Author Topic: rundll32.exe problems (Read 1861 times)

aristember · « **on:** March 31, 2010, 09:51:16 PM »

Hi, I'm not too good with computers and I need some help. For about a year my computer has been telling me I'm missing rundll32. So I downloaded that, and then it told me I needed k9371937.dll so I downloaded that. Now I need to download MSVCRTD.dll. I got my friend to help me and he told me to download RegSeeker and run that, which hasn't helped. My computer has been slow and freezing a lot of the time so I think this is the problem

here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:15 PM, on 3/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2086743
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mohsin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - http://apps.vivaty.com/downloads/player/Vi...D%20Content.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://secure.footprint.net/kingsisle/stat...ameLauncher.CAB
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidaxision.com/setup/solidstateion.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11119 bytes

thank you

guestolo · « **Reply #1 on:** March 31, 2010, 10:33:33 PM »

Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Under the Custom Scan box paste this in, the contents in Blue

[color=\"#0000FF\"]netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]

Click Quick Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"

aristember · « **Reply #2 on:** April 01, 2010, 06:56:18 AM »

Alright, here they are:

OTL logfile created on: 4/1/2010 7:25:36 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 39.57 Gb Free Space | 53.10% Space Free | Partition Type: NTFS
Drive D: | 994.74 Mb Total Space | 258.02 Mb Free Space | 25.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAMJEE-661EE8C
Current User Name: mohsin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/01 05:41:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\OTL.exe
PRC - [2010/03/31 07:30:34 | 001,607,272 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/03/31 07:30:34 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/03/31 07:30:34 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/03/31 07:15:00 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/11/15 09:00:45 | 002,923,192 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/11/12 23:30:37 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/26 12:20:38 | 002,799,104 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/08/05 21:06:08 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/25 14:30:25 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/25 14:30:23 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/06/09 21:41:13 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/10 08:35:48 | 000,615,936 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:10 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/01 05:41:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/03/31 07:30:34 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/08/05 21:06:08 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/09 21:41:13 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/01/04 17:38:10 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2086743
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {dd02a4eb-4afd-4d60-99d8-e67f964ca813}:2.1.0.19
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414

FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/27 09:35:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/02/02 04:48:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/26 01:28:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 07:09:26 | 000,000,000 | ---D | M]

[2008/10/25 02:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Extensions
[2009/04/21 12:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Extensions\[email protected]
[2009/08/31 00:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Firefox\Profiles\ek050ik6.default\extensions
[2009/07/25 09:14:13 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Firefox\Profiles\ek050ik6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/25 22:23:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/08 16:06:57 | 000,000,000 | ---D | M] (PHPNukeEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
[2009/11/15 09:00:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2005/04/27 16:10:50 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/04/16 13:07:14 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mohsin\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} http://apps.vivaty.com/downloads/player/Vi...D%20Content.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://secure.footprint.net/kingsisle/stat...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://www.solidaxision.com/setup/solidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.70.150.10 202.70.150.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/02 09:04:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/08 23:13:25 | 000,000,058 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/02 08:51:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

[color=\"#E56717\"]========== Files/Folders - Created Within 14 Days ==========[/color]

[2010/04/01 05:41:01 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\OTL.exe
[2010/03/31 22:19:32 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2010/03/31 12:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/03/31 11:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\WinZip
[2010/03/31 10:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\New Folder
[2010/03/30 08:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/02/01 02:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/01 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/18 12:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/05/06 16:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/04/09 18:24:51 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2008/12/06 09:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2008/12/06 08:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/11/27 06:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/09/19 12:07:31 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2008/09/19 11:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/09/19 11:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/05/05 13:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/02/02 09:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/02 09:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/02/02 08:56:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/02/02 08:56:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 14 Days ==========[/color]

[2010/04/01 07:09:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/01 07:09:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2010/04/01 07:09:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/01 07:09:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 05:46:03 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\ntuser.dat
[2010/04/01 05:45:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\ntuser.ini
[2010/04/01 05:42:52 | 004,302,272 | -H-- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\IconCache.db
[2010/04/01 05:41:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\OTL.exe
[2010/04/01 00:58:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/01 00:21:33 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/31 22:19:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2010/03/31 13:13:39 | 000,449,043 | ---- | M] () -- C:\RegSeeker.zip
[2010/03/31 12:59:07 | 000,003,086 | ---- | M] () -- C:\k9371937.dll.zip
[2010/03/31 07:31:05 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\SpeedBit Video Accelerator.lnk
[2010/03/31 07:25:06 | 003,509,272 | ---- | M] () -- C:\va31_update_1.exe
[2010/03/31 06:01:57 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\My Documents\vehicle transfer letter.rtf
[2010/03/30 22:43:23 | 000,000,096 | -H-- | M] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/03/26 09:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\rpc.job
[2010/03/25 01:40:50 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\Shortcut to [Eclipse] Kimi ni Todoke - 24 (XviD) [EBF4493D].lnk
[2010/03/25 01:40:07 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/03/31 13:13:34 | 000,449,043 | ---- | C] () -- C:\RegSeeker.zip
[2010/03/31 12:59:06 | 000,003,086 | ---- | C] () -- C:\k9371937.dll.zip
[2010/03/31 07:13:28 | 003,509,272 | ---- | C] () -- C:\va31_update_1.exe
[2010/03/31 05:47:36 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\My Documents\vehicle transfer letter.rtf
[2010/03/25 01:40:50 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\Shortcut to [Eclipse] Kimi ni Todoke - 24 (XviD) [EBF4493D].lnk
[2010/01/29 07:49:01 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/01/23 05:55:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GKLauncherInfo.ini
[2009/09/23 05:29:39 | 000,000,066 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/08/02 06:22:05 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/29 16:38:16 | 000,005,708 | ---- | C] () -- C:\WINDOWS\System32\k9371937.dll
[2009/04/15 14:31:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/04/10 18:10:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/21 01:13:45 | 000,003,748 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/02/21 01:13:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/02/04 00:07:20 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/02/04 00:07:18 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/02/04 00:07:17 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/04 00:07:17 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/04 00:07:17 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/04 00:07:16 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/02/04 00:07:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/02/04 00:06:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/03 06:58:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/05/09 15:50:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/09 15:50:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/09 15:50:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/09 15:50:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/09 15:50:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/09 15:50:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[color=\"#E56717\"]========== LOP Check ==========[/color]

