uncleferassi

bump Do i still need to do more stuff before i am certified as clean or am i done?

and the reason it says "File/Folder D:\Documents and Settings\ielizaga\My Documents\Downloads\Programs\VirtumundoBeGone.exe not found." is because i manually deleted it and deleted it off my recycle bin.

LOLZ ok.. Here's the log: All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== C:\Documents and Settings\ielizaga\mdply3d.exe moved successfully. C:\WINDOWS\VIPv3\Process.exe moved successfully. C:\WINDOWS\VIPv3\resources\process.exe moved successfully. File/Folder D:\Documents and Settings\ielizaga\My Documents\Downloads\Programs\VirtumundoBeGone.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: ielizaga ->Temp folder emptied: 1439031 bytes ->Temporary Internet Files folder emptied: 5292277 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 79458820 bytes ->Flash cache emptied: 3742 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 405 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 696832 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17379 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 83.00 mb OTM by OldTimer - Version 3.1.10.0 log created on 03132010_154752 Files moved on Reboot... C:\WINDOWS\temp\ZLT07ec7.TMP moved successfully. Registry entries deleted on Reboot...

Ok...i did all of that. Am i done with the whole removing the vundo problem? If so, thank you very much for helping me solve this problem. -Uncleferassi

i mean by like i can't download the otm.exe thing because it says it can't be found.

i can't.. it says that it can't be found. Plus... according to my world of trust addon for firefox, it says the site has poor reputation. Need Help??

Here is my log: Results of screen317's Security Check version 0.99.1 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMIC entry does not exist for antivirus; attempting automatic update. `````````````````````````````` Anti-malware/Other Utilities Check: SUPERAntiSpyware Professional HijackThis 2.0.2 TuneUp Utilities TuneUp Utilities TuneUp Utilities Language Pack (en-US) CCleaner Java 6 Update 17 Adobe Flash Player 10 Adobe Reader 9.3 `````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````

oops sorry.. Not you... LOL It was this site that told me http://www.bleepingcomputer.com/virus-remo...undo-virtumonde Sorry once again

wtf??! The scan told me that i still have 5 viruses but one of them were one of the stuff you told me to download..... LOL Log is attached. log.txt

i did... I installed avast

The Sad Face was suppose to be a happy face.

Thank You!!!! I'm pretty sure the vundo is gone because i can use malwarebytes without changing the mbam.exe name. Here is just my logs if you want to check if i'm vundo-free Here is my Hijackme log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32:31 PM, on 3/13/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\wscntfy.exe D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe D:\Program Files\PeerBlock\peerblock.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\explorer.exe D:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe D:\Program Files\Internet Download Manager\IDMan.exe D:\Program Files\Internet Download Manager\IEMonitor.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll O4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://download.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/jar/cnsload.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263780057268 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1260315087266 O17 - HKLM\System\CCS\Services\Tcpip\..\{2669867D-E237-4792-8BC4-BE18FACE753C}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD99B04C-CFE4-4D74-8C55-21BA7183A524}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = us.oracle.com O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = us.oracle.com O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 7504 bytes My Combofix log is attached to this reply. My malwarebytes log is attached to this reply THANK YOU AGAIN!!!!! ComboFix.txt mbam_log_2010_03_13__12_46_17_.txt

hello???? Still need help

