Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't empty Recycle Bin Cannot remove folder Dc189 Access Denied

Started by OreganoAc , Mar 17 2010 07:50 PM

This topic is locked

#16
OreganoAc

Posted 25 March 2010 - 02:29 PM

Member

Topic Starter
Member
22 posts

No change, I'm afraid.

#17
emeraldnzl

Posted 25 March 2010 - 02:39 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hmm... let's see if this one can empty that recycle bin.

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#18
OreganoAc

Posted 25 March 2010 - 03:58 PM

Member

Topic Starter
Member
22 posts

ComboFix 10-03-25.02 - Gabriel 03/25/2010 16:46:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.575 [GMT -5:00]
Running from: c:\documents and settings\Gabriel\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Fsinst16.DLL
c:\windows\system32\SIntf16.dll
c:\windows\system32\vidx16.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-25 21:37 . 2010-03-25 21:37 -------- d-----w- c:\documents and settings\Gabriel\Local Settings\Application Data\Apple Computer
2010-03-25 21:37 . 2010-03-25 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-25 21:37 . 2009-11-10 23:08 180224 ----a-w- c:\windows\system32\QTCF.dll
2010-03-25 21:36 . 2010-03-25 21:37 -------- d-----w- c:\program files\QT Lite
2010-03-24 20:58 . 2010-03-24 20:58 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Easy Duplicate Finder
2010-03-24 20:58 . 2010-03-24 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy Duplicate Finder
2010-03-24 20:19 . 2010-03-24 20:24 -------- d-----w- c:\program files\Handy
2010-03-23 13:48 . 2010-03-23 13:48 -------- d-----w- c:\documents and settings\Nicholas\Application Data\U3
2010-03-23 05:42 . 2010-03-23 05:42 -------- d-----w- c:\windows\Sun
2010-03-23 05:39 . 2009-05-06 00:05 462848 ----a-w- c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\[email protected]\plugins\npGameTapWebUpdater.dll
2010-03-23 05:10 . 2010-03-23 05:10 -------- d-----w- c:\program files\Common Files\Java
2010-03-23 05:10 . 2010-03-23 05:10 503808 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-431965dd-n\msvcp71.dll
2010-03-23 05:10 . 2010-03-23 05:10 499712 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-431965dd-n\jmc.dll
2010-03-23 05:10 . 2010-03-23 05:10 348160 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-431965dd-n\msvcr71.dll
2010-03-23 05:10 . 2010-03-23 05:10 61440 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b8b877e-n\decora-sse.dll
2010-03-23 05:10 . 2010-03-23 05:10 12800 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b8b877e-n\decora-d3d.dll
2010-03-23 05:09 . 2010-03-23 05:09 -------- d-----w- c:\program files\Java
2010-03-23 05:06 . 2010-03-23 05:06 -------- d-----w- c:\documents and settings\Gabriel\Local Settings\Application Data\Mozilla
2010-03-23 05:00 . 2010-03-23 05:00 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\Mozilla
2010-03-23 04:13 . 2005-06-06 15:29 110592 ----a-w- c:\documents and settings\Gabriel\Application Data\U3\temp\cleanup.exe
2010-03-23 03:41 . 2010-03-23 03:41 -------- d-----w- c:\documents and settings\Amy\Application Data\U3
2010-03-23 03:27 . 2010-03-23 03:27 1078 ----a-r- c:\documents and settings\Gabriel\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
2010-03-23 03:27 . 2010-03-23 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\U3
2010-03-23 03:25 . 2010-03-23 13:50 -------- d-----w- c:\documents and settings\Gabriel\Application Data\U3
2010-03-22 20:43 . 2010-03-22 20:43 3584 ----a-r- c:\documents and settings\Gabriel\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-03-22 20:43 . 2010-03-22 20:43 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-03-22 20:42 . 2010-03-22 20:42 -------- d-----w- c:\program files\MSECACHE
2010-03-22 08:20 . 2010-03-22 08:20 -------- d-----w- C:\_OTL
2010-03-21 16:57 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-03-21 02:57 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-21 02:57 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-21 02:57 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-21 02:57 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-21 02:57 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-21 02:57 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-20 21:20 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-20 21:18 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-20 21:18 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-20 21:18 . 2009-12-08 18:43 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-20 21:18 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-20 21:17 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-20 21:17 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-03-20 21:15 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-03-20 21:15 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-03-20 20:16 . 2001-08-18 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-03-20 20:16 . 2001-08-18 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-03-20 20:16 . 2008-04-14 10:41 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-03-20 20:16 . 2001-08-18 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-03-20 20:16 . 2008-04-14 10:41 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-03-20 20:16 . 2008-04-14 10:41 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-03-20 20:16 . 2001-08-18 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-03-20 20:14 . 2008-04-14 10:40 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2010-03-20 20:13 . 2001-08-18 12:00 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll
2010-03-20 20:12 . 2008-04-14 10:39 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-03-20 20:11 . 2001-08-18 12:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-03-20 20:10 . 2001-08-18 12:00 578560 ----a-w- c:\windows\system32\autoconv.exe
2010-03-20 20:06 . 2001-08-18 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-20 19:53 . 2001-08-18 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-20 19:53 . 2001-08-18 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-20 19:53 . 2001-08-18 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-20 19:53 . 2001-08-18 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-20 18:40 . 2009-03-27 06:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-03-20 18:40 . 2010-03-20 18:40 -------- d-----w- c:\program files\CPUID
2010-03-19 22:57 . 2003-10-17 16:52 754560 ----a-w- c:\windows\system32\drivers\cmuda.sys
2010-03-19 22:57 . 2003-10-15 23:37 114688 ----a-w- c:\windows\system32\cmuda.dll
2010-03-19 22:57 . 2003-10-15 21:26 1454080 ----a-w- c:\windows\system\SmWizard.exe
2010-03-19 22:57 . 2003-04-24 18:29 32768 ----a-w- c:\windows\system32\udaprop.dll
2010-03-19 22:57 . 2002-04-29 20:04 917504 ----a-w- c:\windows\system\cmids3d.dll
2010-03-19 22:57 . 2001-11-23 17:08 712704 ----a-w- c:\windows\system32\Audio3D.dll
2010-03-19 22:57 . 2010-03-19 22:57 -------- d-----w- c:\program files\C-Media 3D Audio
2010-03-19 22:57 . 2003-08-05 19:23 266240 ----a-w- c:\windows\CMIUninstall.exe
2010-03-19 22:57 . 2003-07-22 16:15 225280 ----a-w- c:\windows\CmiRmRedundDir.exe
2010-03-19 22:57 . 2002-10-18 20:56 28672 ----a-w- c:\windows\CMIRmDriver.dll
2010-03-19 21:48 . 2010-03-19 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-19 21:47 . 2010-03-19 21:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-19 21:47 . 2010-03-19 21:47 -------- d-----w- c:\documents and settings\Gabriel\Application Data\SUPERAntiSpyware.com
2010-03-19 20:47 . 2010-03-19 20:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-19 19:42 . 2008-04-14 10:42 24576 -c--a-w- c:\windows\system32\dllcache\icwrmind.exe
2010-03-19 19:42 . 2008-04-14 10:41 49152 -c--a-w- c:\windows\system32\dllcache\icwutil.dll
2010-03-19 19:42 . 2001-08-18 12:00 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
2010-03-19 19:42 . 2001-08-18 12:00 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
2010-03-19 19:42 . 2008-04-14 10:41 61440 -c--a-w- c:\windows\system32\dllcache\icwconn.dll
2010-03-19 19:42 . 2008-04-14 10:41 172032 -c--a-w- c:\windows\system32\dllcache\icwhelp.dll
2010-03-19 19:42 . 2001-08-18 12:00 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2010-03-19 19:28 . 2008-04-14 05:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-03-19 19:28 . 2008-04-14 05:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-19 19:20 . 2008-04-14 10:42 102400 -c--a-w- c:\windows\system32\dllcache\msjro.dll
2010-03-19 19:07 . 2008-04-21 12:08 215552 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-03-19 19:06 . 2008-04-14 10:42 56320 -c--a-w- c:\windows\system32\dllcache\servdeps.dll
2010-03-19 19:06 . 2008-04-14 10:42 56320 ----a-w- c:\windows\system32\servdeps.dll
2010-03-19 19:06 . 2008-04-14 10:41 58880 -c--a-w- c:\windows\system32\dllcache\licwmi.dll
