Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked doubts before using online bill pay


  • This topic is locked This topic is locked
22 replies to this topic

#1 RENEDDI

RENEDDI

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 28 March 2010 - 03:56 AM

hello friends, i am enclosing a hijack this results for my trusty old pc, i am trying to start using online bill pay to include paypal, but im afraid my pc might be already infected or hijacked, so before i proceed to use those services, i would like to make sure i do it with a clean pc, i try to clean my pc daily by using cc cleaner, super antispyware, malwarebytes, microsoft security essentials as my antivirus, and also use tune up utilities 2010 to fix any errors my pc might have any help would be greatly appreciated, thanks friends, here is my log for hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:14 AM, on 3/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\user\My Documents\Downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4380 bytes


BC AdBot (Login to Remove)

 


#2 RENEDDI

RENEDDI
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 31 March 2010 - 07:17 AM

Hello friends, was wondering if a staff member would move this thread to the proper forum i think i should have placed it in the "am i infected what to do" forum, hopefully this will get me some feedback, thanks buddies!, my computer is running fine, im just paranoid about this paypal thing, and have noticed reading thru some of the help already given to some members tracking cookies can be found even if your scans come out negative.

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 31 March 2010 - 05:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 RENEDDI

RENEDDI
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 01 April 2010 - 04:31 AM

HELLO! thanks for helping me, here is my otl log and my gmr log results

OTL logfile created on: 4/1/2010 4:13:01 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 271.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 30.15 Gb Free Space | 78.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSP3-WBB
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/01 04:09:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2010/03/23 17:18:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/02/18 10:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/02/17 02:30:48 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/14 12:54:00 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/01 04:09:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/23 17:18:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/23 17:18:15 | 000,000,000 | ---D | M]

[2004/12/30 20:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/03/30 18:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0cdpsdoe.default\extensions
[2010/03/28 04:43:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0cdpsdoe.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/26 21:17:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0cdpsdoe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/19 12:56:12 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0cdpsdoe.default\searchplugins\bing.xml
[2010/03/31 19:04:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/30 04:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/12/30 04:38:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: VTTrayp - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/01 03:12:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2010/03/26 23:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/03/26 22:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2010/03/26 22:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Uniblue
[2010/03/26 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/03/26 21:23:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/26 21:07:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/26 21:06:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/26 21:06:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/26 21:06:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/26 21:06:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/26 21:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/26 21:04:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/26 20:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2010/03/26 20:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/26 20:53:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/25 19:10:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Videos
[2010/03/25 19:10:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/25 19:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/25 18:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/03/25 18:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/03/25 18:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/03/25 09:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DivX
[2010/03/24 07:02:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/24 06:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/03/21 18:09:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\UserData
[2010/03/21 17:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Identities
[2010/03/21 15:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/03/21 14:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2010/03/21 14:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Search Settings
[2010/03/21 14:47:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/03/21 14:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/03/21 14:42:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010/03/21 14:42:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/03/21 14:42:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010/03/21 14:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/03/21 14:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\uTorrent
[2010/03/21 14:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/03/21 14:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinRAR
[2010/03/21 14:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/21 14:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/21 14:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/21 14:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sun
[2010/03/21 14:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/03/21 04:32:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/19 13:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Yahoo
[2010/03/19 13:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/03/19 13:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Yahoo!
[2010/03/19 13:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/03/19 13:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/03/19 12:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Tracing
[2010/03/19 12:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/03/19 12:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/03/19 12:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/03/19 12:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/03/19 12:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/03/18 06:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2004/12/30 04:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/01 03:13:06 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/01 03:08:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/01 03:07:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/01 03:07:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 03:07:06 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/04/01 03:07:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/03/31 11:23:15 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 21:18:07 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\user\My Documents\cc_20100319_045110.reg
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 15:01:36 | 000,004,642 | ---- | M] () -- C:\Documents and Settings\user\My Documents\m_a84fa64520edfe80f2063f8a0790e71d.jpg
[2010/03/26 23:11:56 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/03/26 22:55:16 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\vuins32.dll
[2010/03/26 22:46:15 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/03/26 21:10:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/26 21:07:13 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/03/25 19:05:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/03/25 19:05:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/03/25 18:37:09 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/25 18:35:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/03/25 18:34:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/03/24 08:46:42 | 000,006,422 | ---- | M] () -- C:\Documents and Settings\user\My Documents\m_2c91185df4c9040241708310451744ca.jpg
[2010/03/24 06:53:33 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/22 14:16:21 | 000,029,419 | ---- | M] () -- C:\Documents and Settings\user\My Documents\l_a13b237c67dc4cab918d9def6f0382c2.jpg
[2010/03/21 14:50:05 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Media Player Classic - Home Cinema.lnk
[2010/03/21 14:20:51 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/03/21 14:18:06 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\user\Desktop\JDownloader.lnk
[2010/03/21 04:32:53 | 005,349,944 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/03/21 04:32:49 | 000,000,255 | ---- | M] () -- C:\Boot.bak
[2010/03/21 04:32:17 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/21 04:32:17 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/21 04:32:17 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/20 09:21:16 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/19 13:24:33 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/03/19 12:54:56 | 000,012,912 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/26 23:11:56 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/03/26 23:11:52 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/03/26 22:46:15 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/03/26 21:07:12 | 000,000,255 | ---- | C] () -- C:\Boot.bak
[2010/03/26 21:07:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/26 21:06:19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/26 21:06:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/26 21:06:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/26 21:06:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/26 21:06:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/25 18:34:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/03/24 10:05:37 | 000,006,422 | ---- | C] () -- C:\Documents and Settings\user\My Documents\m_2c91185df4c9040241708310451744ca.jpg
[2010/03/24 10:05:31 | 000,004,642 | ---- | C] () -- C:\Documents and Settings\user\My Documents\m_a84fa64520edfe80f2063f8a0790e71d.jpg
[2010/03/24 06:58:44 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/24 06:53:33 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/22 14:18:03 | 000,029,419 | ---- | C] () -- C:\Documents and Settings\user\My Documents\l_a13b237c67dc4cab918d9def6f0382c2.jpg
[2010/03/22 10:13:52 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 14:50:05 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Media Player Classic - Home Cinema.lnk
[2010/03/21 14:20:51 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/03/21 14:18:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\user\Desktop\JDownloader.lnk
[2010/03/19 13:24:33 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/03/19 04:51:18 | 000,000,404 | ---- | C] () -- C:\Documents and Settings\user\My Documents\cc_20100319_045110.reg
[2009/10/27 18:22:08 | 004,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/27 18:16:44 | 001,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/27 18:16:12 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/27 18:10:02 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/27 17:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/27 17:28:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/16 18:58:06 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/16 18:57:06 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/16 18:04:24 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/16 18:04:08 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/16 18:03:48 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/16 18:03:44 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/16 18:03:40 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/16 15:53:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/16 15:53:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/16 14:40:42 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/16 14:38:20 | 000,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/10 17:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 17:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 17:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 17:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 17:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 17:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 17:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 17:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 17:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 17:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 17:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/07/10 12:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/01/20 06:34:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/01/20 06:34:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/01/20 06:34:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/01/20 06:34:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/01/20 06:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/01/20 06:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/01/20 06:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/01/20 06:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/01/20 06:34:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/12/30 05:06:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== LOP Check ==========