Here is my combofix log: ComboFix 10-03-11.02 - Tommy 03/11/2010 17:59:56.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.983 [GMT -8:00] Running from: d:\documents and settings\ielizaga\My Documents\Downloads\Combo-Fix.exe . ((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 ))))))))))))))))))))))))))))))) . 2010-03-11 23:43 . 2010-03-11 23:43 97280 -c-ha-w- c:\windows\system32\urppnl.dll 2010-03-11 23:22 . 2010-03-11 23:22 97280 -c-ha-w- c:\windows\system32\rqpoli.dll 2010-03-11 23:17 . 2010-03-11 23:17 89600 -c-ha-w- c:\windows\system32\tusrpp.dll 2010-03-11 23:17 . 2010-03-11 23:17 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\dmnvmcDirect 2010-03-11 06:03 . 2010-03-11 06:03 96768 -c-ha-w- c:\windows\system32\fcbcbc.dll 2010-03-11 05:54 . 2010-03-11 05:54 -------- d-----w- d:\program files\Alwil Software 2010-03-11 03:08 . 2010-03-11 03:08 -------- d-----w- d:\program files\Trend Micro 2010-03-11 02:39 . 2010-03-11 02:39 96768 -c-ha-w- c:\windows\system32\tutqpn.dll 2010-03-10 18:40 . 2010-03-10 18:40 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\catp2pgfx 2010-03-10 18:40 . 2010-03-11 23:17 78367 -c--a-w- c:\documents and settings\ielizaga\pod60.exe 2010-03-10 14:42 . 2010-03-10 14:42 96768 -c-ha-w- c:\windows\system32\ssrspp.dll 2010-03-10 05:53 . 2010-03-10 05:53 96768 -c-ha-w- c:\windows\system32\rqonnm.dll 2010-03-10 04:54 . 2010-03-10 04:54 96768 -c-ha-w- c:\windows\system32\urroll.dll 2010-03-10 03:31 . 2010-01-27 02:04 60592 -c--a-w- c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\update.exe 2010-03-10 03:31 . 2010-01-27 02:04 46256 -c--a-w- c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\uninstall.exe 2010-03-10 03:31 . 2010-03-10 03:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Toolbar4 2010-03-10 03:31 . 2010-03-10 04:47 -------- d-----w- d:\program files\Search Toolbar 2010-03-10 02:52 . 2010-03-10 02:52 96768 -c-ha-w- c:\windows\system32\wvwvus.dll 2010-03-10 00:04 . 2010-03-10 00:04 96768 -c-ha-w- c:\windows\system32\vttqqn.dll 2010-03-09 17:19 . 2010-03-09 17:19 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\comodbc3D 2010-03-09 15:21 . 2010-03-09 15:21 96768 -c-ha-w- c:\windows\system32\fcywuu.dll 2010-03-09 05:17 . 2010-01-08 00:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-09 05:17 . 2010-01-08 00:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-03-09 03:35 . 2010-03-09 03:35 96768 -c-ha-w- c:\windows\system32\yaabxy.dll 2010-03-08 15:22 . 2010-03-08 15:22 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\audionvrsClient 2010-03-07 05:24 . 2010-03-11 23:56 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\xmlmap97 2010-03-07 01:10 . 2010-03-07 01:10 -------- d-----w- d:\program files\SystemRequirementsLab 2010-03-07 01:10 . 2010-03-07 01:10 85504 -c--a-w- c:\documents and settings\ielizaga\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-03-06 04:14 . 2010-03-06 04:14 118784 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-06 04:14 . 2010-03-06 04:14 118784 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-06 04:14 . 2010-03-06 04:14 118784 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-06 00:24 . 2010-03-06 00:24 2284402 -c--a-w- c:\documents and settings\ielizaga\Application Data\IDM\DwnlData\Tommy\setup_av_free_635\setup_av_free.exe 2010-03-05 04:37 . 2009-12-17 23:08 30024 -c--a-w- c:\windows\system32\uxtuneup.dll 2010-03-05 01:08 . 2010-03-05 01:08 4653870 -c--a-w- c:\documents and settings\ielizaga\Application Data\IDM\DwnlData\Tommy\setup_av_free_632\setup_av_free.exe 2010-03-05 01:03 . 2010-03-05 01:04 2101490 -c--a-w- c:\documents and settings\ielizaga\Application Data\IDM\DwnlData\Tommy\avira_antivir_personal_en_631\avira_antivir_personal_en.exe 2010-03-03 22:12 . 2010-03-03 22:12 1207722 -c--a-w- c:\documents and settings\ielizaga\Application Data\IDM\DwnlData\Tommy\asc-setup_628\asc-setup.exe 2010-03-03 02:19 . 2010-03-03 02:19 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\Cranium 2010-03-03 02:18 . 2010-03-03 02:18 25214 -c--a-r- c:\documents and settings\ielizaga\Application Data\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_E38944F26F8D876B004311.exe 2010-03-03 02:18 . 2010-03-03 02:18 10398 -c--a-r- c:\documents and settings\ielizaga\Application Data\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_6FA99008F6BBB97A091E2D.exe 2010-03-03 02:18 . 2010-03-03 02:18 -------- d-----w- d:\program files\iPhoneBrowser 2010-03-02 04:51 . 2010-03-02 04:51 -------- dc----r- C:\MSOCache 2010-03-02 03:45 . 2010-03-02 03:45 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\Cranium_Consulting_and_Cu 2010-03-01 01:15 . 2010-03-01 01:15 -------- dc----w- c:\documents and settings\LocalService\Application Data\GameTracker 2010-02-28 18:27 . 