-10-31 15:30:32 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-10-31 15:30:31 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-10-31 15:30:31 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-10-31 15:30:30 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-10-31 15:30:30 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-10-31 15:30:29 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-10-31 15:30:29 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-10-31 15:30:29 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-10-31 15:30:28 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-10-31 15:30:27 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-10-31 15:30:27 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-10-31 15:30:26 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-10-31 15:30:26 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-10-31 15:30:26 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-10-31 15:30:25 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-10-31 15:30:25 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-10-31 15:30:24 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-10-31 15:30:23 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-10-31 15:30:23 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-10-31 15:30:23 ----A---- C:\Windows\system32\NlsData0045.dll
2008-10-31 15:30:22 ----A---- C:\Windows\system32\NlsData0049.dll
2008-10-31 15:30:22 ----A---- C:\Windows\system32\NlsData0047.dll
2008-10-31 15:30:22 ----A---- C:\Windows\system32\NlsData0046.dll
2008-10-31 15:30:21 ----A---- C:\Windows\system32\NlsData0039.dll
2008-10-31 15:30:21 ----A---- C:\Windows\system32\NlsData0021.dll
2008-10-31 15:30:21 ----A---- C:\Windows\system32\NlsData0020.dll
2008-10-31 15:30:20 ----A---- C:\Windows\system32\NlsData0027.dll
2008-10-31 15:30:20 ----A---- C:\Windows\system32\NlsData0026.dll
2008-10-31 15:30:20 ----A---- C:\Windows\system32\NlsData0024.dll
2008-10-31 15:30:20 ----A---- C:\Windows\system32\NlsData0022.dll
2008-10-31 15:30:19 ----A---- C:\Windows\system32\NlsData0011.dll
2008-10-31 15:30:19 ----A---- C:\Windows\system32\NlsData0010.dll
2008-10-31 15:30:18 ----A---- C:\Windows\system32\NlsData0018.dll
2008-10-31 15:30:18 ----A---- C:\Windows\system32\NlsData0013.dll
2008-10-31 15:30:18 ----A---- C:\Windows\system32\NlsData0000.dll
2008-10-31 15:30:17 ----A---- C:\Windows\system32\NlsData0019.dll
2008-10-31 15:30:17 ----A---- C:\Windows\system32\NlsData0002.dll
2008-10-31 15:30:17 ----A---- C:\Windows\system32\NlsData0001.dll
2008-10-31 15:30:16 ----A---- C:\Windows\system32\NlsData0007.dll
2008-10-31 15:30:16 ----A---- C:\Windows\system32\NlsData0003.dll
2008-10-31 15:30:15 ----A---- C:\Windows\system32\NlsData004b.dll
2008-10-31 15:30:15 ----A---- C:\Windows\system32\NlsData004a.dll
2008-10-31 15:30:15 ----A---- C:\Windows\system32\NlsData0009.dll
2008-10-31 15:30:14 ----A---- C:\Windows\system32\NlsData004e.dll
2008-10-31 15:30:14 ----A---- C:\Windows\system32\NlsData004c.dll
2008-10-31 15:30:14 ----A---- C:\Windows\system32\NlsData003e.dll
2008-10-31 15:30:13 ----A---- C:\Windows\system32\NlsData002a.dll
2008-10-31 15:30:13 ----A---- C:\Windows\system32\NlsData001b.dll
2008-10-31 15:30:13 ----A---- C:\Windows\system32\NlsData001a.dll
2008-10-31 15:30:12 ----A---- C:\Windows\system32\NlsData001d.dll
2008-10-31 15:30:11 ----A---- C:\Windows\system32\NlsData000f.dll
2008-10-31 15:30:11 ----A---- C:\Windows\system32\NlsData000d.dll