2010-03-19 19:06 . 2008-04-14 10:41 58880 ----a-w- c:\windows\system32\licwmi.dll
2010-03-19 19:06 . 2008-04-14 10:41 17408 -c--a-w- c:\windows\system32\dllcache\mmfutil.dll
2010-03-19 19:06 . 2008-04-14 10:41 17408 ----a-w- c:\windows\system32\mmfutil.dll
2010-03-19 19:06 . 2008-04-14 10:41 185344 -c--a-w- c:\windows\system32\dllcache\cmprops.dll
2010-03-19 19:06 . 2008-04-14 10:41 185344 ----a-w- c:\windows\system32\cmprops.dll
2010-03-19 19:06 . 2008-04-14 05:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-03-19 18:52 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-03-19 18:48 . 2008-04-14 10:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-03-19 18:46 . 2008-04-14 10:42 741376 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2010-03-19 18:46 . 2007-04-03 04:56 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2010-03-19 18:46 . 2007-04-03 04:56 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2010-03-19 18:46 . 2007-04-03 04:56 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2010-03-19 18:46 . 2007-04-03 04:56 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2010-03-19 18:46 . 2007-04-03 04:56 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2010-03-19 18:46 . 2007-04-03 04:56 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll
2010-03-19 18:46 . 2008-04-14 10:42 146432 ----a-w- c:\windows\system\WINSPOOL.DRV
2010-03-19 18:46 . 2008-04-14 05:24 11264 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2010-03-19 18:46 . 2008-04-14 05:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-03-19 18:46 . 2008-04-14 10:42 74752 ----a-w- c:\windows\system32\storprop.dll
2010-03-17 18:03 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-17 18:03 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-17 18:03 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-17 18:03 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-17 18:03 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-17 18:03 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-17 18:03 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-17 18:03 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-17 18:03 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-17 18:03 . 2010-03-17 18:03 -------- d-----w- c:\program files\Alwil Software
2010-03-17 18:03 . 2010-03-17 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-17 17:40 . 2010-03-17 17:40 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Malwarebytes
2010-03-17 17:40 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 17:40 . 2010-03-17 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-17 17:40 . 2010-03-17 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 20:26 . 2009-09-19 00:41 -------- d-----w- c:\documents and settings\Gabriel\Application Data\WTablet
2010-03-25 20:26 . 2009-09-19 04:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-03-24 20:58 . 2009-09-21 14:30 -------- d-----w- c:\program files\Easy Duplicate Finder
2010-03-24 20:38 . 2009-12-07 21:33 -------- d-----w- c:\program files\MagicEngine10
2010-03-24 20:13 . 2009-09-15 23:23 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Azureus
2010-03-24 14:03 . 2010-01-15 07:55 -------- d-----w- c:\program files\Desktop Alarm Clock v1.0
2010-03-24 14:03 . 2009-10-26 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2010-03-24 10:40 . 2009-09-19 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-23 13:45 . 2009-10-11 03:29 -------- d-----w- c:\documents and settings\Nicholas\Application Data\WTablet
2010-03-23 13:45 . 2009-09-19 20:46 -------- d-----w- c:\documents and settings\Amy\Application Data\WTablet
2010-03-23 05:09 . 2009-09-15 08:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-21 02:39 . 2009-09-15 09:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-20 20:05 . 2009-09-15 03:11 22820 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-19 21:47 . 2009-09-19 10:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-19 19:48 . 2010-03-19 19:44 76825 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-17 02:41 . 2010-01-25 09:06 -------- d-----w- c:\program files\Yahoo!
2010-03-17 01:48 . 2009-09-15 05:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 23:20 . 2009-09-15 09:28 65608 ----a-w- c:\documents and settings\Gabriel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 11:24 . 2009-09-23 13:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-16 03:30 . 2009-09-16 03:15 -------- d-----w- c:\documents and settings\Gabriel\Application Data\vlc
2010-03-12 09:59 . 2009-09-15 23:23 -------- d-----w- c:\program files\Vuze
2010-03-08 05:32 . 2009-09-30 00:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\WTablet
2010-02-27 16:12 . 2009-09-22 03:27 -------- d-----w- c:\documents and settings\Gabriel\Application Data\dvdcss
2010-02-22 12:12 . 2010-02-22 12:12 -------- d-----w- c:\program files\Real Alternative
2010-02-17 09:21 . 2010-02-08 05:04 -------- d-----w- c:\documents and settings\Gabriel\Application Data\DVD Flick
2010-02-09 23:03 . 2010-02-09 23:03 -------- d-----w- c:\program files\AC3Filter
2010-02-09 15:13 . 2010-02-09 15:13 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Yahoo!
2010-02-08 05:04 . 2010-02-08 05:04 -------- d-----w- c:\program files\DVD Flick
2010-02-08 04:58 . 2010-02-08 04:52 -------- d-----w- c:\program files\Avi2Dvd
2010-02-08 04:57 . 2010-02-08 04:54 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-04 19:38 . 2009-09-18 06:07 65616 ----a-w- c:\documents and settings\Amy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 01:41 . 2009-10-27 22:52 144160 ----a-w- c:\documents and settings\Gabriel\Application Data\Move Networks\uninstall.exe
2010-02-04 01:41 . 2009-10-27 22:52 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Move Networks
2010-02-04 01:40 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\Gabriel\Application Data\Move Networks\plugins\npqmp071505000011.dll
2010-02-04 01:40 . 2010-02-04 01:40 1436320 ----a-w- c:\documents and settings\Gabriel\Application Data\Move Networks\MoveMediaPlayerWinSilent_071505000011.exe
2010-02-03 17:10 . 2009-12-03 18:03 52736 ----a-w- c:\windows\ipuninst.exe
2010-01-25 09:07 . 2010-01-25 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-18 02:25 . 2009-09-15 10:01 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-12 04:03 . 2009-09-24 07:23 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2006-10-22 17:22 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2006-10-22 17:22 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2006-10-22 17:22 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2006-10-22 17:22 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2006-10-22 17:22 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2006-10-22 17:22 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 14:30 . 2009-10-15 13:51 290 ----a-w- c:\documents and settings\Amy\Application Data\wklnhst.dat
2009-12-31 16:50 . 2008-04-14 05:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2004-04-14 04:40 . 2010-03-24 20:17 713 ----a-w- c:\program files\Contents.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\gabriel\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Gabriel\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\documents and settings\Gabriel\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-3-22 1078]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"d:\\Gabriel\\Program Files\\Steam\\Steam.exe"=
"d:\\Gabriel\\Program Files\\Games\\Half-Life 2\\hl2.exe"=
"d:\\Gabriel\\Program Files\\Games\\EA GAMES\\American McGee's Alice\\alice.exe"=
"d:\\Gabriel\\Program Files\\Games\\Counter-Strike 1.6 + Half-Life\\hl.exe"=
"d:\\Gabriel\\Program Files\\Games\\Counter-Strike 1.6 + Half-Life\\hltv.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/17/2010 1:03 PM 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/17/2010 1:03 PM 19024]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [9/18/2009 7:41 PM 2789160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/25/2009 5:27 AM 721904]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\Gabriel\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\Gabriel\LOCALS~1\Temp\bDMusicb.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/18/2009 7:41 PM 15656]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
FF - ProfilePath - c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\
FF - prefs.js: browser.startup.homepage - hxxp://actionjeans.stumbleupon.com/blog/
FF - plugin: c:\documents and settings\Gabriel\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Gabriel\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\[email protected]\plugins\npGameTapWebUpdater.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 16:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-03-25 16:54:25
ComboFix-quarantined-files.txt 2010-03-25 21:54