[2009/04/15 14:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/07/18 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
[2009/07/16 04:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/10/26 06:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/11/15 09:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/08/26 12:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/04/01 07:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/23 13:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2009/04/15 14:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/19 14:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/03/31 11:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/30 22:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/08/26 17:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\.BitTornado
[2009/07/20 01:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\.minecraft
[2009/04/15 15:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\acccore
[2009/11/11 13:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\BitTorrent
[2008/11/25 08:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/01 07:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\DNA
[2009/08/26 15:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\DragonicaSCB
[2009/07/16 04:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\ESET
[2009/08/25 14:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\gtk-2.0
[2009/03/16 06:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\ijjigame
[2009/07/23 11:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\LimeWire
[2009/09/03 07:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\onverse
[2009/04/15 15:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\QQ Games Plugin
[2009/04/11 16:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Subversion
[2009/08/15 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\TeamViewer
[2010/02/02 04:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Toolbar4
[2009/03/10 10:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Unity
[2009/05/18 07:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Viewpoint
[2009/09/30 18:02:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/03/13 20:45:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/04/01 07:09:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
[2010/03/26 09:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\rpc.job

[color=\"#E56717\"]========== Purity Check ==========[/color]

[color=\"#E56717\"]========== Custom Scans ==========[/color]

[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]
[2009/05/20 03:06:43 | 044,818,456 | ---- | M] (Hewlett-Packard Company ) -- C:\AiO_071_000_201_000_CDA_DriverOnly_NonNetwork_enu.exe
[2009/08/25 15:59:23 | 004,308,596 | ---- | M] () -- C:\BitTornado-0.3.17-w32install.exe
[2009/08/25 16:58:56 | 002,501,864 | ---- | M] () -- C:\BitTorrent-6.2.exe
[2009/08/26 11:50:07 | 000,635,774 | ---- | M] () -- C:\dap93.exe
[2009/09/23 14:34:33 | 228,255,509 | ---- | M] (Barunson Interactive) -- C:\DGN_ManualPatch_0.1.30_to_1.0.1.exe
[2009/08/26 12:59:45 | 000,003,990 | ---- | M] () -- C:\Dragonica_Setup.exe
[2009/08/26 14:19:46 | 851,961,714 | ---- | M] (Infocomm Asia Holdings Pte Ltd ) -- C:\Dragonica_Setup_1.exe
[2009/09/17 11:49:18 | 001,606,064 | ---- | M] () -- C:\googletalk-setup.exe
[2010/03/31 22:19:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2009/08/18 10:25:35 | 716,635,272 | ---- | M] (InstallShield Software Corporation) -- C:\LcInstallUSA_090313.exe
[2009/05/25 11:59:54 | 002,080,797 | ---- | M] (Project64 ) -- C:\project64_1.6.exe
[2010/01/17 08:05:59 | 286,564,832 | ---- | M] (Microsoft Game Studios ) -- C:\setup.exe
[2010/01/18 05:37:12 | 286,564,832 | ---- | M] (Microsoft Game Studios ) -- C:\setup_1.exe
[2010/01/16 13:21:18 | 002,025,768 | ---- | M] (Skype Technologies S.A.) -- C:\SkypeSetup.exe
[2010/01/23 03:03:46 | 007,520,288 | ---- | M] () -- C:\SUPERAntiSpyware.exe
[2010/02/02 04:47:29 | 005,217,304 | ---- | M] () -- C:\va31_update.exe
[2010/03/31 07:25:06 | 003,509,272 | ---- | M] () -- C:\va31_update_1.exe
[2009/08/26 17:10:27 | 003,317,272 | ---- | M] () -- C:\va3_affad.exe
[2009/10/08 21:56:58 | 018,527,244 | ---- | M] () -- C:\vlc-1.0.2-win32.exe