2008-10-31 15:30:11 ----A---- C:\Windows\system32\NlsData000c.dll
2008-10-31 15:30:11 ----A---- C:\Windows\system32\NlsData000a.dll
2008-10-31 15:30:10 ----A---- C:\Windows\system32\NlsData0416.dll
2008-10-31 15:30:10 ----A---- C:\Windows\system32\NlsData0414.dll
2008-10-31 15:30:09 ----A---- C:\Windows\system32\NlsData081a.dll
2008-10-31 15:30:09 ----A---- C:\Windows\system32\NlsData0816.dll
2008-10-31 15:30:09 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-10-31 15:30:08 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-10-31 15:30:08 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-10-31 15:24:48 ----A---- C:\Windows\system32\setupapi.dll
2008-10-31 15:24:14 ----A---- C:\Windows\system32\srdelayed.exe
2008-10-31 15:24:14 ----A---- C:\Windows\system32\srcore.dll
2008-10-31 15:24:14 ----A---- C:\Windows\system32\srclient.dll
2008-10-31 15:24:14 ----A---- C:\Windows\system32\rstrui.exe
2008-10-31 15:24:13 ----A---- C:\Windows\system32\wpd_ci.dll
2008-10-31 15:24:13 ----A---- C:\Windows\system32\winresume.exe
2008-10-31 15:24:13 ----A---- C:\Windows\system32\winload.exe
2008-10-31 15:24:13 ----A---- C:\Windows\system32\kd1394.dll
2008-10-31 15:24:13 ----A---- C:\Windows\system32\ci.dll
2008-10-31 15:24:12 ----A---- C:\Windows\system32\drvinst.exe
2008-10-31 15:24:12 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\oleaut32.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\nshhttp.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\kbd106n.dll
2008-10-31 15:24:11 ----A---- C:\Windows\system32\dpx.dll
2008-10-31 15:24:10 ----A---- C:\Windows\system32\unlodctr.exe
2008-10-31 15:24:10 ----A---- C:\Windows\system32\prflbmsg.dll
2008-10-31 15:24:10 ----A---- C:\Windows\system32\lodctr.exe
2008-10-31 15:24:10 ----A---- C:\Windows\system32\loadperf.dll
2008-10-31 15:24:09 ----A---- C:\Windows\system32\schedsvc.dll
2008-10-31 15:24:09 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-10-31 15:24:08 ----A---- C:\Windows\system32\dispci.dll
2008-10-31 15:24:08 ----A---- C:\Windows\system32\batt.dll
2008-10-31 15:21:12 ----A---- C:\Windows\system32\WMASF.DLL
2008-10-31 15:21:12 ----A---- C:\Windows\system32\LAPRXY.DLL
2008-10-31 15:21:12 ----A---- C:\Windows\system32\asferror.dll
2008-10-31 15:18:35 ----A---- C:\Windows\system32\gdi32.dll
2008-10-31 15:17:55 ----A---- C:\Windows\system32\slwmi.dll
2008-10-31 15:17:55 ----A---- C:\Windows\system32\SLC.dll
2008-10-31 15:17:55 ----A---- C:\Windows\system32\mcbuilder.exe
2008-10-31 15:17:54 ----A---- C:\Windows\system32\SLUINotify.dll
2008-10-31 15:17:54 ----A---- C:\Windows\system32\SLUI.exe
2008-10-31 15:17:54 ----A---- C:\Windows\system32\SLLUA.exe
2008-10-31 15:17:54 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-10-31 15:17:53 ----A---- C:\Windows\system32\SLsvc.exe
2008-10-31 15:17:53 ----A---- C:\Windows\system32\slcinst.dll
2008-10-31 15:17:12 ----A---- C:\Windows\system32\msxml6r.dll
2008-10-31 15:17:12 ----A---- C:\Windows\system32\msxml6.dll
2008-10-31 15:16:06 ----A---- C:\Windows\system32\schannel.dll
2008-10-31 15:16:06 ----A---- C:\Windows\system32\ntprint.exe
2008-10-31 15:16:06 ----A---- C:\Windows\system32\ntprint.dll
2008-10-31 15:16:04 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-10-31 15:16:04 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-10-31 15:16:04 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2008-10-31 15:16:04 ----A---- C:\Windows\system32\authui.dll
2008-10-31 15:16:03 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-10-31 15:16:02 ----A---- C:\Windows\system32\msvfw32.dll