2010-02-28 18:27 -------- d-----w- d:\program files\FFmpeg for Audacity 2010-02-28 16:55 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-02-28 16:54 . 2010-02-28 16:54 -------- dc----w- c:\windows\Media 2010-02-28 05:54 . 2010-02-28 05:54 -------- d-----w- d:\program files\microsoft frontpage 2010-02-28 05:38 . 2010-02-28 05:38 1496576 -c-h--w- c:\windows\system32\wodfamop.dll 2010-02-28 02:03 . 2010-03-01 00:36 -------- dc----w- c:\documents and settings\ielizaga\Application Data\Microsoft Games 2010-02-28 00:22 . 2010-02-28 00:22 53248 -c--a-r- c:\documents and settings\ielizaga\Application Data\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F522ED7EA612_4117_B86D_78467DE01E30.exe 2010-02-27 23:28 . 2010-02-27 23:28 -------- dc----w- c:\documents and settings\ielizaga\Application Data\Grasssoft 2010-02-27 23:28 . 2010-02-28 00:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Grasssoft 2010-02-27 18:30 . 2010-02-27 18:30 -------- d-----w- d:\program files\CrisisX 2010-02-27 18:13 . 2010-02-27 18:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Speedbit 2010-02-27 08:42 . 2010-02-27 08:42 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\WinZip 2010-02-27 08:41 . 2010-02-27 17:26 -------- dc----w- c:\documents and settings\All Users\Application Data\WinZip 2010-02-27 07:22 . 2010-02-27 07:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-02-27 04:08 . 2010-02-27 04:08 -------- dc----w- c:\program files\Common Files\DivX Shared 2010-02-26 02:20 . 2010-02-26 02:20 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\SupportSoft 2010-02-26 02:20 . 2010-02-26 02:20 -------- dc----w- c:\program files\Common Files\SupportSoft 2010-02-25 05:42 . 2010-02-25 06:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Systweak 2010-02-25 05:40 . 2010-02-25 06:13 -------- dc----w- c:\documents and settings\ielizaga\Application Data\Systweak 2010-02-25 05:40 . 2010-02-25 05:40 -------- dc----w- c:\documents and settings\All Users\Application Data\MyDefrag 2010-02-25 02:28 . 2010-02-25 02:28 -------- dc----w- C:\Diskeeper 2010-02-24 01:29 . 2008-06-20 17:46 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll 2010-02-24 01:29 . 2008-06-20 17:46 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll 2010-02-24 01:29 . 2008-06-20 11:08 225856 -c----w- c:\windows\system32\dllcache\tcpip6.sys 2010-02-23 15:43 . 2010-02-24 04:19 -------- d-----w- d:\program files\Microsoft Works 2010-02-23 15:42 . 2010-02-23 15:42 -------- d-----w- d:\program files\Microsoft.NET 2010-02-23 04:57 . 2009-11-11 12:26 557056 -c--a-w- c:\windows\system32\Netw2c32.dll 2010-02-23 04:57 . 2009-11-11 12:26 2732032 -c--a-w- c:\windows\system32\Netw2r32.dll 2010-02-23 04:51 . 2010-03-07 01:10 -------- dc----w- c:\documents and settings\ielizaga\Application Data\SystemRequirementsLab 2010-02-23 04:51 . 2010-02-23 04:51 88576 -c--a-w- c:\documents and settings\ielizaga\Application Data\SystemRequirementsLab\srlproxy_intel_4_1_47_0_d.dll 2010-02-23 04:51 . 2010-02-23 04:51 88576 -c--a-w- c:\documents and settings\ielizaga\Application Data\SystemRequirementsLab\srlproxy_intel_4_1_47_0_c.dll 2010-02-23 04:51 . 2010-02-23 04:51 88576 -c--a-w- c:\documents and settings\ielizaga\Application Data\SystemRequirementsLab\srlproxy_intel_4_1_47_0_b.dll 2010-02-23 04:51 . 2010-02-23 04:51 88576 -c--a-w- c:\documents and settings\ielizaga\Application Data\SystemRequirementsLab\srlproxy_intel_4_1_47_0_a.dll 2010-02-23 04:48 . 2010-02-23 04:48 -------- d-----w- d:\program files\Analog Devices 2010-02-22 06:23 . 2010-03-07 06:23 -------- d--h--w- d:\program files\InstallShield Installation Information 2010-02-22 00:17 . 2010-02-22 00:17 -------- dc----w- c:\documents and settings\ielizaga\Application Data\GameRanger 2010-02-21 18:56 . 2010-02-21 18:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-02-21 05:20 . 2010-02-21 05:20 -------- dc----w- c:\documents and settings\ielizaga\Application Data\Registry Mechanic 2010-02-21 05:16 . 2010-02-21 05:16 -------- dc----w- c:\program files\Common Files\PC Tools 2010-02-21 02:37 . 2010-02-21 04:08 4 -c--a-w- c:\windows\vx86036.dat 2010-02-21 02:37 . 2010-02-21 02:37 -------- dc----w- c:\documents and settings\All Users\CrypKey 2010-02-21 02:36 . 2010-02-21 02:36 -------- dc----w- c:\documents and settings\ielizaga\Local Settings\Application Data\localntLang 2010-02-20 22:09 . 2010-02-21 05:41 -------- dc----w- c:\documents and settings\ielizaga\Application Data\URSoft 2010-02-20 22:09 . 2010-02-20 22:09 -------- d-----w- d:\program files\Your Uninstaller 2010 2010-02-20 21:47 . 