[color=\"#A23BEC\"]< MD5 for: AGP440.SYS >[/color]
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/25 06:16:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/25 06:16:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS >[/color]
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/25 06:16:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/25 06:16:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL >[/color]
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2008/02/02 08:55:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/02/02 08:55:18 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/02/02 08:55:18 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >

OTL Extras logfile created on: 4/1/2010 7:31:11 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 39.57 Gb Free Space | 53.10% Space Free | Partition Type: NTFS
Drive D: | 994.74 Mb Total Space | 258.02 Mb Free Space | 25.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAMJEE-661EE8C
Current User Name: mohsin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[color=\"#E56717\"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=\"#E56717\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"94:TCP" = 94:TCP:*:Enabled:VRS Recording System Web Control Panel
"8000:UDP" = 8000:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8001:UDP" = 8001:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP" = 8002:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP" = 8003:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP" = 8004:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP" = 8005:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP" = 8006:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP" = 8007:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP" = 8008:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP" = 8009:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"5060:UDP" = 5060:UDP:*:Enabled:Axon Virtual PBX Sip Incoming Calls (UDP)
"81:TCP" = 81:TCP:*:Enabled:Axon Virtual PBX Web Server
"57974:TCP" = 57974:TCP:*:Enabled:Pando Media Booster
"57974:UDP" = 57974:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=\"#E56717\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Documents and Settings\MOHSIN\Desktop\Rtb\blockLand.exe" = C:\Documents and Settings\MOHSIN\Desktop\Rtb\blockLand.exe:*:Enabled:blockLand -- ()
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found
"C:\Program Files\NCH Swift Sound\Axon\axon.exe" = C:\Program Files\NCH Swift Sound\Axon\axon.exe:*:Enabled:Axon Virtual PBX -- File not found
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- File not found
"C:\Ntreev\Grand Chase\main.exe" = C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe" = C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe -- ()
"C:\IJJI\ENGLISH\ARCADE\LUNIA\ijjiPurpleOutBound.exe" = C:\IJJI\ENGLISH\ARCADE\LUNIA\ijjiPurpleOutBound.exe:*:Enabled:ijjiPurpleOutBound Application -- (NHN USA Inc.)
"E:\PacSteamT\SteamApps\happyember\garrysmod\hl2.exe" = E:\PacSteamT\SteamApps\happyember\garrysmod\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Tencent\QQ Games\QQGamesD.exe" = C:\Program Files\Tencent\QQ Games\QQGamesD.exe:*:Enabled:QQ Games Downloader -- File not found
"C:\Makena\There\ThereClient\There.exe" = C:\Makena\There\ThereClient\There.exe:*:Enabled:There -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\GameKiss\ValkyrieSky\Valkyrie Sky.exe" = C:\Program Files\GameKiss\ValkyrieSky\Valkyrie Sky.exe:*:Enabled:Valkyrie ??

? -- ()

[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(tm) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4DC6EB24-629D-41D7-AB3E-E81872A8F9CC}" = TortoiseSVN 1.6.1.16129 (32 bit)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12A198C-E751-4729-839A-8FA07CF941C1}_is1" = Dragonica
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FDBE4583-26AB-4DBE-8263-07836871002D}" = Zoo Tycoon2 - Marine Mania Demo
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTornado" = BitTornado 0.3.17
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SolidStateIONIE" = Solid State ION Internet Explorer Plugin
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Station Installer" = Station Installer 1.0.3.56
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.2
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 3/2/2010 2:30:16 AM | Computer Name = ADAMJEE-661EE8C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2010 5:27:54 AM | Computer Name = ADAMJEE-661EE8C | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x001b3b5a.

Error - 3/6/2010 1:36:01 PM | Computer Name = ADAMJEE-661EE8C | Source = Application Error | ID = 1000
Description = Faulting application dragonica.exe, version 0.10.30.2, faulting module
dragonica.exe, version 0.10.30.2, fault address 0x00af040a.

Error - 3/6/2010 11:19:17 PM | Computer Name = ADAMJEE-661EE8C | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x001b7578.

Error - 3/8/2010 1:34:15 PM | Computer Name = ADAMJEE-661EE8C | Source = Application Error | ID = 1000
Description = Faulting application dragonica.exe, version 0.10.30.2, faulting module
dragonica.exe, version 0.10.30.2, fault address 0x00af31c3.

Error - 3/9/2010 1:19:04 PM | Computer Name = ADAMJEE-661EE8C | Source = Application Error | ID = 1000
Description = Faulting application dragonica.exe, version 0.10.30.2, faulting module
msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

Error - 3/10/2010 9:27:02 AM | Computer Name = ADAMJEE-661EE8C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/10/2010 9:27:06 AM | Computer Name = ADAMJEE-661EE8C | Source = Application Hang | ID = 1001
Description = Fault bucket 1669655770.

Error - 3/11/2010 3:55:31 AM | Computer Name = ADAMJEE-661EE8C | Source = Google Update | ID = 20
Description =

Error - 3/12/2010 1:24:02 PM | Computer Name = ADAMJEE-661EE8C | Source = Application Error | ID = 1000
Description = Faulting application dragonica.exe, version 0.10.30.2, faulting module
unknown, version 0.0.0.0, fault address 0xffffffff.