2008-10-31 15:16:02 ----A---- C:\Windows\system32\mciavi32.dll
2008-10-31 15:16:02 ----A---- C:\Windows\system32\avicap32.dll
2008-10-31 15:16:01 ----A---- C:\Windows\system32\sendmail.dll
2008-10-31 15:16:01 ----A---- C:\Windows\system32\msvidc32.dll
2008-10-31 15:16:01 ----A---- C:\Windows\system32\msrle32.dll
2008-10-31 15:16:01 ----A---- C:\Windows\system32\avifil32.dll
2008-10-31 15:15:22 ----A---- C:\Windows\system32\win32spl.dll
2008-10-31 15:15:22 ----A---- C:\Windows\system32\printcom.dll
2008-10-31 15:14:54 ----A---- C:\Windows\system32\wshrm.dll
2008-10-31 15:14:24 ----A---- C:\Windows\system32\sbunattend.exe
2008-10-31 15:13:37 ----A---- C:\Windows\system32\dnsrslvr.dll
2008-10-31 15:13:37 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-10-31 15:13:37 ----A---- C:\Windows\system32\dnsapi.dll
2008-10-31 15:04:10 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-31 15:03:26 ----A---- C:\Windows\system32\INETRES.dll
2008-10-31 15:03:26 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-31 15:02:58 ----A---- C:\Windows\system32\wmi.dll
2008-10-31 15:02:57 ----A---- C:\Windows\system32\imagehlp.dll
2008-10-31 15:02:32 ----A---- C:\Windows\system32\quartz.dll
2008-10-31 15:02:06 ----A---- C:\Windows\system32\msshsq.dll
2008-10-31 15:01:28 ----D---- C:\Program Files\MSXML 4.0
2008-10-31 15:01:08 ----A---- C:\Windows\system32\poqexec.exe
2008-10-31 15:00:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-31 15:00:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-31 14:59:57 ----A---- C:\Windows\system32\user32.dll
2008-10-31 14:57:45 ----A---- C:\Windows\system32\advpack.dll
2008-10-31 14:57:44 ----A---- C:\Windows\system32\wininet.dll
2008-10-31 14:57:44 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-31 14:57:44 ----A---- C:\Windows\system32\ieapfltr.dll
2008-10-31 14:57:43 ----A---- C:\Windows\system32\dxtrans.dll
2008-10-31 14:57:43 ----A---- C:\Windows\system32\dxtmsft.dll
2008-10-31 14:57:42 ----A---- C:\Windows\system32\ieui.dll
2008-10-31 14:57:42 ----A---- C:\Windows\system32\ieframe.dll
2008-10-31 14:57:40 ----A---- C:\Windows\system32\mshtmled.dll
2008-10-31 14:57:39 ----A---- C:\Windows\system32\mshtml.dll
2008-10-31 14:57:37 ----A---- C:\Windows\system32\mstime.dll
2008-10-31 14:57:37 ----A---- C:\Windows\system32\icardie.dll
2008-10-31 14:57:35 ----A---- C:\Windows\system32\ieUnatt.exe
2008-10-31 14:57:34 ----A---- C:\Windows\system32\urlmon.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\pngfilt.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\iesetup.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\iertutil.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\iernonce.dll
2008-10-31 14:57:33 ----A---- C:\Windows\system32\ie4uinit.exe
2008-10-31 14:56:12 ----A---- C:\Windows\system32\qmgr.dll
2008-10-30 08:53:51 ----A---- C:\Windows\system32\wups2.dll
2008-10-30 08:53:51 ----A---- C:\Windows\system32\wucltux.dll
2008-10-30 08:53:51 ----A---- C:\Windows\system32\wuaueng.dll
2008-10-30 08:53:51 ----A---- C:\Windows\system32\wuauclt.exe
2008-10-30 08:52:57 ----A---- C:\Windows\system32\wups.dll
2008-10-30 08:52:57 ----A---- C:\Windows\system32\wudriver.dll
2008-10-30 08:52:56 ----A---- C:\Windows\system32\wuapi.dll
2008-10-30 08:52:13 ----A---- C:\Windows\system32\wuwebv.dll
2008-10-30 08:52:13 ----A---- C:\Windows\system32\wuapp.exe
2008-10-30 00:14:45 ----D---- C:\Program Files\Veoh Networks
2008-10-28 12:59:52 ----A---- C:\Windows\zip.exe