2010-02-20 21:47 -------- d-----w- d:\program files\Lame for Audacity 2010-02-20 21:46 . 2010-03-11 05:29 -------- dc----w- c:\documents and settings\ielizaga\Application Data\Audacity 2010-02-18 03:34 . 2004-03-25 03:44 151552 -c--a-w- c:\windows\system32\HexValidEmail.dll 2010-02-18 03:34 . 2004-03-25 03:44 102400 -c--a-w- c:\windows\system32\HexDns.dll 2010-02-18 03:34 . 2001-09-12 01:23 24576 -c--a-w- c:\windows\system32\snEUps.dll 2010-02-18 03:34 . 2001-07-18 18:42 122880 -c--a-w- c:\windows\system32\snEU.exe 2010-02-18 03:33 . 2010-02-18 03:33 -------- d-----w- d:\program files\Common Files 2010-02-18 02:44 . 2006-01-26 17:26 147456 -c--a-w- c:\windows\system32\DARTUTIL.DLL 2010-02-18 02:44 . 2006-01-26 17:24 221184 -c--a-w- c:\windows\system32\DartSock.dll 2010-02-18 02:44 . 2006-01-26 17:24 196608 -c--a-w- c:\windows\system32\DartSecure2.dll 2010-02-18 02:44 . 2006-01-26 17:24 155648 -c--a-w- c:\windows\system32\DartCertificate.dll 2010-02-18 01:24 . 2010-02-18 01:24 -------- d-----w- d:\program files\Fear-Otaku Software 2010-02-17 02:37 . 2010-02-17 02:37 -------- dc----w- c:\documents and settings\ielizaga\Application Data\Office Genuine Advantage 2010-02-14 19:40 . 2010-03-07 01:47 -------- d-----w- d:\program files\Counter-Strike 1.6 2010-02-14 18:45 . 2010-02-14 18:45 -------- dc----w- c:\program files\Common Files\Macrovision Shared 2010-02-14 06:16 . 2010-02-15 06:37 -------- d-----w- d:\program files\Unlocker 2010-02-14 05:41 . 2010-03-01 14:57 -------- d-----w- d:\program files\Recuva 2010-02-13 20:56 . 2010-02-13 20:56 -------- dc----w- c:\program files\Common Files\SPBA 2010-02-13 20:56 . 2010-02-13 20:58 -------- d-----w- d:\program files\ThinkVantage Fingerprint Software 2010-02-11 04:51 . 2010-02-11 04:51 22382 -c--a-r- c:\documents and settings\ielizaga\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_6FEFF9B68218417F98F549.exe 2010-02-11 04:51 . 2010-02-11 04:51 22382 -c--a-r- c:\documents and settings\ielizaga\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_21F3885A18D238E15AAE81.exe 2010-02-11 04:51 . 2010-02-11 04:51 1406 -c--a-r- c:\documents and settings\ielizaga\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_D707CE1C009F1381803C2C.exe 2010-02-11 03:24 . 2009-08-29 03:42 40448 -c--a-w- c:\windows\system32\drivers\usbaapl.sys 2010-02-11 03:24 . 2009-08-29 03:42 2065696 -c--a-w- c:\windows\system32\usbaaplrc.dll 2010-02-11 03:12 . 2010-02-11 03:12 72488 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-10 22:34 . 2010-02-10 22:34 52224 -c--a-w- c:\documents and settings\ielizaga\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-10 22:34 . 2010-02-25 05:18 -------- d-----w- d:\program files\SUPERAntiSpyware 2010-02-10 22:33 . 2010-02-12 05:54 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-12 02:08 . 2010-01-09 23:31 -------- d-----w- d:\program files\PeerBlock 2010-03-12 01:25 . 2008-11-26 03:06 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-11 23:59 . 2009-12-11 02:36 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware 2010-03-11 23:34 . 2010-03-11 23:39 9230336 -c--a-w- c:\windows\Internet Logs\xDB12.tmp 2010-03-11 06:28 . 2009-12-31 07:05 37536 -c--a-w- c:\windows\system32\RW_AppData.dat 2010-03-11 06:28 . 2009-12-31 07:05 36880 -c--a-w- c:\windows\system32\RW_FileType.dat 2010-03-11 06:28 . 2009-12-31 07:05 336 -c--a-w- c:\windows\system32\RW_{92EAF043-8CD7-11DC-ACCF-806D6172696F}.dat 2010-03-11 06:28 . 2009-12-31 07:05 312 -c--a-w- c:\windows\system32\RW_FileFlag.dat 2010-03-11 06:28 . 2009-12-31 07:05 2912 -c--a-w- c:\windows\system32\RW_{92EAF041-8CD7-11DC-ACCF-806D6172696F}.dat 2010-03-11 06:26 . 2010-03-11 23:13 9213952 -c--a-w- c:\windows\Internet Logs\xDB11.tmp 2010-03-11 06:23 . 2010-03-11 06:24 9238528 -c--a-w- c:\windows\Internet Logs\xDBF.tmp 2010-03-11 06:12 . 2010-03-11 06:25 18944 -c--a-w- c:\windows\Internet Logs\xDB10.tmp 2010-03-11 06:11 . 2009-08-30 20:10 -------- dc----w- c:\documents and settings\ielizaga\Application Data\DMCache 2010-03-11 05:55 . 2010-03-11 05:59 9229312 -c--a-w- c:\windows\Internet Logs\xDBE.tmp 2010-03-11 00:24 . 2010-03-11 00:26 9225728 -c--a-w- c:\windows\Internet Logs\xDBC.tmp 2010-03-10 18:40 . 2010-03-11 00:26 16896 -c--a-w- c:\windows\Internet Logs\xDBD.tmp 2010-03-10 06:26 . 2010-03-10 14:37 9283072 -c--a-w- c:\windows\Internet Logs\xDBB.tmp 2010-03-10 05:09 . 2010-01-19 05:55 -------- dc----w- c:\documents and settings\ielizaga\Application Data\TeraCopy 2010-03-10 04:47 . 