[ System Events ]
Error - 3/31/2010 1:41:46 PM | Computer Name = ADAMJEE-661EE8C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/31/2010 1:41:58 PM | Computer Name = ADAMJEE-661EE8C | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 3/31/2010 1:41:58 PM | Computer Name = ADAMJEE-661EE8C | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 3/31/2010 1:41:58 PM | Computer Name = ADAMJEE-661EE8C | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 3/31/2010 1:41:58 PM | Computer Name = ADAMJEE-661EE8C | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 3/31/2010 1:41:58 PM | Computer Name = ADAMJEE-661EE8C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdPPM avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbs

guestolo · « **Reply #3 on:** April 01, 2010, 09:02:15 AM »

Just on my way to work, in the meantime, can you do the following please

Download ComboFix from only this location

[color=\"#0000FF\"]Link [/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

aristember · « **Reply #4 on:** April 01, 2010, 01:17:58 PM »

I think it got interupted and stopped working the first time, so I ran it again and it worked fine

Anyway, here's the log:

ComboFix 10-03-29.04 - mohsin 04/01/2010 13:39:41.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.894 [GMT -4:00]
Running from: c:\documents and settings\mohsin.ADAMJEE-661EE8C\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
c:\program files\Internet Explorer\SET29.tmp
C:\setup.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

-- Previous Run --

Infected copy of c:\windows\system32\rundll32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rundll32.exe

--------

.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-04-01 14:19 . 2010-02-02 08:48   62464   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\update.exe
2010-04-01 14:19 . 2010-02-02 08:48   48128   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\uninstall.exe
2010-04-01 02:19 . 2010-04-01 02:19   401720   ----a-w-   C:\HiJackThis.exe
2010-03-31 17:13 . 2010-03-31 17:13   449043   ----a-w-   C:\RegSeeker.zip
2010-03-31 16:59 . 2010-03-31 16:59   3086   ----a-w-   C:\k9371937.dll.zip
2010-03-31 15:01 . 2010-03-31 15:01   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\WinZip
2010-03-31 11:13 . 2010-03-31 11:25   3509272   ----a-w-   C:\va31_update_1.exe
2010-03-30 12:00 . 2010-03-30 12:00   --------   d-----w-   c:\program files\Common Files\Skype
2010-03-11 03:19 . 2009-10-23 15:28   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 17:34 . 2008-12-05 19:25   --------   d-----w-   c:\program files\DNA
2010-04-01 17:34 . 2008-12-05 19:25   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\DNA
2010-04-01 17:17 . 2008-05-30 13:58   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-04-01 17:11 . 2010-01-16 17:25   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Skype
2010-04-01 13:53 . 2008-10-26 11:47   96   ---ha-w-   c:\windows\system32\HsInfo.dat
2010-04-01 13:02 . 2010-01-16 17:28   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\skypePM
2010-03-31 15:01 . 2010-01-27 13:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\WinZip
2010-03-31 12:25 . 2009-08-26 16:44   --------   d-----w-   c:\program files\SpeedBit Video Accelerator
2010-03-31 11:15 . 2010-01-23 07:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-03-28 16:16 . 2009-11-26 12:24   79488   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-25 13:34 . 2009-10-09 02:04   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\vlc
2010-03-11 12:38 . 2004-08-04 04:56   832512   ------w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 04:56   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 04:56   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-10 07:28 . 2009-12-18 13:48   7631232   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-02-23 09:14 . 2010-02-23 09:14   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Media Player Classic
2010-02-02 08:48 . 2010-02-02 08:48   --------   d-----w-   c:\program files\SpeedBit Video Downloader
2010-02-02 08:48 . 2010-02-02 08:48   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Toolbar4
2010-02-02 08:47 . 2010-02-02 08:46   5217304   ----a-w-   C:\va31_update.exe
2010-02-01 06:42 . 2008-03-07 03:25   --------   d-----w-   c:\program files\Google
2010-01-30 13:11 . 2008-10-24 18:47   27464   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-23 07:41 . 2010-01-23 07:41   25398   ----a-w-   C:\setup_wk_100105.zip
2010-01-23 07:11 . 2010-01-23 07:11   52224   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-23 07:11 . 2010-01-23 07:11   117760   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-23 07:03 . 2010-01-23 07:01   7520288   ----a-w-   C:\SUPERAntiSpyware.exe
2010-01-18 09:37 . 2010-01-18 08:17   286564832   ----a-w-   C:\setup_1.exe
2010-01-16 17:28 . 2010-01-16 17:28   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-01-16 17:21 . 2010-01-16 17:21   2025768   ----a-w-   C:\SkypeSetup.exe
2008-09-19 16:07 . 2008-09-19 16:07   774144   ----a-w-   c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-02-02 08:48   2447360   ----a-w-   c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Aim6"="" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-25 39408]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-08-26 2799104]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-15 2923192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-31 2012912]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-03-31 1607272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16116224]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-25 122368]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\MOHSIN\\Desktop\\Rtb\\blockLand.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\IJJI\\ENGLISH\\ARCADE\\LUNIA\\ijjiPurpleOutBound.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\GameKiss\\ValkyrieSky\\Valkyrie Sky.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"57974:TCP"= 57974:TCP:Pando Media Booster
"57974:UDP"= 57974:UDP:Pando Media Booster