[2010/03/26 20:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/26 20:53:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/21 14:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Settings
[2010/03/26 20:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2010/03/26 22:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue
[2010/03/31 11:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2010/04/01 03:13:06 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 09:00:00 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/04/14 09:00:00 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 09:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 09:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIPRT.SYS >
[2010/03/26 22:51:41 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\WINDOWS\system32\drivers\ViPrt.sys

< %systemroot%\*. /mp /s >
< End of report >


GMER log:

Attached Files

  • Attached File  ark.txt   645bytes   9 downloads


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 01 April 2010 - 05:20 PM

Hello, RENEDDI.
Ok, let's start to dig in.

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Step 1

I see you have run Combofix. Please copy and paste the contents of C:\combofix.txt in your reply.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 RENEDDI

RENEDDI
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 02 April 2010 - 10:52 AM

ETAVARES, thanks friend, as far as the combofix, after reading how it should not be used unless consulted by an expert, i deleted it and all files, would u like me to download it again, and run it?

malwarebytes results:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/2/2010 11:09:21 AM
mbam-log-2010-04-02 (11-09-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 119645
Time elapsed: 23 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by RENEDDI, 02 April 2010 - 11:11 AM.


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 02 April 2010 - 12:30 PM

Hello, RENEDDI.

Not running combofix unsupervised was a good choice. No need to install, there's a few things to take care of.

First, do you see "Application Updater" in Add/remove Programs? If so, please uninstall it.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 RENEDDI

RENEDDI
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 02 April 2010 - 12:35 PM

thanks, scanning right now, will report back when finished

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 02 April 2010 - 12:42 PM

OK, it may take a few hours, depending what you have on your machine. Also, please don't forget to uninstall Application Updater. If you can't, please let me know.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 RENEDDI

RENEDDI
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 02 April 2010 - 01:44 PM

ok, ran eset onlline results were no threats found!, also ran malwarebytes and superantispyware also no threads found, ran cc cleaner also, should my pc be safe enough now?