2008-10-28 12:59:52 ----A---- C:\Windows\VFIND.exe
2008-10-28 12:59:52 ----A---- C:\Windows\SWXCACLS.exe
2008-10-28 12:59:52 ----A---- C:\Windows\SWSC.exe
2008-10-28 12:59:52 ----A---- C:\Windows\SWREG.exe
2008-10-28 12:59:52 ----A---- C:\Windows\sed.exe
2008-10-28 12:59:52 ----A---- C:\Windows\NIRCMD.exe
2008-10-28 12:59:52 ----A---- C:\Windows\grep.exe
2008-10-28 12:59:52 ----A---- C:\Windows\fdsv.exe
2008-10-28 12:46:09 ----D---- C:\Windows\ERDNT
2008-10-28 12:46:09 ----D---- C:\Qoobox
2008-10-27 20:50:18 ----D---- C:\Program Files\Common Files\Adobe
2008-10-27 19:30:48 ----D---- C:\rsit
2008-10-27 19:23:31 ----D---- C:\Users\azzurro\AppData\Roaming\U3
2008-10-26 23:56:40 ----D---- C:\Windows\Minidump
2008-10-26 23:24:48 ----D---- C:\Users\azzurro\AppData\Roaming\skypePM
2008-10-26 23:24:17 ----D---- C:\Users\azzurro\AppData\Roaming\Skype
2008-10-26 23:22:20 ----D---- C:\Program Files\Skype
2008-10-26 23:22:20 ----D---- C:\Program Files\Common Files\Skype
2008-10-26 21:22:21 ----A---- C:\Users\azzurro\AppData\Roaming\SetValue.bat
2008-10-26 21:22:20 ----A---- C:\Users\azzurro\AppData\Roaming\GetValue.vbs
2008-10-26 21:20:09 ----A---- C:\Windows\system32\tmp.txt
2008-10-26 21:20:06 ----A---- C:\rapport.txt
2008-10-26 17:26:51 ----D---- C:\Users\azzurro\AppData\Roaming\Apple Computer
2008-10-26 17:26:39 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-26 17:26:39 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-26 17:26:14 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 17:26:14 ----D---- C:\Program Files\iPod
2008-10-26 17:26:13 ----D---- C:\Program Files\iTunes
2008-10-26 17:25:34 ----D---- C:\Program Files\Bonjour
2008-10-26 17:24:55 ----D---- C:\Program Files\QuickTime
2008-10-26 17:24:53 ----D---- C:\ProgramData\Apple Computer
2008-10-26 17:24:15 ----D---- C:\Program Files\Apple Software Update
2008-10-26 17:23:00 ----D---- C:\Program Files\Common Files\Apple
2008-10-26 17:22:59 ----D---- C:\ProgramData\Apple
2008-10-26 10:41:41 ----D---- C:\Users\azzurro\AppData\Roaming\WinRAR
2008-10-26 09:56:41 ----D---- C:\Program Files\Microsoft Works
2008-10-26 09:56:14 ----D---- C:\Program Files\Microsoft Visual Studio
2008-10-26 09:56:14 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-26 09:56:00 ----D---- C:\Windows\PCHEALTH
2008-10-26 09:56:00 ----D---- C:\Program Files\Microsoft.NET
2008-10-26 09:52:56 ----D---- C:\Program Files\Microsoft Office
2008-10-26 09:52:54 ----D---- C:\ProgramData\Microsoft Help
2008-10-26 09:52:11 ----RHD---- C:\MSOCache
2008-10-26 00:31:11 ----D---- C:\Windows\SoftwareDistribution
2008-10-25 22:11:44 ----D---- C:\ProgramData\Kaspersky Lab
2008-10-25 22:11:44 ----D---- C:\Program Files\Kaspersky Lab
2008-10-25 21:42:28 ----D---- C:\Users\azzurro\AppData\Roaming\GlarySoft
2008-10-25 20:07:45 ----D---- C:\Users\azzurro\AppData\Roaming\Malwarebytes
2008-10-25 20:07:41 ----D---- C:\ProgramData\Malwarebytes
2008-10-25 00:56:16 ----HD---- C:\ProgramData\CanonBJ
2008-10-25 00:54:58 ----A---- C:\Windows\system32\CNMLM8U.DLL
2008-10-25 00:24:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-25 00:24:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-24 21:06:07 ----D---- C:\Users\azzurro\AppData\Roaming\Macromedia
2008-10-24 21:04:27 ----A---- C:\Windows\system32\PanInstaller.dll
2008-10-24 21:04:25 ----A---- C:\Windows\system32\FirstLoad.dll
2008-10-24 21:04:20 ----D---- C:\Program Files\PANDORA.TV
2008-10-24 21:04:09 ----D---- C:\Temp
2008-10-24 21:02:04 ----D---- C:\Users\azzurro\AppData\Roaming\Adobe