2010-03-10 04:49 9284608 -c--a-w- c:\windows\Internet Logs\xDB9.tmp 2010-03-10 04:46 . 2010-03-10 04:49 21504 -c--a-w- c:\windows\Internet Logs\xDBA.tmp 2010-03-10 03:04 . 2009-09-28 01:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Rosetta Stone 2010-03-09 13:33 . 2010-03-09 15:16 9218048 -c--a-w- c:\windows\Internet Logs\xDB7.tmp 2010-03-09 06:20 . 2010-01-12 03:14 -------- d-----w- d:\program files\Minilyrics 2010-03-09 06:20 . 2010-03-09 15:17 18432 -c--a-w- c:\windows\Internet Logs\xDB8.tmp 2010-03-08 04:42 . 2010-03-08 15:19 9193984 -c--a-w- c:\windows\Internet Logs\xDB6.tmp 2010-03-08 01:16 . 2010-03-08 01:18 9192960 -c--a-w- c:\windows\Internet Logs\xDB5.tmp 2010-03-07 21:21 . 2010-03-07 21:26 9219584 -c--a-w- c:\windows\Internet Logs\xDB4.tmp 2010-03-07 06:14 . 2010-03-07 06:17 9198592 -c--a-w- c:\windows\Internet Logs\xDB2.tmp 2010-03-07 05:24 . 2010-03-07 06:17 23040 -c--a-w- c:\windows\Internet Logs\xDB3.tmp 2010-03-06 06:28 . 2010-03-06 19:22 9434112 -c--a-w- c:\windows\Internet Logs\xDB1.tmp 2010-03-06 04:14 . 2010-03-06 04:14 118784 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-06 04:14 . 2010-03-06 04:14 118784 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-06 04:14 . 2010-03-06 04:14 329312 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-06 04:14 . 2010-03-06 04:14 300616 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-06 04:14 . 2010-03-06 04:14 118784 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-06 04:14 . 2010-03-06 02:43 -------- dc----w- c:\program files\Common Files\Real 2010-03-06 04:14 . 2010-03-06 02:43 -------- d-----w- d:\program files\Real 2010-03-06 04:14 . 2010-03-06 04:14 -------- dc----w- c:\program files\Common Files\xing shared 2010-03-06 04:13 . 2006-07-12 01:35 348160 -c--a-w- c:\windows\system32\msvcr71.dll 2010-03-06 04:11 . 2010-03-06 04:11 373551 -c--a-w- c:\documents and settings\ielizaga\Application Data\mdply3d\mdply3d.exe 2010-03-06 04:11 . 2010-03-06 04:11 -------- dc----w- c:\documents and settings\ielizaga\Application Data\mdply3d 2010-03-06 04:11 . 2010-03-06 04:11 373551 -c--a-w- c:\documents and settings\ielizaga\mdply3d.exe 2010-03-06 02:56 . 2010-03-06 02:56 439816 -c--a-w- c:\documents and settings\ielizaga\Application Data\Real\Update\setup3.10\setup.exe 2010-03-05 06:25 . 2006-02-13 19:53 -------- dc----w- c:\program files\Common Files\Adobe 2010-03-05 06:04 . 2010-01-19 05:55 -------- d-----w- d:\program files\TeraCopy 2010-03-05 04:37 . 2009-11-08 18:42 -------- d-----w- d:\program files\TuneUp Utilities 2010 2010-03-04 06:27 . 2010-02-03 02:19 -------- dc----w- c:\documents and settings\ielizaga\Application Data\vlc 2010-03-02 01:35 . 2009-01-29 01:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-01 14:55 . 2009-03-27 23:32 -------- d-----w- d:\program files\CCleaner 2010-02-26 23:55 . 2008-04-14 12:00 361600 -c--a-w- c:\windows\system32\drivers\TCPIP.SYS 2010-02-26 23:55 . 2009-01-04 02:30 361600 -c--a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2010-02-24 04:24 . 2006-01-30 20:34 107592 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-24 02:48 . 2007-11-27 02:06 107592 -c--a-w- c:\documents and settings\ielizaga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-23 00:28 . 2009-11-01 01:03 -------- dc----w- c:\documents and settings\ielizaga\Application Data\IDM 2010-02-22 06:30 . 2009-07-29 01:51 53319 -c--a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe 2010-02-22 06:25 . 2009-07-29 01:56 53319 -c--a-w- c:\documents and settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe 2010-02-21 19:52 . 2009-07-11 22:49 -------- d-----w- d:\program files\Cheat Engine 2010-02-20 23:41 . 2009-11-01 01:03 -------- d-----w- d:\program files\Internet Download Manager 2010-02-20 21:46 . 2009-12-08 00:17 -------- d-----w- d:\program files\Audacity 1.3 Beta (Unicode) 2010-02-20 02:29 . 2009-04-17 05:40 519 -c--a-w- c:\windows\PowerReg.dat 2010-02-13 20:25 . 2009-10-09 02:32 36864 -c--a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe 2010-02-13 06:51 . 2009-08-11 00:52 3864064 -c--a-w- c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe 2010-02-13 06:18 . 2009-08-11 00:50 2328832 -c--a-w- c:\windows\system32\TUKernel.exe 2010-02-11 03:28 . 2010-01-05 04:02 -------- d-----w- d:\program files\iTunes 2010-02-11 03:27 . 2010-01-20 03:39 -------- dc----w- c:\program files\Common Files\Apple 2010-02-10 22:40 . 2009-10-20 14:01 117760 -c--a-w- c:\documents and settings\ielizaga\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-10 01:10 . 