Pre-Run: 20,704,481,280 bytes free
Post-Run: 21,803,769,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin

- - End Of File - - D0B874AB6A391816274FB75FD7FA0FE7

#19
emeraldnzl

Posted 25 March 2010 - 04:46 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello OreganoAc,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
bDMusicb

File::
c:\docume~1\Gabriel\LOCALS~1\Temp\bDMusicb.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

#20
OreganoAc

Posted 25 March 2010 - 07:27 PM

Member

Topic Starter
Member
22 posts

ComboFix 10-03-25.04 - Gabriel 03/25/2010 20:17:02.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.601 [GMT -5:00]
Running from: c:\documents and settings\Gabriel\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Gabriel\My Documents\Downloads\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-25 21:37 . 2010-03-25 21:37 -------- d-----w- c:\documents and settings\Gabriel\Local Settings\Application Data\Apple Computer
2010-03-25 21:37 . 2010-03-25 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-25 21:37 . 2009-11-10 23:08 180224 ----a-w- c:\windows\system32\QTCF.dll
2010-03-25 21:36 . 2010-03-25 21:37 -------- d-----w- c:\program files\QT Lite
2010-03-24 20:58 . 2010-03-24 20:58 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Easy Duplicate Finder
2010-03-24 20:58 . 2010-03-24 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy Duplicate Finder
2010-03-24 20:19 . 2010-03-24 20:24 -------- d-----w- c:\program files\Handy
2010-03-23 13:48 . 2010-03-23 13:48 -------- d-----w- c:\documents and settings\Nicholas\Application Data\U3
2010-03-23 05:42 . 2010-03-23 05:42 -------- d-----w- c:\windows\Sun
2010-03-23 05:39 . 2009-05-06 00:05 462848 ----a-w- c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\[email protected]\plugins\npGameTapWebUpdater.dll
2010-03-23 05:10 . 2010-03-23 05:10 -------- d-----w- c:\program files\Common Files\Java
2010-03-23 05:10 . 2010-03-23 05:10 503808 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-431965dd-n\msvcp71.dll
2010-03-23 05:10 . 2010-03-23 05:10 499712 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-431965dd-n\jmc.dll
2010-03-23 05:10 . 2010-03-23 05:10 348160 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-431965dd-n\msvcr71.dll
2010-03-23 05:10 . 2010-03-23 05:10 61440 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b8b877e-n\decora-sse.dll
2010-03-23 05:10 . 2010-03-23 05:10 12800 ----a-w- c:\documents and settings\Gabriel\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b8b877e-n\decora-d3d.dll
2010-03-23 05:09 . 2010-03-23 05:09 -------- d-----w- c:\program files\Java
2010-03-23 05:06 . 2010-03-23 05:06 -------- d-----w- c:\documents and settings\Gabriel\Local Settings\Application Data\Mozilla
2010-03-23 05:00 . 2010-03-23 05:00 -------- d-----w- c:\documents and settings\Nicholas\Local Settings\Application Data\Mozilla
2010-03-23 04:13 . 2005-06-06 15:29 110592 ----a-w- c:\documents and settings\Gabriel\Application Data\U3\temp\cleanup.exe
2010-03-23 03:41 . 2010-03-23 03:41 -------- d-----w- c:\documents and settings\Amy\Application Data\U3
2010-03-23 03:27 . 2010-03-23 03:27 1078 ----a-r- c:\documents and settings\Gabriel\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
2010-03-23 03:27 . 2010-03-23 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\U3
2010-03-23 03:25 . 2010-03-23 13:50 -------- d-----w- c:\documents and settings\Gabriel\Application Data\U3
2010-03-22 20:43 . 2010-03-22 20:43 3584 ----a-r- c:\documents and settings\Gabriel\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-03-22 20:43 . 2010-03-22 20:43 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-03-22 20:42 . 2010-03-22 20:42 -------- d-----w- c:\program files\MSECACHE
2010-03-22 08:20 . 2010-03-22 08:20 -------- d-----w- C:\_OTL
2010-03-21 16:57 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-03-21 02:57 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-21 02:57 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-21 02:57 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-21 02:57 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-21 02:57 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-21 02:57 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-20 21:20 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-20 21:18 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-20 21:18 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-20 21:18 . 2009-12-08 18:43 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-20 21:18 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-20 21:17 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-20 21:17 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-03-20 21:15 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-03-20 21:15 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-03-20 20:16 . 2001-08-18 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-03-20 20:16 . 2001-08-18 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-03-20 20:16 . 2008-04-14 10:41 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-03-20 20:16 . 2001-08-18 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-03-20 20:16 . 2008-04-14 10:41 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-03-20 20:16 . 2008-04-14 10:41 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-03-20 20:16 . 2001-08-18 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-03-20 20:14 . 2008-04-14 10:40 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2010-03-20 20:13 . 2001-08-18 12:00 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll
2010-03-20 20:12 . 2008-04-14 10:39 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-03-20 20:11 . 2001-08-18 12:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2010-03-20 20:10 . 2001-08-18 12:00 578560 ----a-w- c:\windows\system32\autoconv.exe
2010-03-20 20:06 . 2001-08-18 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-03-20 19:53 . 2001-08-18 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-20 19:53 . 2001-08-18 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-20 19:53 . 2001-08-18 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-20 19:53 . 2001-08-18 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-20 18:40 . 2009-03-27 06:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-03-20 18:40 . 2010-03-20 18:40 -------- d-----w- c:\program files\CPUID
2010-03-19 22:57 . 2003-10-17 16:52 754560 ----a-w- c:\windows\system32\drivers\cmuda.sys
2010-03-19 22:57 . 2003-10-15 23:37 114688 ----a-w- c:\windows\system32\cmuda.dll
2010-03-19 22:57 . 2003-10-15 21:26 1454080 ----a-w- c:\windows\system\SmWizard.exe
2010-03-19 22:57 . 2003-04-24 18:29 32768 ----a-w- c:\windows\system32\udaprop.dll
2010-03-19 22:57 . 2002-04-29 20:04 917504 ----a-w- c:\windows\system\cmids3d.dll
2010-03-19 22:57 . 2001-11-23 17:08 712704 ----a-w- c:\windows\system32\Audio3D.dll
2010-03-19 22:57 . 2010-03-19 22:57 -------- d-----w- c:\program files\C-Media 3D Audio
2010-03-19 22:57 . 2003-08-05 19:23 266240 ----a-w- c:\windows\CMIUninstall.exe
2010-03-19 22:57 . 2003-07-22 16:15 225280 ----a-w- c:\windows\CmiRmRedundDir.exe
2010-03-19 22:57 . 2002-10-18 20:56 28672 ----a-w- c:\windows\CMIRmDriver.dll
2010-03-19 21:48 . 2010-03-19 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-19 21:47 . 2010-03-19 21:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-19 21:47 . 2010-03-19 21:47 -------- d-----w- c:\documents and settings\Gabriel\Application Data\SUPERAntiSpyware.com
2010-03-19 20:47 . 2010-03-19 20:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-19 19:42 . 2008-04-14 10:42 24576 -c--a-w- c:\windows\system32\dllcache\icwrmind.exe
2010-03-19 19:42 . 2008-04-14 10:41 49152 -c--a-w- c:\windows\system32\dllcache\icwutil.dll
2010-03-19 19:42 . 2001-08-18 12:00 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
2010-03-19 19:42 . 2001-08-18 12:00 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