2008-10-24 20:44:23 ----D---- C:\Users\azzurro\AppData\Roaming\Mozilla
2008-10-24 20:44:14 ----D---- C:\Program Files\Mozilla Firefox
2008-10-24 20:43:22 ----N---- C:\Windows\system32\vxblock.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxwave.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxsfs.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxmas.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxinsa64.exe
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxhpinst.exe
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxdrv.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxcpya64.exe
2008-10-24 20:43:22 ----N---- C:\Windows\system32\pxafs.dll
2008-10-24 20:43:22 ----N---- C:\Windows\system32\px.dll
2008-10-24 20:43:19 ----D---- C:\Users\azzurro\AppData\Roaming\Winamp
2008-10-24 20:43:19 ----D---- C:\Program Files\Winamp
2008-10-24 20:41:23 ----A---- C:\Windows\system32\rmoc3260.dll
2008-10-24 20:41:23 ----A---- C:\Windows\system32\pndx5032.dll
2008-10-24 20:41:23 ----A---- C:\Windows\system32\pndx5016.dll
2008-10-24 20:41:23 ----A---- C:\Windows\system32\pncrt.dll
2008-10-24 20:41:22 ----A---- C:\Windows\system32\unrar.dll
2008-10-24 20:41:22 ----A---- C:\Windows\avisplitter.ini
2008-10-24 20:41:19 ----A---- C:\Windows\system32\yv12vfw.dll
2008-10-24 20:41:19 ----A---- C:\Windows\system32\xvidvfw.dll
2008-10-24 20:41:19 ----A---- C:\Windows\system32\xvidcore.dll
2008-10-24 20:41:18 ----A---- C:\Windows\system32\qt-dx331.dll
2008-10-24 20:41:18 ----A---- C:\Windows\system32\dpl100.dll
2008-10-24 20:41:18 ----A---- C:\Windows\system32\divx.dll
2008-10-24 20:41:17 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-10-24 20:41:17 ----A---- C:\Windows\system32\ff_vfw.dll
2008-10-24 20:41:16 ----A---- C:\Windows\system32\msvcr71.dll
2008-10-24 20:41:16 ----A---- C:\Windows\system32\msvcp71.dll
2008-10-24 20:41:15 ----D---- C:\Users\azzurro\AppData\Roaming\Real
2008-10-24 20:41:15 ----D---- C:\ProgramData\Real
2008-10-24 20:41:15 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-24 20:39:29 ----D---- C:\Users\azzurro\AppData\Roaming\Google
2008-10-24 20:39:14 ----D---- C:\ProgramData\Google
2008-10-24 20:39:11 ----D---- C:\Program Files\Google
2008-10-24 20:37:55 ----D---- C:\ProgramData\Skype
2008-10-24 20:37:06 ----D---- C:\Program Files\KeyHoleTV
2008-10-24 20:36:44 ----D---- C:\Program Files\WinRAR
2008-10-24 20:36:08 ----D---- C:\Users\azzurro\AppData\Roaming\Media Player Classic
2008-10-24 20:22:57 ----D---- C:\Program Files\TeraPad
2008-10-24 19:47:51 ----D---- C:\Users\azzurro\AppData\Roaming\goo
2008-10-24 19:46:29 ----D---- C:\Program Files\Trend Micro
2008-10-24 19:40:15 ----A---- C:\Windows\NDSTray.INI
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizeW7.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizePX.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizeP6.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizeM6.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresizeA6.dll
2008-10-24 19:39:42 ----A---- C:\Windows\system32\IVIresize.dll
2008-10-24 19:39:17 ----D---- C:\Windows\RegisteredPackages
2008-10-24 19:39:09 ----D---- C:\Program Files\Windows Media Components
2008-10-24 19:35:11 ----D---- C:\Program Files\Ulead Systems
2008-10-24 19:35:11 ----D---- C:\Program Files\Common Files\Ulead Systems
2008-10-24 19:35:10 ----D---- C:\ProgramData\Ulead Systems
2008-10-24 19:31:42 ----D---- C:\Program Files\McAfee.com