2009-12-20 22:19 -------- d-----w- d:\program files\K-Lite Codec Pack 2010-02-07 18:41 . 2009-12-31 07:05 1176 -c--a-w- c:\windows\system32\RW_{7F6357F4-DF90-11DE-92E3-0013CE55A177}.dat 2010-02-07 04:23 . 2009-12-12 03:13 -------- d-----w- d:\program files\Rosetta Stone 2010-02-03 04:35 . 2010-01-15 06:14 -------- d-----w- d:\program files\Winamp 2010-02-03 02:19 . 2009-04-04 00:06 4876 -c--a-w- c:\windows\system32\d3d9caps.dat 2010-02-03 00:22 . 2009-11-01 01:04 198064 -c--a-w- c:\documents and settings\ielizaga\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-02-02 18:00 . 2009-12-20 22:19 85504 -c--a-w- c:\windows\system32\ff_vfw.dll 2010-01-31 08:46 . 2010-01-31 08:46 -------- dc----w- c:\program files\Common Files\Config 2010-01-30 03:17 . 2009-12-23 01:17 -------- d-----w- d:\program files\Mozilla Firefox 3.6 Beta 5 2010-01-25 04:58 . 2010-01-25 04:54 -------- dc----w- c:\documents and settings\All Users\Application Data\DFX 2010-01-25 04:54 . 2010-01-25 04:54 -------- d-----w- d:\program files\DFX 2010-01-25 04:54 . 2010-01-25 04:54 -------- dc----w- c:\program files\Common Files\DFX 2010-01-21 00:22 . 2010-01-21 00:13 36864 -c--a-w- c:\documents and settings\All Users\Application Data\TEMP\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe 2010-01-20 03:46 . 2008-07-13 16:57 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-01-20 01:59 . 2010-01-20 01:59 -------- dc----w- c:\documents and settings\LocalService\Application Data\CyberLink 2010-01-18 04:45 . 2010-01-18 04:45 -------- dc----w- c:\program files\Common Files\Diskeeper Corporation 2010-01-18 04:45 . 2010-01-18 04:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation 2010-01-18 01:14 . 2003-02-04 17:50 23444 -c--a-w- c:\windows\system32\emptyregdb.dat 2010-01-17 05:41 . 2008-10-27 02:55 411368 -c--a-w- c:\windows\system32\deploytk.dll 2010-01-17 05:41 . 2010-01-17 05:41 -------- d-----w- d:\program files\Java 2010-01-17 04:55 . 2009-04-14 17:38 -------- d-----w- d:\program files\Yahoo! 2010-01-16 05:30 . 2010-01-15 06:14 -------- dc----w- c:\documents and settings\ielizaga\Application Data\Winamp 2009-12-31 16:50 . 2008-04-14 12:00 353792 -c--a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 2008-04-14 12:00 916480 -c----w- c:\windows\system32\wininet.dll 2009-12-17 23:14 . 2009-11-08 18:43 30536 -c--a-w- c:\windows\system32\TURegOpt.exe 2009-12-16 18:43 . 2003-02-04 17:49 343040 -c--a-w- c:\windows\system32\mspaint.exe 2009-12-14 20:33 . 2010-01-01 08:41 53248 -c--a-w- c:\windows\system32\CSVer.dll 2009-12-14 07:08 . 2008-04-14 12:00 33280 -c--a-w- c:\windows\system32\csrsrv.dll 2009-12-12 14:15 . 2009-09-19 03:29 178176 -c--a-w- c:\windows\system32\unrar.dll . ------- Sigcheck ------- [-] 2010-02-26 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [-] 2010-02-26 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\TCPIP.SYS . ((((((((((((((((((((((((((((( SnapShot@2010-03-09_04.44.51 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-11 23:39 . 2010-03-11 23:39 16384 c:\windows\Temp\Perflib_Perfdata_4b0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{0C8413C1-FAD1-446C-8584-BE50576F863E}"= "d:\program files\Search Toolbar\tbcore3.dll" [2010-01-27 2771120] [HKEY_CLASSES_ROOT\clsid\{0c8413c1-fad1-446c-8584-be50576f863e}] [HKEY_CLASSES_ROOT\TBSB05974.TBSB05974.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB05974.TBSB05974] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerBlock"="d:\program files\PeerBlock\peerblock.exe" [2010-03-09 1738352] "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-10 2002160] "mdply3d"="c:\documents and settings\ielizaga\Application Data\mdply3d\mdply3d.exe" [2010-03-06 373551] "byvtrpdrv"="urppnl.dll" [2010-03-11 97280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="d:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-06-26 92960] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-06 202256] "wvvttqsys"="tusrpp.dll" [2010-03-11 89600] "xxxvuudrv"="urppnl.dll" [2010-03-11 97280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "tuvsttsys"="tusrpp.dll" [2010-03-11 89600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoStartMenuEjectPC"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2004-11-01 19:50 8704 ----a-w- c:\windows\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2009-12-01 21:41 100104 ----a-w- d:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 tusrpp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^ielizaga^Start Menu^Programs^Startup^GameRanger.lnk] backup=c:\windows\pss\GameRanger.