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/6/2009 4:41 PM 108289]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 2:42 AM 135664]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/15/2009 2:09 PM 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
*NewlyCreated* - PARPORT
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 06:42]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 06:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mohsin\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
FF - ProfilePath - c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Firefox\Profiles\ek050ik6.default\
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFExternalAlert.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 13:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(872)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-04-01 13:51:18
ComboFix-quarantined-files.txt 2010-04-01 17:51

Pre-Run: 43,606,994,944 bytes free
Post-Run: 43,598,655,488 bytes free

- - End Of File - - 8BB07AEA3F2815C21EF82A085BC346D9

and C:\ComboFix.txt:

ComboFix 10-03-29.04 - mohsin 04/01/2010 13:39:41.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.894 [GMT -4:00]
Running from: c:\documents and settings\mohsin.ADAMJEE-661EE8C\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
c:\program files\Internet Explorer\SET29.tmp
C:\setup.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

-- Previous Run --

Infected copy of c:\windows\system32\rundll32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rundll32.exe

--------

.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-04-01 14:19 . 2010-02-02 08:48   62464   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\update.exe
2010-04-01 14:19 . 2010-02-02 08:48   48128   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\uninstall.exe
2010-04-01 02:19 . 2010-04-01 02:19   401720   ----a-w-   C:\HiJackThis.exe
2010-03-31 17:13 . 2010-03-31 17:13   449043   ----a-w-   C:\RegSeeker.zip
2010-03-31 16:59 . 2010-03-31 16:59   3086   ----a-w-   C:\k9371937.dll.zip
2010-03-31 15:01 . 2010-03-31 15:01   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\WinZip
2010-03-31 11:13 . 2010-03-31 11:25   3509272   ----a-w-   C:\va31_update_1.exe
2010-03-30 12:00 . 2010-03-30 12:00   --------   d-----w-   c:\program files\Common Files\Skype
2010-03-11 03:19 . 2009-10-23 15:28   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 17:34 . 2008-12-05 19:25   --------   d-----w-   c:\program files\DNA
2010-04-01 17:34 . 2008-12-05 19:25   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\DNA
2010-04-01 17:17 . 2008-05-30 13:58   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-04-01 17:11 . 2010-01-16 17:25   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Skype
2010-04-01 13:53 . 2008-10-26 11:47   96   ---ha-w-   c:\windows\system32\HsInfo.dat
2010-04-01 13:02 . 2010-01-16 17:28   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\skypePM
2010-03-31 15:01 . 2010-01-27 13:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\WinZip
2010-03-31 12:25 . 2009-08-26 16:44   --------   d-----w-   c:\program files\SpeedBit Video Accelerator
2010-03-31 11:15 . 2010-01-23 07:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-03-28 16:16 . 2009-11-26 12:24   79488   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-25 13:34 . 2009-10-09 02:04   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\vlc
2010-03-11 12:38 . 2004-08-04 04:56   832512   ------w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 04:56   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 04:56   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-10 07:28 . 2009-12-18 13:48   7631232   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-02-23 09:14 . 2010-02-23 09:14   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Media Player Classic
2010-02-02 08:48 . 2010-02-02 08:48   --------   d-----w-   c:\program files\SpeedBit Video Downloader
2010-02-02 08:48 . 2010-02-02 08:48   --------   d-----w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Toolbar4
2010-02-02 08:47 . 2010-02-02 08:46   5217304   ----a-w-   C:\va31_update.exe
2010-02-01 06:42 . 2008-03-07 03:25   --------   d-----w-   c:\program files\Google
2010-01-30 13:11 . 2008-10-24 18:47   27464   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-23 07:41 . 2010-01-23 07:41   25398   ----a-w-   C:\setup_wk_100105.zip
2010-01-23 07:11 . 2010-01-23 07:11   52224   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-23 07:11 . 2010-01-23 07:11   117760   ----a-w-   c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-23 07:03 . 2010-01-23 07:01   7520288   ----a-w-   C:\SUPERAntiSpyware.exe
2010-01-18 09:37 . 2010-01-18 08:17   286564832   ----a-w-   C:\setup_1.exe
2010-01-16 17:28 . 2010-01-16 17:28   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-01-16 17:21 . 2010-01-16 17:21   2025768   ----a-w-   C:\SkypeSetup.exe
2008-09-19 16:07 . 2008-09-19 16:07   774144   ----a-w-   c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-02-02 08:48   2447360   ----a-w-   c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26   80384   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Aim6"="" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-25 39408]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-08-26 2799104]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-15 2923192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-31 2012912]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-03-31 1607272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16116224]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-25 122368]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\MOHSIN\\Desktop\\Rtb\\blockLand.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\IJJI\\ENGLISH\\ARCADE\\LUNIA\\ijjiPurpleOutBound.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\GameKiss\\ValkyrieSky\\Valkyrie Sky.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"57974:TCP"= 57974:TCP:Pando Media Booster
"57974:UDP"= 57974:UDP:Pando Media Booster