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 02 April 2010 - 04:05 PM

Were you able to uninstall Application Updater?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 RENEDDI

RENEDDI
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 03 April 2010 - 08:29 AM

yes i believe so, was asked if i wanted to uninstall it and i clicked yes, and i did check afterwards and deleted the exe files and ran cc cleaner to include the registry part of the cc cleaner to make sure all was deleted

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 03 April 2010 - 08:57 AM

Hello, RENEDDI.

Ok, good to hear. I've had some people before who didn't have Application Updater in the Add/Remove programs list so I wanted to check.

I will caution you about automatic registry cleaners:




I also see that you have a registry cleaner installed (in your case CCLeaner). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 19 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 19 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586-p.exe to install the newest version.



Step 2

Once that's done, please reboot and post a fresh OTL log as you did before so I can confirm everything looks good.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 RENEDDI

RENEDDI
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 03 April 2010 - 11:14 AM

Etavares, here is the new log hopefully all looks well my friend:

OTL logfile created on: 4/3/2010 11:08:36 AM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 349.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 27.95 Gb Free Space | 72.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSP3-WBB
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/02 08:47:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 04:09:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/02/18 10:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/14 12:54:00 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/01 04:09:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 08:48:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 08:48:03 | 000,000,000 | ---D | M]

[2004/12/30 20:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/04/03 11:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0cdpsdoe.default\extensions
[2010/03/28 04:43:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0cdpsdoe.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/26 21:17:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0cdpsdoe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/19 12:56:12 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0cdpsdoe.default\searchplugins\bing.xml
[2010/04/03 11:06:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-602609370-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Desktop\l_1d229b7dc5a1a566fc73130df4d81d3d.gif
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/30 04:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/12/30 04:38:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: VTTrayp - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/03 11:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/03 11:00:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2010/04/03 09:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/03 09:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\IObit
[2010/04/03 09:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/26 22:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2010/03/26 22:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Uniblue
[2010/03/26 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/03/26 21:23:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/26 21:07:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/26 21:06:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/26 21:06:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/26 21:06:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/26 21:06:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/26 21:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/26 21:04:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/26 20:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2010/03/26 20:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/26 20:53:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/25 19:10:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Videos
[2010/03/25 19:10:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/25 19:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/25 18:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/03/25 18:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/03/25 18:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/03/25 09:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DivX
[2010/03/24 07:02:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/24 06:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/03/21 18:09:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\UserData
[2010/03/21 17:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Identities
[2010/03/21 15:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/03/21 14:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2010/03/21 14:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Search Settings
[2010/03/21 14:47:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/03/21 14:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/03/21 14:42:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010/03/21 14:42:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/03/21 14:42:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010/03/21 14:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/03/21 14:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\uTorrent
[2010/03/21 14:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/03/21 14:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinRAR
[2010/03/21 14:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/21 14:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/21 14:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sun
[2010/03/21 14:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/03/21 04:32:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2004/12/30 04:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/03 11:07:35 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/03 11:03:02 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/04/03 11:02:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/03 11:02:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/03 11:02:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/03 11:01:24 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/04/03 11:01:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/04/03 09:01:57 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/04/02 15:22:50 | 000,019,300 | ---- | M] () -- C:\Documents and Settings\user\Desktop\l_2c91185df4c9040241708310451744ca.jpg
[2010/04/02 14:57:08 | 000,019,253 | ---- | M] () -- C:\Documents and Settings\user\Desktop\l_9b9c89e560c184372c79a71385d053af.jpg
[2010/04/01 09:59:10 | 000,008,550 | ---- | M] () -- C:\Documents and Settings\user\My Documents\l_1d229b7dc5a1a566fc73130df4d81d3d.gif
[2010/04/01 09:59:10 | 000,008,550 | ---- | M] () -- C:\Documents and Settings\user\Desktop\l_1d229b7dc5a1a566fc73130df4d81d3d.gif
[2010/04/01 09:57:38 | 000,009,432 | ---- | M] () -- C:\Documents and Settings\user\My Documents\l_485d687c2c7848d494072b287e4391f7.jpg
[2010/04/01 09:57:38 | 000,009,432 | ---- | M] () -- C:\Documents and Settings\user\Desktop\l_485d687c2c7848d494072b287e4391f7.jpg
[2010/04/01 04:17:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\defogger_reenable
[2010/03/31 11:23:15 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 21:18:07 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\user\My Documents\cc_20100319_045110.reg
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 15:01:36 | 000,004,642 | ---- | M] () -- C:\Documents and Settings\user\My Documents\m_a84fa64520edfe80f2063f8a0790e71d.jpg