2008-10-24 19:31:40 ----D---- C:\Program Files\Common Files\McAfee
2008-10-24 19:31:08 ----D---- C:\Program Files\McAfee
2008-10-24 19:30:53 ----D---- C:\ProgramData\Toshiba
2008-10-24 19:30:50 ----D---- C:\ProgramData\McAfee
2008-10-24 19:30:20 ----D---- C:\Users\azzurro\AppData\Roaming\Identities
2008-10-24 19:30:10 ----SD---- C:\Users\azzurro\AppData\Roaming\Microsoft
2008-10-24 19:30:10 ----D---- C:\Users\azzurro\AppData\Roaming\Media Center Programs
2008-10-24 19:25:40 ----D---- C:\Windows\SoftwareDistributionOLD
2008-10-24 19:24:22 ----D---- C:\Program Files\goo
2008-10-24 19:24:16 ----HD---- C:\Windows\msdownld.tmp
2008-10-24 19:23:30 ----D---- C:\Windows\Options
2008-10-24 19:23:30 ----D---- C:\Program Files\Atheros
2008-10-24 19:23:13 ----D---- C:\ProgramData\Atheros
2008-10-24 19:17:43 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2008-11-03 17:45:18 ----D---- C:\Windows\System32
2008-11-03 17:45:18 ----D---- C:\Windows\inf
2008-11-03 17:45:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-03 17:43:54 ----HD---- C:\ProgramData
2008-11-03 01:15:19 ----RD---- C:\Program Files
2008-11-03 01:15:08 ----D---- C:\Windows\system32\Tasks
2008-11-03 00:44:47 ----SHD---- C:\Windows\Installer
2008-11-03 00:44:46 ----D---- C:\Windows
2008-11-03 00:44:40 ----D---- C:\Windows\winsxs
2008-11-03 00:43:56 ----D---- C:\Program Files\Common Files
2008-11-03 00:43:54 ----SD---- C:\Windows\Downloaded Program Files
2008-11-03 00:43:54 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-02 03:04:14 ----D---- C:\Windows\system32\catroot2
2008-11-01 16:44:46 ----D---- C:\Windows\Debug
2008-11-01 16:38:57 ----D---- C:\Windows\Prefetch
2008-11-01 16:30:40 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-31 21:08:15 ----RSD---- C:\Windows\assembly
2008-10-31 21:05:59 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-31 21:05:53 ----D---- C:\Program Files\MSBuild
2008-10-31 21:05:21 ----D---- C:\Windows\ShellNew
2008-10-31 21:04:30 ----RSD---- C:\Windows\Fonts
2008-10-31 21:04:09 ----SD---- C:\ProgramData\Microsoft
2008-10-31 20:59:51 ----A---- C:\Windows\win.ini
2008-10-31 18:05:17 ----D---- C:\Windows\system32\drivers
2008-10-31 17:57:47 ----D---- C:\Windows\Logs
2008-10-31 17:37:55 ----A---- C:\Windows\system.ini
2008-10-31 17:32:00 ----D---- C:\Windows\AppPatch
2008-10-31 17:28:18 ----D---- C:\Windows\system32\en-US
2008-10-31 16:37:40 ----D---- C:\Windows\system32\catroot
2008-10-31 16:19:41 ----D---- C:\Windows\Microsoft.NET
2008-10-31 16:16:58 ----ASH---- C:\Program Files\desktop.ini
2008-10-31 16:16:40 ----D---- C:\Windows\rescache
2008-10-31 16:10:32 ----D---- C:\Windows\system32\ras
2008-10-31 16:10:32 ----D---- C:\Program Files\Windows Calendar
2008-10-31 16:10:31 ----D---- C:\Windows\system32\icsxml
2008-10-31 16:10:28 ----D---- C:\Program Files\Windows Mail
2008-10-31 16:10:28 ----D---- C:\Program Files\Common Files\System
2008-10-31 16:10:27 ----D---- C:\Windows\system32\wbem
2008-10-31 16:10:26 ----D---- C:\Windows\system32\XPSViewer
2008-10-31 16:10:26 ----D---- C:\Windows\ehome
2008-10-31 16:10:25 ----D---- C:\Program Files\Windows Defender
2008-10-31 16:10:23 ----D---- C:\Windows\system32\ja-JP
2008-10-31 16:10:23 ----D---- C:\Windows\servicing
2008-10-31 16:10:23 ----D---- C:\Program Files\Windows Media Player
2008-10-31 16:10:21 ----D---- C:\Windows\system32\migration
2008-10-31 16:10:17 ----D---- C:\Windows\system32\SLUI
2008-10-31 16:10:14 ----D---- C:\Program Files\Windows Sidebar
2008-10-31 16:10:11 ----D---- C:\Program Files\Internet Explorer