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/6/2009 4:41 PM 108289]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 2:42 AM 135664]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/15/2009 2:09 PM 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
*NewlyCreated* - PARPORT
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 06:42]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 06:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mohsin\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
FF - ProfilePath - c:\documents and settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Firefox\Profiles\ek050ik6.default\
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFExternalAlert.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 13:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(872)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-04-01 13:51:18
ComboFix-quarantined-files.txt 2010-04-01 17:51

Pre-Run: 43,606,994,944 bytes free
Post-Run: 43,598,655,488 bytes free

- - End Of File - - 8BB07AEA3F2815C21EF82A085BC346D9

guestolo · « **Reply #5 on:** April 02, 2010, 12:31:24 PM »

Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.
NOTE: If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In addition: Reopen OTL.exe and click on RUN SCAN
When the scan is done, post the new log that opens please

aristember · « **Reply #6 on:** April 03, 2010, 04:01:20 AM »

Ok, here they are

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3948

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/3/2010 4:30:42 AM
mbam-log-2010-04-03 (04-30-42).txt

Scan type: Quick scan
Objects scanned: 113088
Time elapsed: 25 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\mohsin\Desktop\Find And Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

I keep getting an error when I try to post the OTL log, so I attatched it
OTL logfile created on: 4/3/2010 4:40:30 AM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 35.70 Gb Free Space | 47.91% Space Free | Partition Type: NTFS
Drive D: | 994.74 Mb Total Space | 258.02 Mb Free Space | 25.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAMJEE-661EE8C
Current User Name: mohsin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/01 05:41:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\OTL.exe
PRC - [2010/03/31 07:30:34 | 001,607,272 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/03/31 07:30:34 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/03/31 07:30:34 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/03/31 07:15:00 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/03/29 15:24:52 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/11/15 09:00:45 | 002,923,192 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/11/12 23:30:37 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/26 12:20:38 | 002,799,104 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/07/25 14:30:25 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/25 14:30:23 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:10 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/01 05:41:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/03/31 07:30:34 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2007/01/04 17:38:10 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/02/19 09:38:18 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 09:38:18 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 09:38:18 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/27 10:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 12:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/12 23:02:20 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/24 22:33:16 | 000,043,008 | R--- | M] (Circuit City ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcinic5b.sys -- (FETNDISB)
DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 11:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 11:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 11:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2086743
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {dd02a4eb-4afd-4d60-99d8-e67f964ca813}:2.1.0.19
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414

FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/27 09:35:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/02/02 04:48:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/26 01:28:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 07:09:26 | 000,000,000 | ---D | M]