2010-03-19 19:42 . 2008-04-14 10:41 61440 -c--a-w- c:\windows\system32\dllcache\icwconn.dll
2010-03-19 19:42 . 2008-04-14 10:41 172032 -c--a-w- c:\windows\system32\dllcache\icwhelp.dll
2010-03-19 19:42 . 2001-08-18 12:00 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2010-03-19 19:28 . 2008-04-14 05:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-03-19 19:28 . 2008-04-14 05:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-19 19:20 . 2008-04-14 10:42 102400 -c--a-w- c:\windows\system32\dllcache\msjro.dll
2010-03-19 19:07 . 2008-04-21 12:08 215552 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-03-19 19:06 . 2008-04-14 10:42 56320 -c--a-w- c:\windows\system32\dllcache\servdeps.dll
2010-03-19 19:06 . 2008-04-14 10:42 56320 ----a-w- c:\windows\system32\servdeps.dll
2010-03-19 19:06 . 2008-04-14 10:41 58880 -c--a-w- c:\windows\system32\dllcache\licwmi.dll
2010-03-19 19:06 . 2008-04-14 10:41 58880 ----a-w- c:\windows\system32\licwmi.dll
2010-03-19 19:06 . 2008-04-14 10:41 17408 -c--a-w- c:\windows\system32\dllcache\mmfutil.dll
2010-03-19 19:06 . 2008-04-14 10:41 17408 ----a-w- c:\windows\system32\mmfutil.dll
2010-03-19 19:06 . 2008-04-14 10:41 185344 -c--a-w- c:\windows\system32\dllcache\cmprops.dll
2010-03-19 19:06 . 2008-04-14 10:41 185344 ----a-w- c:\windows\system32\cmprops.dll
2010-03-19 19:06 . 2008-04-14 05:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-03-19 18:52 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-03-19 18:48 . 2008-04-14 10:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-03-19 18:46 . 2008-04-14 10:42 741376 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2010-03-19 18:46 . 2007-04-03 04:56 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2010-03-19 18:46 . 2007-04-03 04:56 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2010-03-19 18:46 . 2007-04-03 04:56 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2010-03-19 18:46 . 2007-04-03 04:56 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2010-03-19 18:46 . 2007-04-03 04:56 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2010-03-19 18:46 . 2007-04-03 04:56 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll
2010-03-19 18:46 . 2008-04-14 10:42 146432 ----a-w- c:\windows\system\WINSPOOL.DRV
2010-03-19 18:46 . 2008-04-14 05:24 11264 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2010-03-19 18:46 . 2008-04-14 05:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-03-19 18:46 . 2008-04-14 10:42 74752 ----a-w- c:\windows\system32\storprop.dll
2010-03-17 18:03 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-17 18:03 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-17 18:03 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-17 18:03 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-17 18:03 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-17 18:03 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-17 18:03 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-17 18:03 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-17 18:03 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-17 18:03 . 2010-03-17 18:03 -------- d-----w- c:\program files\Alwil Software
2010-03-17 18:03 . 2010-03-17 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-17 17:40 . 2010-03-17 17:40 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Malwarebytes
2010-03-17 17:40 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 17:40 . 2010-03-17 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-17 17:40 . 2010-03-17 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 00:58 . 2009-09-19 00:41 -------- d-----w- c:\documents and settings\Gabriel\Application Data\WTablet
2010-03-26 00:23 . 2009-09-19 04:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-03-24 20:58 . 2009-09-21 14:30 -------- d-----w- c:\program files\Easy Duplicate Finder
2010-03-24 20:38 . 2009-12-07 21:33 -------- d-----w- c:\program files\MagicEngine10
2010-03-24 20:13 . 2009-09-15 23:23 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Azureus
2010-03-24 14:03 . 2010-01-15 07:55 -------- d-----w- c:\program files\Desktop Alarm Clock v1.0
2010-03-24 14:03 . 2009-10-26 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2010-03-24 10:40 . 2009-09-19 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-23 13:45 . 2009-10-11 03:29 -------- d-----w- c:\documents and settings\Nicholas\Application Data\WTablet
2010-03-23 13:45 . 2009-09-19 20:46 -------- d-----w- c:\documents and settings\Amy\Application Data\WTablet
2010-03-23 05:09 . 2009-09-15 08:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-21 02:39 . 2009-09-15 09:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-20 20:05 . 2009-09-15 03:11 22820 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-19 21:47 . 2009-09-19 10:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-19 19:48 . 2010-03-19 19:44 76825 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-17 02:41 . 2010-01-25 09:06 -------- d-----w- c:\program files\Yahoo!
2010-03-17 01:48 . 2009-09-15 05:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 23:20 . 2009-09-15 09:28 65608 ----a-w- c:\documents and settings\Gabriel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 11:24 . 2009-09-23 13:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-16 03:30 . 2009-09-16 03:15 -------- d-----w- c:\documents and settings\Gabriel\Application Data\vlc
2010-03-12 09:59 . 2009-09-15 23:23 -------- d-----w- c:\program files\Vuze
2010-03-08 05:32 . 2009-09-30 00:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\WTablet
2010-02-27 16:12 . 2009-09-22 03:27 -------- d-----w- c:\documents and settings\Gabriel\Application Data\dvdcss
2010-02-22 12:12 . 2010-02-22 12:12 -------- d-----w- c:\program files\Real Alternative
2010-02-17 09:21 . 2010-02-08 05:04 -------- d-----w- c:\documents and settings\Gabriel\Application Data\DVD Flick
2010-02-09 23:03 . 2010-02-09 23:03 -------- d-----w- c:\program files\AC3Filter
2010-02-09 15:13 . 2010-02-09 15:13 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Yahoo!
2010-02-08 05:04 . 2010-02-08 05:04 -------- d-----w- c:\program files\DVD Flick
2010-02-08 04:58 . 2010-02-08 04:52 -------- d-----w- c:\program files\Avi2Dvd
2010-02-08 04:57 . 2010-02-08 04:54 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-04 19:38 . 2009-09-18 06:07 65616 ----a-w- c:\documents and settings\Amy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 01:41 . 2009-10-27 22:52 144160 ----a-w- c:\documents and settings\Gabriel\Application Data\Move Networks\uninstall.exe
2010-02-04 01:41 . 2009-10-27 22:52 -------- d-----w- c:\documents and settings\Gabriel\Application Data\Move Networks
2010-02-04 01:40 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\Gabriel\Application Data\Move Networks\plugins\npqmp071505000011.dll
2010-02-04 01:40 . 2010-02-04 01:40 1436320 ----a-w- c:\documents and settings\Gabriel\Application Data\Move Networks\MoveMediaPlayerWinSilent_071505000011.exe
2010-02-03 17:10 . 2009-12-03 18:03 52736 ----a-w- c:\windows\ipuninst.exe
2010-01-25 09:07 . 2010-01-25 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-18 02:25 . 2009-09-15 10:01 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-12 04:03 . 2009-09-24 07:23 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2006-10-22 17:22 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2006-10-22 17:22 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2006-10-22 17:22 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2006-10-22 17:22 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2006-10-22 17:22 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2006-10-22 17:22 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 14:30 . 2009-10-15 13:51 290 ----a-w- c:\documents and settings\Amy\Application Data\wklnhst.dat
2009-12-31 16:50 . 2008-04-14 05:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2004-04-14 04:40 . 2010-03-24 20:17 713 ----a-w- c:\program files\Contents.txt
.