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WMDM PMSP Service"=2 (0x2) "wlidsvc"=2 (0x2) "Viewpoint Manager Service"=2 (0x2) "TmProxy"=2 (0x2) "TmPfw"=2 (0x2) "TMBMServer"=2 (0x2) "SfCtlCom"=2 (0x2) "QOSMyDesktop"=2 (0x2) "ocautoupds"=2 (0x2) "MyDesktopWindows"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "gupdate1c9f8319d11f630"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "awhost32"=3 (0x3) "Apple Mobile Device"=2 (0x2) "ImapiService"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Pml Driver HPZ12"=3 (0x3) "RichVideo"=3 (0x3) "TuneUp.Defrag"=3 (0x3) "idsvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "IDMan"=d:\program files\Internet Download Manager\IDMan.exe /onboot [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "igfxhkcmd"=c:\windows\system32\hkcmd.exe "igfxpers"=c:\windows\system32\igfxpers.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "Persistence"=c:\windows\system32\igfxpers.exe "IgfxTray"=c:\windows\system32\igfxtray.exe "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto "UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "d:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "d:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "56384:TCP"= 56384:TCP:Pando Media Booster "56384:UDP"= 56384:UDP:Pando Media Booster "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [9/15/2009 4:49 PM 3026] R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968] R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2/20/2010 9:16 PM 583640] R2 smihlp;SMI Helper Driver (smihlp);d:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 1:47 PM 12560] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [4/6/2009 2:08 PM 36368] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/17/2009 3:12 PM 1044808] R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [1/17/2010 8:46 PM 41120] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/8/2010 9:17 PM 19160] R3 pbfilter;pbfilter;d:\program files\PeerBlock\pbfilter.sys [1/9/2010 3:31 PM 18544] R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408] R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [3/4/2008 6:28 AM 23080] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:41 AM 721904] S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/8/2010 9:17 PM 236368] S2 PMEMNT;PMEMNT;\??\c:\windows\pmemnt.sys --> c:\windows\pmemnt.sys [?] S2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys --> c:\windows\system32\drivers\tmevtmgr.sys [?] S3 cpuz;cpuz;\??\c:\docume~1\ielizaga\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\ielizaga\LOCALS~1\Temp\cpuz.sys [?] S3 cpuz130;cpuz130;\??\c:\docume~1\ielizaga\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ielizaga\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [8/29/2009 3:42 PM 28672] S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [4/6/2009 2:08 PM 335376] S4 gupdate1c9f8319d11f630;Google Update Service (gupdate1c9f8319d11f630);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S4 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\MyDesktop\MyDesktopService.exe --> c:\windows\orclobi\MyDesktop\MyDesktopService.exe [?] S4 ocautoupds;Oracle Connector Automatic Updates Service; [x] S4 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\MyDesktop\MyDesktopQOS.exe --> c:\windows\orclobi\MyDesktop\MyDesktopQOS.exe [?] S4 TmPfw;Trend Micro Personal Firewall; [x] S4 TmProxy;Trend Micro Proxy Service; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] 2010-03-11 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07] 2010-03-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-582103443-1065543706-2027339946-1005.job - d:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-10 02:38] 2010-03-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-582103443-1065543706-2027339946-1005.job - d:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-10 02:38] 2010-03-12 c:\windows\Tasks\User_Feed_Synchronization-{C0117973-63D5-4ECA-831D-AFA1F8E3EECE}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31] . . ------- Supplementary Scan ------- . uStart Page = Yahoo.