[2008/10/25 02:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Extensions
[2009/04/21 12:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Extensions\[email protected]
[2009/08/31 00:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Firefox\Profiles\ek050ik6.default\extensions
[2009/07/25 09:14:13 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Mozilla\Firefox\Profiles\ek050ik6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/25 22:23:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/08 16:06:57 | 000,000,000 | ---D | M] (PHPNukeEN Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
[2009/11/15 09:00:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2005/04/27 16:10:50 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/04/16 13:07:14 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/04/01 13:14:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mohsin\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} http://apps.vivaty.com/downloads/player/Vi...D%20Content.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://secure.footprint.net/kingsisle/stat...ameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://www.solidaxision.com/setup/solidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.70.150.10 202.70.150.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/02 09:04:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/04/03 03:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Application Data\Malwarebytes
[2010/04/03 03:49:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/03 03:49:49 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/03 03:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/03 03:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/03 03:39:25 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\mbam-setup.exe
[2010/04/03 03:35:21 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\TFC.exe
[2010/04/03 02:20:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/01 13:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/01 13:00:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/01 12:58:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/01 12:58:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/01 12:58:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/01 12:58:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/01 12:58:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/01 12:52:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/01 05:41:01 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\OTL.exe
[2010/03/31 22:19:32 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2010/03/31 12:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/03/31 11:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\WinZip
[2010/03/30 08:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/10 23:19:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/02/01 02:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/01 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/18 12:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/05/06 16:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/04/09 18:24:51 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2008/12/06 09:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2008/12/06 08:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/11/27 06:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/09/19 12:07:31 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2008/09/19 11:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/09/19 11:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/05/05 13:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/02/02 09:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/02 09:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/02/02 08:56:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/02/02 08:56:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/04/03 04:33:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/03 04:33:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/03 04:32:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/03 04:32:18 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\ntuser.dat
[2010/04/03 04:32:03 | 004,314,384 | -H-- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\IconCache.db
[2010/04/03 03:58:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/03 03:49:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 03:40:12 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\mbam-setup.exe
[2010/04/03 03:35:29 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\TFC.exe
[2010/04/03 02:54:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/03 02:53:59 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 02:43:00 | 369,707,008 | ---- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\[Syndicate]_Code_Geass_-_24-25_[FEFC90BA].avi
[2010/04/02 23:00:16 | 000,000,096 | -H-- | M] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/04/01 13:52:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\ntuser.ini
[2010/04/01 13:46:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/01 13:14:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/01 13:00:27 | 000,000,281 | RHS- | M] () -- C:\boot. ini
[2010/04/01 12:43:00 | 003,906,159 | R--- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\ComboFix.exe
[2010/04/01 05:41:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\OTL.exe
[2010/03/31 22:19:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2010/03/31 12:59:07 | 000,003,086 | ---- | M] () -- C:\k9371937.dll.zip
[2010/03/31 07:25:06 | 003,509,272 | ---- | M] () -- C:\va31_update_1.exe
[2010/03/31 06:01:57 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\My Documents\vehicle transfer letter.rtf
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/14 06:15:55 | 000,462,872 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 06:15:55 | 000,079,880 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 06:15:54 | 000,552,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 08:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 08:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 08:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 08:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 08:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 08:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 08:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 08:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 08:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 08:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 08:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/03/10 23:29:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/10 09:18:46 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/03/10 09:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010/03/10 09:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/03/10 09:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/03/10 09:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/04/03 03:49:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 01:52:15 | 369,707,008 | ---- | C] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\[Syndicate]_Code_Geass_-_24-25_[FEFC90BA].avi
[2010/04/01 13:00:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/01 13:00:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/01 12:58:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/01 12:58:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/01 12:58:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/01 12:58:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/01 12:58:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/01 12:42:24 | 003,906,159 | R--- | C] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Desktop\ComboFix.exe
[2010/03/31 12:59:06 | 000,003,086 | ---- | C] () -- C:\k9371937.dll.zip
[2010/03/31 07:13:28 | 003,509,272 | ---- | C] () -- C:\va31_update_1.exe
[2010/03/31 05:47:36 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\My Documents\vehicle transfer letter.rtf
[2010/01/29 07:49:01 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/01/23 05:55:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GKLauncherInfo.ini
[2009/09/23 05:29:39 | 000,000,066 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/08/02 06:22:05 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/29 16:38:16 | 000,005,708 | ---- | C] () -- C:\WINDOWS\System32\k9371937.dll
[2009/04/15 14:31:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/04/10 18:10:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/21 01:13:45 | 000,003,748 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/02/21 01:13:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/02/04 00:07:20 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/02/04 00:07:18 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/02/04 00:07:17 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/04 00:07:17 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/04 00:07:17 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/04 00:07:16 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/02/04 00:07:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/02/04 00:06:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/03 06:58:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/05/09 15:50:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/09 15:50:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/09 15:50:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/09 15:50:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/09 15:50:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/09 15:50:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >

guestolo · « **Reply #7 on:** April 03, 2010, 12:22:01 PM »

Go [color=\"#FF0000\"]HERE[/color] to run an online scannner from ESET

NOTE: I suggest you temporarily disable your realtime protection with your AntiVirus so it won't interfere, simply right click Avira icon by the clock and Disable the Guard

If you are not using IE, then save the installer to desktop

If you saved the installer to desktop,

Double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
[/list]
Regardless if running online, or saved the installer, do the next steps if required

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install.
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings and ensure these options are ticked:
o Scan for potentially unwanted applications
o Scan for potentially unsafe applications
o Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish.
Use [color=\"#0000FF\"]Notepad[/color] to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Copy/paste that log as a reply to this topic and also let me know how things are now.

aristember · « **Reply #8 on:** April 04, 2010, 08:28:39 AM »

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b82ed453232f674aabd22bdcadc595ba
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-04 01:09:49
# local_time=2010-04-04 09:09:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98379
# found=1
# cleaned=0
# scan_time=5484
C:\Program Files\Mozilla Firefox 2 Beta 1\IE7-WindowsXP-x86-enu.exe Win32/Adware.Trymedia application 00000000000000000000000000000000 I

Well... I think my computer has been doing a lot better lately. But, instead of the messages that popped up before, I've got one now that I think I may have gotten before all the other ones.. so, I think it's back now

RUNDLL
An exception has occured while trying to run "C:\WINDOWS\system32\NvCpl.dll,NvStartup"

..do you think you could help me out with that too please?

guestolo · « **Reply #9 on:** April 04, 2010, 10:31:17 AM »

Quote

An exception has occured while trying to run "C:\WINDOWS\system32\NvCpl.dll,NvStartup"

Do you purposely overclock your video card?
You may not, just enquiring

Do you know what the following file is related too?
C:\va31_update_1.exe

In addition, can you do the following
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

aristember · « **Reply #10 on:** April 04, 2010, 12:58:08 PM »

I honestly don't know. I know that my video card is old, but I'm not sure if I do..