((((((((((((((((((((((((((((( SnapShot@2010-03-25_21.51.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-26 00:23 . 2010-03-26 00:23 16384 c:\windows\Temp\Perflib_Perfdata_7e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\gabriel\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Gabriel\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\documents and settings\Gabriel\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-3-22 1078]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"d:\\Gabriel\\Program Files\\Steam\\Steam.exe"=
"d:\\Gabriel\\Program Files\\Games\\Half-Life 2\\hl2.exe"=
"d:\\Gabriel\\Program Files\\Games\\EA GAMES\\American McGee's Alice\\alice.exe"=
"d:\\Gabriel\\Program Files\\Games\\Counter-Strike 1.6 + Half-Life\\hl.exe"=
"d:\\Gabriel\\Program Files\\Games\\Counter-Strike 1.6 + Half-Life\\hltv.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/17/2010 1:03 PM 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/17/2010 1:03 PM 19024]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [9/18/2009 7:41 PM 2789160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/25/2009 5:27 AM 721904]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\Gabriel\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\Gabriel\LOCALS~1\Temp\bDMusicb.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/18/2009 7:41 PM 15656]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
FF - ProfilePath - c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\
FF - prefs.js: browser.startup.homepage - hxxp://actionjeans.stumbleupon.com/blog/
FF - plugin: c:\documents and settings\Gabriel\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Gabriel\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\[email protected]\plugins\npGameTapWebUpdater.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3032)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-25 20:24:07
ComboFix-quarantined-files.txt 2010-03-26 01:24
ComboFix2.txt 2010-03-26 01:15
ComboFix3.txt 2010-03-25 21:54

Pre-Run: 21,948,424,192 bytes free
Post-Run: 21,933,686,784 bytes free

- - End Of File - - 678405DC35AE696FAE9CD5916DFB5CA3

#21
emeraldnzl

Posted 25 March 2010 - 07:40 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello OreganoAc,

Please run OTL again.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
It will produce a log for you. Post the log here.