[2010/03/26 22:55:16 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\vuins32.dll
[2010/03/26 22:46:15 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/03/26 21:10:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/26 21:07:13 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/03/25 19:05:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/03/25 19:05:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/03/25 18:37:09 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/25 18:35:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/03/25 18:34:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/03/24 08:46:42 | 000,006,422 | ---- | M] () -- C:\Documents and Settings\user\My Documents\m_2c91185df4c9040241708310451744ca.jpg
[2010/03/24 06:53:33 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/22 14:16:21 | 000,029,419 | ---- | M] () -- C:\Documents and Settings\user\My Documents\l_a13b237c67dc4cab918d9def6f0382c2.jpg
[2010/03/21 14:50:05 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Media Player Classic - Home Cinema.lnk
[2010/03/21 14:20:51 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/03/21 14:18:06 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\user\Desktop\JDownloader.lnk
[2010/03/21 04:32:53 | 005,349,944 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/03/21 04:32:49 | 000,000,255 | ---- | M] () -- C:\Boot.bak
[2010/03/21 04:32:17 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/21 04:32:17 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/21 04:32:17 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/03 09:09:53 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/04/03 09:01:57 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/04/02 15:20:01 | 000,019,300 | ---- | C] () -- C:\Documents and Settings\user\Desktop\l_2c91185df4c9040241708310451744ca.jpg
[2010/04/02 14:57:04 | 000,019,253 | ---- | C] () -- C:\Documents and Settings\user\Desktop\l_9b9c89e560c184372c79a71385d053af.jpg
[2010/04/01 10:01:06 | 000,008,550 | ---- | C] () -- C:\Documents and Settings\user\My Documents\l_1d229b7dc5a1a566fc73130df4d81d3d.gif
[2010/04/01 09:59:41 | 000,009,432 | ---- | C] () -- C:\Documents and Settings\user\My Documents\l_485d687c2c7848d494072b287e4391f7.jpg
[2010/04/01 09:59:10 | 000,008,550 | ---- | C] () -- C:\Documents and Settings\user\Desktop\l_1d229b7dc5a1a566fc73130df4d81d3d.gif
[2010/04/01 09:57:37 | 000,009,432 | ---- | C] () -- C:\Documents and Settings\user\Desktop\l_485d687c2c7848d494072b287e4391f7.jpg
[2010/04/01 04:17:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\defogger_reenable
[2010/03/26 22:46:15 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/03/26 21:07:12 | 000,000,255 | ---- | C] () -- C:\Boot.bak
[2010/03/26 21:07:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/26 21:06:19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/26 21:06:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/26 21:06:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/26 21:06:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/26 21:06:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/25 18:34:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/03/24 10:05:37 | 000,006,422 | ---- | C] () -- C:\Documents and Settings\user\My Documents\m_2c91185df4c9040241708310451744ca.jpg
[2010/03/24 10:05:31 | 000,004,642 | ---- | C] () -- C:\Documents and Settings\user\My Documents\m_a84fa64520edfe80f2063f8a0790e71d.jpg
[2010/03/24 06:58:44 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/24 06:53:33 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/22 14:18:03 | 000,029,419 | ---- | C] () -- C:\Documents and Settings\user\My Documents\l_a13b237c67dc4cab918d9def6f0382c2.jpg
[2010/03/22 10:13:52 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 14:50:05 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Media Player Classic - Home Cinema.lnk
[2010/03/21 14:20:51 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/03/21 14:18:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\user\Desktop\JDownloader.lnk
[2009/10/27 18:22:08 | 004,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/27 18:16:44 | 001,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/27 18:16:12 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/27 18:10:02 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/27 17:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/27 17:28:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/16 18:58:06 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/16 18:57:06 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/16 18:04:24 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/16 18:04:08 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/16 18:03:48 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/16 18:03:44 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/16 18:03:40 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/16 15:53:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/16 15:53:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/16 14:40:42 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/16 14:38:20 | 000,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/10 17:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 17:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 17:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 17:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 17:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 17:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 17:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 17:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 17:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 17:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 17:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/07/10 12:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/01/20 06:34:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/01/20 06:34:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/01/20 06:34:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/01/20 06:34:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/01/20 06:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/01/20 06:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/01/20 06:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/01/20 06:34:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/01/20 06:34:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/12/30 05:06:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== LOP Check ==========

[2010/04/03 09:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/03/26 20:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/26 20:53:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/04/03 09:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IObit
[2010/03/21 14:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Settings
[2010/03/26 20:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2010/03/26 22:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue
[2010/04/03 09:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2010/04/03 11:03:02 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2010/04/03 11:07:35 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/04/03 11:02:15 | 000,000,618 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 09:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 09:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIPRT.SYS >
[2010/03/26 22:51:41 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\WINDOWS\system32\drivers\ViPrt.sys

< %systemroot%\*. /mp /s >
< End of report >


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 03 April 2010 - 11:59 AM

Hello, RENEDDI.

Application Updater is still there, let's take it out manually.



Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    :Files
    C:\Program Files\Application Updater\
    :Commands
    [Reboot]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here:


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users