I searched C:\va31_update_1.exe on my computer, and it leads to an installer for Speedbit Video Accelerator

Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(tm) 6 Update 11
[color=\"red\"]Out of date Java installed![/color]
Adobe Flash Player 10
Adobe Reader 9.1
[color=\"red\"]Out of date Adobe Reader installed![/color]
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

guestolo · « **Reply #11 on:** April 04, 2010, 01:35:51 PM »

Let's try and update some of your software to help keep your system secure

Can you open Adobe Reader, click on HELP>>>CHECK FOR UPDATES
Install latest updates
Recheck for updates till you have them all

Go to START>>RUN>>copy/paste the following in red below then click OK

[color=\"#FF0000\"]ComboFix /uninstall
[/color]

This will uninstall ComboFix and it's components

Close down all browser windows
Access your Add and Remove Programs
uninstall both versions of Java
Javaâ„¢ 6 Update 11
J2SE Runtime Environment 5.0 Update 12
We'll update Java to the latest version in a bit to help keep your system secure

Also, uninstall the following:
Remove Eset Online Scanner and
Viewpoint Media Player

Reboot your computer after the above has all been removed

Back in Windows
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) .
Scroll down to where it says "JDK 6 Update 19 (JDK or JRE)".
Click the "Download JRE" button to the right.
In the Window that opens, select Windows,>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u19-windows-i586.exe that you downloaded to install the newest version.

Java installs a Quick Starter service that is not required to work properly
Open Windows Control Panel, open the Java icon
open the Advanced tab, under "Miscellaneous"
Untick "Java Quick Starter"
Apply and OK out of there

Double click on OTL.exe and Run it

Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mohsin\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
:Files
C:\k9371937.dll.zip
C:\va31_update_1.exe
:Commands
[EmptyTemp]
[Reboot]
Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

I also want to check on your version of Avira as it may be outdated or not running properly and/or unrecognized by Windows Security Center
Can you open Avira by double clicking the Umbrella by the clock
Click On HELP>>ABOUT AVIRA ANTIVIR>>Product information
Let me know what product version you have installed please

aristember · « **Reply #12 on:** April 06, 2010, 02:54:44 AM »

Actually um, I uninstalled Avira but if you want me to get it back again I can go do that

hmm.. it said it couldn't find C:\_OTL\Moved Files folder when I searched it, but anyway here it is

guestolo · « **Reply #13 on:** April 06, 2010, 09:17:25 PM »

Try the following
Go to START>>MyComputer
Open LOCAL DISK C:>>>Open _OTL Folder>>Open MOVED FILES folder
Look for that text file that shows a copy of the log I wanted to see

Post that log back, keep me informed how things are now running

You removed Avira, what do you plan on using for AntiVirus software?

aristember · « **Reply #14 on:** April 09, 2010, 09:09:44 AM »

Ok.. sorry, I had done the wrong scan and finally got it

also, I'm planning on getting Avast antivirus

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
========== FILES ==========
C:\k9371937.dll.zip moved successfully.
C:\va31_update_1.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33434 bytes
->FireFox cache emptied: 0 bytes

User: mohsin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: mohsin.ADAMJEE-661EE8C
->Temp folder emptied: 30560330 bytes
->Temporary Internet Files folder emptied: 69254217 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10336 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEMP
->Temporary Internet Files folder emptied: 0 bytes

User: XPPRESP3

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3889928627 bytes

Total Files Cleaned = 3,805.00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 04092010_100010

Files\Folders moved on Reboot...
C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Temp\GoogleQuickSearchBox.log moved successfully.
File\Folder C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Temp\~DFF79C.tmp not found!
File\Folder C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Temp\~DFF7A9.tmp not found!
C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Temporary Internet Files\Content.IE5\C0ADT8TB\ads[11].htm moved successfully.
C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Temporary Internet Files\Content.IE5\C0ADT8TB\index[4].htm moved successfully.
C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Temporary Internet Files\Content.IE5\1X3WU2E4\iframe[1].htm moved successfully.
C:\Documents and Settings\mohsin.ADAMJEE-661EE8C\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

guestolo · « **Reply #15 on:** April 11, 2010, 11:16:46 AM »

Quote

also, I'm planning on getting Avast antivirus

Great, then why not do the following
If you haven't installed Avast yet, here is the download link to the free version, if that's the version your planning on installing
http://www.avast.com/free-antivirus-download

After installation, ensure it's updated and run a Full system scan
Let it fix whatever it finds

Keep me informed how things are running please

aristember · « **Reply #16 on:** April 16, 2010, 06:54:46 AM »

thanks for posting that, i haven't really had the time to be on my computer and download it so i did now. my computer has been working fine lately. thanks a lot for helping me out

TheTechGuide Forum

News:

Author Topic: rundll32.exe problems (Read 1861 times)

aristember

rundll32.exe problems

guestolo

rundll32.exe problems

aristember

rundll32.exe problems

guestolo

rundll32.exe problems

aristember

rundll32.exe problems

guestolo

rundll32.exe problems

aristember

rundll32.exe problems

guestolo

rundll32.exe problems

aristember

rundll32.exe problems

guestolo

rundll32.exe problems

aristember

rundll32.exe problems

guestolo

rundll32.exe problems

aristember

rundll32.exe problems

guestolo

rundll32.exe problems

aristember

rundll32.exe problems

guestolo

rundll32.exe problems

aristember

rundll32.exe problems