#22
OreganoAc

Posted 25 March 2010 - 08:12 PM

Member

Topic Starter
Member
22 posts

OTL logfile created on: 3/25/2010 9:00:17 PM - Run 5
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Gabriel\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 526.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.44 Gb Free Space | 54.85% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 123.55 Gb Free Space | 53.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABACUS
Current User Name: Gabriel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/17 12:14:47 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabriel\My Documents\Downloads\OTL.exe
PRC - [2010/03/09 05:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/01/19 12:14:44 | 000,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009/01/19 12:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Gabriel\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (SafeList) ==========

MOD - [2010/03/17 12:14:47 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabriel\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/01/19 12:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Gabriel\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://actionjeans.s...upon.com/blog/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.80.1588
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.backup.ftp: "63.149.98.52"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "63.149.98.52"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "63.149.98.52"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "63.149.98.52"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "63.149.98.52"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "63.149.98.52"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "63.149.98.52"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "63.149.98.52"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "63.149.98.52"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/25 16:37:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/25 16:37:10 | 000,000,000 | ---D | M]

[2010/03/23 00:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Extensions
[2010/03/25 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions
[2010/03/25 17:24:05 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/03/23 00:40:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/23 00:40:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/03/23 00:40:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/23 00:40:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/23 00:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\[email protected]
[2010/03/23 00:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\[email protected]
[2010/03/23 00:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\[email protected]
[2010/03/23 00:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\extensions\[email protected]
[2009/09/15 18:15:08 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\aeromp3com.xml
[2009/09/15 18:15:24 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\album-cover-artorg.xml
[2010/02/27 23:31:18 | 000,007,253 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\allthegames-search.xml
[2009/09/19 00:51:28 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\demonoid-search.xml
[2009/09/19 00:00:50 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\imdb.xml
[2010/03/21 04:33:40 | 000,004,859 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\isohunt---bt-search.xml
[2009/09/15 20:31:56 | 000,008,349 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\oneriot.xml
[2010/01/16 16:09:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\rotten-tomatoes.xml
[2009/09/15 18:19:30 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\thepiratebayorg.xml
[2009/09/15 18:18:14 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\webster.xml
[2010/03/04 05:34:26 | 000,004,153 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\vltoyzgh.Default User\searchplugins\youtube.xml
[2010/03/25 17:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/22 03:50:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Gabriel\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\Gabriel\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Documents and Settings\Gabriel\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1253052190874 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1253053350139 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...0251.2216666667 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Gabriel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gabriel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/14 22:13:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/20 15:07:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/25 19:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2010/03/25 16:44:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/25 16:43:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/25 16:43:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/25 16:43:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/25 16:43:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/25 16:42:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/25 16:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\Apple Computer
[2010/03/25 16:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/03/25 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\QT Lite
[2010/03/24 15:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\Easy Duplicate Finder
[2010/03/24 15:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder
[2010/03/24 15:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Handy
[2010/03/23 00:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/03/23 00:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/23 00:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/23 00:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/23 00:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\Sun
[2010/03/23 00:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\Mozilla
[2010/03/23 00:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\Mozilla
[2010/03/22 23:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/22 22:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\U3
[2010/03/22 22:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\U3
[2010/03/22 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/03/22 15:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/03/22 03:20:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/20 15:28:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/03/20 15:15:19 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/03/20 15:15:19 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/03/20 15:15:18 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/03/20 15:12:13 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/03/20 15:12:13 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/03/20 15:12:13 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/03/20 15:11:41 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/03/20 13:40:22 | 000,012,672 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys
[2010/03/20 13:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/03/19 17:57:58 | 002,301,952 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\System\cmicnfg.cpl
[2010/03/19 17:57:58 | 001,454,080 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System\SmWizard.exe
[2010/03/19 17:57:58 | 000,917,504 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System\cmids3d.dll
[2010/03/19 17:57:58 | 000,114,688 | ---- | C] (C-Media) -- C:\WINDOWS\System32\cmuda.dll
[2010/03/19 17:57:58 | 000,032,768 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\System32\udaprop.dll
[2010/03/19 17:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\C-Media 3D Audio
[2010/03/19 16:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/19 16:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\SUPERAntiSpyware.com
[2010/03/19 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/19 14:07:23 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/03/17 13:03:51 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/17 13:03:50 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/17 13:03:49 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/17 13:03:48 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/17 13:03:45 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/17 13:03:45 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/17 13:03:45 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/17 13:03:20 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/17 13:03:20 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/17 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/17 13:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/17 12:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\Malwarebytes
[2010/03/17 12:40:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/17 12:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/17 12:40:05 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/17 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/17 12:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/17 12:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/17 11:56:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/17 02:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\symbols
[2010/03/16 22:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/03/16 22:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2010/03/16 22:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2010/03/16 21:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\SiSLan
[2010/03/16 19:41:41 | 000,106,496 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\SiSUSBrg.exe
[2010/03/16 18:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/03/16 18:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/03/16 18:30:13 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/03/16 13:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\$AutoStreamer$
[2010/03/16 12:49:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/03/16 11:44:31 | 000,032,256 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnic.sys
[2010/03/15 13:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/15 12:10:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/15 12:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/15 12:10:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/15 07:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/03/15 07:23:04 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/03/15 07:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/03/14 14:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/03/14 07:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/12 02:30:38 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax

========== Files - Modified Within 14 Days ==========

[2010/03/25 20:24:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/25 20:21:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/25 19:58:36 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\Gabriel\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/03/25 19:58:30 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/25 19:22:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/25 19:17:04 | 006,025,216 | ---- | M] () -- C:\Documents and Settings\Gabriel\NTUSER.DAT
[2010/03/25 16:44:42 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/24 14:35:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/24 14:32:43 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/24 10:36:50 | 1073,299,456 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/24 09:32:32 | 004,242,586 | -H-- | M] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\IconCache.db
[2010/03/23 00:19:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/23 00:12:45 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/23 00:12:45 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/03/22 03:50:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/03/21 17:38:45 | 000,000,485 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010/03/21 12:06:38 | 000,372,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/21 12:06:38 | 000,056,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/21 12:06:38 | 000,001,648 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/21 12:06:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/20 19:30:40 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/20 15:17:26 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/03/20 15:08:42 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/03/20 15:08:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/03/20 15:08:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/03/20 15:08:19 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/20 15:06:48 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/03/20 15:06:48 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/03/20 15:06:17 | 000,000,547 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/20 15:05:31 | 000,022,820 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/20 15:02:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/20 13:40:29 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2010/03/19 22:03:10 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/03/19 17:58:02 | 000,000,092 | ---- | M] () -- C:\WINDOWS\CMISETUP.INI
[2010/03/19 17:58:02 | 000,000,026 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/03/19 17:57:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2010/03/19 16:48:03 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/19 14:50:16 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/03/19 14:50:05 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/03/19 13:24:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gabriel\ntuser.ini
[2010/03/17 13:03:51 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/03/17 13:03:46 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/16 22:08:05 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\Shortcut to desmume_nosse.exe.lnk
[2010/03/16 19:45:03 | 000,000,033 | ---- | M] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2010/03/16 18:20:22 | 000,065,608 | ---- | M] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/16 06:24:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/15 07:23:00 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/03/14 14:21:26 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/03/13 17:48:30 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\Snagit 9.lnk
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 02:46:17 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\Shortcut to Shock2.exe.lnk