2008-10-31 15:06:29 ----D---- C:\Windows\system32\WDI
2008-10-28 12:39:36 ----D---- C:\Windows\system32\LogFiles
2008-10-27 20:51:14 ----D---- C:\Program Files\Adobe
2008-10-27 20:50:29 ----D---- C:\ProgramData\Adobe
2008-10-25 23:27:57 ----D---- C:\Windows\Tasks
2008-10-25 22:00:10 ----D---- C:\Windows\system32\NDF
2008-10-25 00:54:12 ----RSD---- C:\Windows\Media
2008-10-25 00:53:54 ----D---- C:\Windows\twain_32
2008-10-24 19:39:39 ----D---- C:\Program Files\InterVideo
2008-10-24 19:30:36 ----SHD---- C:\$Recycle.Bin
2008-10-24 19:30:10 ----RD---- C:\Users
2008-10-24 19:26:01 ----D---- C:\Program Files\Windows NT
2008-10-24 19:24:28 ----D---- C:\TOSAPINS
2008-10-24 19:23:16 ----D---- C:\Windows\system32\restore
2008-10-24 19:21:02 ----D---- C:\Windows\Panther
2008-10-07 11:19:42 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-10-25 216080]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-29 919552]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-31 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-06 1739816]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-10-31 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-17 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-23 290304]
R3 usbscan;USB スキャナドライバ; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-08 221696]
S3 a7b2f273;a7b2f273; C:\Windows\system32\drivers\a7b2f273.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\Users\azzurro\AppData\Local\Temp\Low\OnlineScanner\Anti-Virus\fsgk.sys []
S3 HdAudAddService;Microsoft 1.1 UAA ファンクションドライバ (High Definition Audio 用) サービス; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys [2008-10-25 216080]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbvideo;USB ビデオデバイス (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 Bonjour Service;Bonjour サービス; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 IJPLMSVC;PIXUS 使用状況調査プログラム; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2006-12-19 428152]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-22 49152]
S2 0154591224999483mcinstcleanup;McAfee Application Installer Cleanup (0154591224999483); C:\Users\azzurro\AppData\Local\Temp\015459~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-28 156656]
S3 iPod Service;iPod サービス; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

katana · Nov 4, 2008

The DNS settings have been altered on your router.

Make sure you have any information needed for re-connecting before you continue

You need to reset your Router to factory settings, and then connect it to the internet.
Make sure you password protect it to help prevent this happening again.

Azzurro · Nov 7, 2008

Thank you very much for your help.

Mr. Katana,

I pushed a reset button, then, pop-ups never appear on my screen.
Thank you very much for your help.
I really appreciate you.

Azzurro

katana · Nov 7, 2008

:bigthumb:

katana · Nov 11, 2008

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm).
A valid, working link to the closed topic is required.

I need help to remove zlob DNSchanger.

Azzurro

New member

katana

Security Expert-Emeritus

Azzurro

New member

katana

Security Expert-Emeritus

Azzurro

New member

katana

Security Expert-Emeritus

Azzurro

New member

katana

Security Expert-Emeritus

Azzurro

New member

Azzurro

New member

katana

Security Expert-Emeritus

Azzurro

New member

Azzurro

New member

katana

Security Expert-Emeritus

Azzurro

New member

katana

Security Expert-Emeritus

katana

Security Expert-Emeritus