========== Files Created - No Company Name ==========

[2010/03/25 16:44:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/25 16:44:34 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/25 16:43:05 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/25 16:43:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/25 16:43:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/25 16:43:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/25 16:43:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/24 15:17:13 | 000,000,713 | ---- | C] () -- C:\Program Files\Contents.txt
[2010/03/22 23:52:59 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/22 22:27:55 | 000,002,665 | ---- | C] () -- C:\Documents and Settings\Gabriel\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/03/20 15:16:41 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/03/20 15:15:04 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/03/20 15:15:04 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/03/20 15:15:00 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/03/20 15:14:06 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/03/20 15:14:04 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/03/20 15:13:46 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/03/20 15:13:44 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/03/20 15:13:39 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/03/20 15:12:41 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/03/20 15:12:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/03/20 15:12:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/03/20 15:11:47 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/03/20 15:11:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/03/20 15:11:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/03/20 15:11:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/03/20 15:11:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/03/20 15:11:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/03/20 15:11:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/03/20 15:11:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/03/20 15:11:37 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/03/20 15:11:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/03/20 15:11:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/03/20 15:11:36 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/03/20 15:11:36 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/03/20 15:11:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/03/20 15:11:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/03/20 15:11:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/03/20 15:11:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/03/20 15:11:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/03/20 15:11:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/03/20 15:11:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/03/20 15:11:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/03/20 15:11:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/03/20 15:11:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/03/20 15:11:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/03/20 15:11:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/03/20 15:11:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/03/20 15:11:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/03/20 15:11:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/03/20 15:11:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/03/20 15:11:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/03/20 15:11:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/03/20 15:11:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/03/20 15:11:32 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/03/20 15:11:32 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/03/20 15:11:32 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/03/20 15:11:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/03/20 15:11:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/03/20 15:11:31 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/03/20 15:11:31 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/03/20 15:11:31 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/03/20 15:11:31 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/03/20 15:11:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/03/20 15:11:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/03/20 15:11:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/03/20 15:11:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/03/20 15:11:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/03/20 15:11:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/03/20 15:11:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/03/20 15:11:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/03/20 15:11:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/03/20 15:11:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/03/20 15:11:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/03/20 15:11:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/03/20 15:11:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/03/20 15:11:27 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/03/20 15:11:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/03/20 15:11:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/03/20 15:11:26 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/03/20 15:11:26 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/03/20 15:11:25 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/03/20 15:10:32 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/03/20 15:06:48 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/03/20 15:06:37 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/03/20 14:53:24 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/03/20 14:53:24 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2010/03/20 14:53:24 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/03/20 14:53:24 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/03/20 14:53:24 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/03/20 14:53:24 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/03/20 14:53:24 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/03/20 14:53:24 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/03/20 14:53:24 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/03/20 14:53:24 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/03/20 14:53:24 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/03/20 14:53:24 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/03/20 14:53:23 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/03/20 14:53:23 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/03/20 14:53:22 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/03/20 14:53:22 | 000,402,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/03/20 13:40:29 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2010/03/19 17:58:02 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/03/19 17:58:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/03/19 17:57:58 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010/03/19 17:57:57 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2010/03/19 17:57:57 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010/03/19 17:57:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010/03/19 16:48:03 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/19 15:37:11 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/03/19 14:21:25 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/03/17 18:50:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\gmer.exe
[2010/03/17 13:03:51 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/03/16 19:44:55 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2010/03/16 19:41:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2010/03/16 18:30:13 | 000,009,047 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/03/16 18:30:08 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/14 14:21:26 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/03/14 08:55:41 | 1073,299,456 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/13 17:48:30 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\Snagit 9.lnk
[2010/03/12 02:46:19 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\Shortcut to Shock2.exe.lnk
[2010/03/12 02:30:31 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2009/11/09 04:53:00 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/11/09 04:52:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2009/11/09 04:52:58 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2009/11/02 09:25:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/10/29 01:13:37 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/10/09 18:48:17 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/09 18:48:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/09 18:02:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/02 04:03:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/02 04:03:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/02 00:37:15 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2009/10/02 00:37:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2009/10/02 00:12:03 | 000,000,649 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/09/26 01:34:45 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2009/09/26 01:34:44 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2009/09/21 09:22:55 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/09/19 02:51:22 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\Gabriel\Application Data\wklnhst.dat
[2009/09/18 06:38:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/09/18 03:32:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\RDrv2KInterface.dll
[2009/09/18 03:32:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RDrvNTInterface.dll
[2009/09/18 03:32:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RDrv9xInterface.dll
[2009/09/18 03:32:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RDrvInterface.dll
[2009/09/18 03:32:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Fsinst32.dll
[2009/09/18 01:30:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/15 22:15:38 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/15 04:16:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009/09/15 00:23:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2008/04/14 00:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/02/19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== LOP Check ==========

[2010/03/24 09:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/03/17 13:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/09/25 06:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite
[2009/09/15 18:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/12/04 01:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChessBase
[2009/09/25 05:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/09/15 04:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/03/24 15:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder
[2009/09/18 22:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/09/15 04:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/19 05:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/09/18 20:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Ambient Design
[2009/09/25 07:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Astroburn
[2009/09/25 06:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Astroburn Lite
[2010/03/24 15:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Azureus
[2009/12/04 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\ChessBase
[2009/09/25 05:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DAEMON Tools Lite
[2010/03/24 15:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Easy Duplicate Finder
[2009/09/18 03:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\FarStone
[2009/09/15 05:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Leadertech
[2009/09/18 22:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\NCH Swift Sound
[2009/09/29 21:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Opera
[2009/09/15 04:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Thunderbird
[2009/09/22 04:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\WinPatrol

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/03/20 09:45:21 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/20 13:54:53 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/03/20 09:45:21 | 023,068,672 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/20 09:45:21 | 007,602,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

#23
emeraldnzl

Posted 25 March 2010 - 10:22 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Sorry about the delay in getting back I have been going through your logs again and carrying out some research.

I am beginning to wonder if this is something other than a permissions or software problem.

I will carry out further research.

Meantime a couple of things:

Have you tried removing those files in Safe Mode.

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Secondly

What exactly is the position with your Recycle Bin now? Are files still building up in there or is it that you can remove some but not others? Are you able to list any of the files (I mean apart from Dc187) so that I can see whether they are system files regenerating or something else?

#24
OreganoAc

Posted 26 March 2010 - 01:00 AM

Member

Topic Starter
Member
22 posts

Well, I was in safe mode trying to empty it right before I signed up here. I went into safe mode just now and tried it, with no luck.

However, there has been some progress. Earlier I mentioned that the number of items that would not empty had gone up by 60 or so but it's gone down to only 7 since then. Originally it was 6.

At first (before I started this thread) I could see the items in the bin, and when I deleted them with unlocker, they would come right back with a different number. Then, after I tried deleting them from a cmd line and rebooting, they were no longer visible when I opened the bin and neither were any other new files that I'd delete. However, the new files would usually empty, leaving behind the Dc## items.

The only exception to this would be the odd files that would deny me access here and there, for no real reason that I could discern. Every time I deleted one of those using the unlocker application, they would turn into more Dc## items that wouldn't empty.

Anyway, I can once again see new items in the recycle bin as I delete them. The 7 that won't empty are still not visible. So like I said, some progress.

It wouldn't be so bad, but my system is still unstable, crashing and freezing quite often. Also, I have to set my FSB jumpers lower than they should be set (200MHz instead of 333MHz) to even get the system to start up without freezing at the boot screen, so I'm not getting full performance out of my CPU. I'm not sure if this is related, but I think it might be.

Here is what the un-empty-able items look like in the command line, showing their full names:

Posted Image

#25
emeraldnzl

Posted 26 March 2010 - 02:03 AM

GeekU Instructor

GeekU Moderator
20,051 posts

The link below contains this statement along with some other explanation which might be worth a read.

Recycler is a read only folder. To view the folder, go to Tools -> Folder Options -> View tab and uncheck the option of Hide Protected operating System Files. Right click on the folder, go to Properties and unselect the option of Read Only. Now it can be deleted.

http://wiki.answers....contained_in_it

The scans we have undertaken tell us that your machine does not have the Recycler virus but may well have some corruption or hardware faults.

See if the information in the quoted area above helps you solve the problem.

Tell me how you get on.

#26
OreganoAc

Posted 26 March 2010 - 11:57 AM

Member

Topic Starter
Member
22 posts

Well, I wasn't able to remove the Dc## items completely, but I was able to move them out of recycler, using unlocker. I put them into a folder outside of the recycle bin, and now the recycle bin works as it should, showing everything I delete, emptying properly, and for the first time since I started having this issue, the little piece of paper sticking out of the recycle bin icon is gone.

So there's that. Apparently the problem was not so much the recycle bin, but these weird folders that lock me out and won't let me get rid of them, open them or even move them without using that unlocker program. Even when I turn off "read only" I still get the "access denied" error whenever I try to do anything with them.

For now I'm just glad to get them out of my recycle bin so I can use it again.

I'm sorry to take up so much of your time in what is beginning to look like an unfixable problem. I'm starting to consider formatting my harddrives and starting over with a fresh windows install if I keep on getting these crashes and freezes all the time, although I was really hoping to avoid it. If it's a hardware problem like you were suggesting, even that may be a waste of time. I know it's not a memory problem, because I have switched out several sticks and tested the memory extensively. I even tried switching out the motherboard, because I happened to have a spare, with no change. Is it possible that I have a bad cpu? Is there any way to find out?

#27
emeraldnzl

Posted 26 March 2010 - 01:22 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Well I wouldn't jump to conclusions yet.

I am wondering if those files are just a result of the normal process the recycle bin goes through that has somehow become corrupted. That is files are deleted first from the bin to a recyle folder which later empties out. Do you have hidden files showing?

* Click Start
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Check the Hide extensions for known file types option.
* Click Yes to confirm.
* Click OK.

Does that make a difference?

#28
OreganoAc

Posted 26 March 2010 - 02:37 PM

Member

Topic Starter
Member
22 posts

I did have hidden files showing. I also had protected operating system files and known extensions unchecked, so I checked them. I think it did make a slight difference. I selected all the remaining items that I couldn't delete, and shift+deleted them. All but two of them successfully deleted. There is now one hidden item, "Dc1017" and one showing as not hidden, "Dc1762" left that I still can't remove. The fewest since this mess started.

Hmmm.

I've also considered that there might be a problem with my power supply. I was just reading that a failing power supply can often be a cause of frequent freezes blue screens and system resets, which is exactly what I've been experiencing. Could this also be causing these bizarre errors somehow?

#29
emeraldnzl

Posted 26 March 2010 - 04:11 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello OreganoAc,

I've also considered that there might be a problem with my power supply. I was just reading that a failing power supply can often be a cause of frequent freezes blue screens and system resets, which is exactly what I've been experiencing. Could this also be causing these bizarre errors somehow?

Actually a whole lot of things can cause those symptoms. My objective here has been to remove any malware that might be the cause. I think we have pretty well done that and are left with possible software corruption or hardware problems (including power problems).

I think you should go to the XP Operating System forum (see link below) after you have finished here. They have some great diagnostic tools there that might help you find the problem.

http://www.geekstogo...2003-NT-f5.html

Those Recycler files seem normal to me only showing because you had hidden files open. They are not easy to remove. What I was perplexed about was that your Recycle bin was still showing full. That made me think that something was corrupted or in the wrong place.

Meantime let's see if OTL will remove those last two.

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:processes
killallprocesses

:Files
C:\RECYCLER\S-1-5-21-2025429265-2139871995-1801674531-1004\Dc1017
C:\RECYCLER\S-1-5-21-2025429265-2139871995-1801674531-1004\Dc1762

:Commands
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

#30
OreganoAc

Posted 27 March 2010 - 12:01 AM

Member

Topic Starter
Member
22 posts

Sorry it took so long to reply. I had a host of other issues come up today and I couldn't get online.

I would follow the instructions in the last post, except the items you have showing there are no longer in the recycler folder, so I don't think it would serve much purpose. In fact, there's only one file left that I can't get rid of ("Dc5", now).

I moved it out of the recycler into "My Received Files" so I could use my recycle bin and because I have never used that "My Received Files" for anything in my life. It seemed like as good a place as any since I can't delete it.

I replaced my power supply and that seems to have helped with the constant problems I've been having with crashes. I've also got my FSB jumpers set correctly, now. Seems to have solved a lot of issues.