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = wmplayer.exe uSearchAssistant = hxxp://www.google.com/ie IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: microsoft.com\office Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: oraclecorp.com\global-service Trusted Zone: windowsupdate.com Trusted Zone: windowsupdate.com\download TCP: {2669867D-E237-4792-8BC4-BE18FACE753C} = 208.67.222.222,208.67.220.220 TCP: {FD99B04C-CFE4-4D74-8C55-21BA7183A524} = 208.67.222.222,208.67.220.220 DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - hxxps://conference.oracle.com/imtapp/res/jar/cnsload.cab FF - ProfilePath - c:\documents and settings\ielizaga\Application Data\Mozilla\Firefox\Profiles\7qzd5zsp.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q= FF - component: c:\documents and settings\ielizaga\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: d:\program files\Mozilla Firefox 3.6 Beta 5\extensions\{a02c1aac-2bb9-217c-3817-04dd9b278f6e}\components\8K--Hg-D9AX-A.dll FF - plugin: c:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll FF - plugin: c:\program files\Microsoft Silverlight\3.0.50106.0\npctrl.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin6.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin7.dll FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll FF - plugin: c:\program files\Windows Media Player\npdsplay.dll FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.pipelining.ssl - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: yahoo.homepage.dontask - true d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . . ------- File Associations ------- . vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-11 18:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\BagMRU\0] @DACL=(02 0000) @SACL= "0"=hex:14,00,47,00,02,45,6e,74,69,72,65,20,4e,65,74,77,6f,72,6b,00,00,00 "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\1] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\10] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\11] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\12] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\13] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\14] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\15] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\16] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\17] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\18] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\19] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\2] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\20] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\21] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\22] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\3] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\4] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\5] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\6] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\7] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\8] @DACL=(02 0000) @SACL= [HKEY_USERS\S-1-5-21-582103443-1065543706-2027339946-1005\Software\Microsoft\Windows\Shell\Bags\9] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):b5,c7,7b,8b,45,84,ce,9a,1c,3c,88,40,5e,dd,3b,f3,5f,16,11,21,41, 6e,ef,08,e8,1a,0f,dd,d6,b1,de,e9,b2,40,c1,3b,79,2f,de,a7,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d88d0fba-5427-41f3-903a-f3eca38e8f72}] @Denied: (Full) (Everyone) "Model"=dword:0000003f "Therad"=dword:00000016 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(932) c:\windows\system32\vrlogon.dll d:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\ielizaga\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\ielizaga\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll d:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll d:\program files\ThinkVantage Fingerprint Software\homefus2.dll d:\program files\ThinkVantage Fingerprint Software\infql2.dll d:\program files\ThinkVantage Fingerprint Software\homepass.dll d:\program files\ThinkVantage Fingerprint Software\bio.dll d:\program files\ThinkVantage Fingerprint Software\qlbase.dll d:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\windows\system32\urppnl.dll - - - - - - - > 'lsass.exe'(1004) c:\windows\system32\tusrpp.dll c:\windows\system32\wininet.dll - - - - - - - > 'explorer.exe'(1076) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\urppnl.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll - - - - - - - > 'csrss.exe'(908) c:\windows\system32\wininet.dll . Completion time: 2010-03-11 18:12:34 ComboFix-quarantined-files.txt 2010-03-12 02:12 ComboFix2.txt 2010-03-10 06:12 ComboFix3.txt 2010-03-09 04:48 Pre-Run: 14,311,010,304 bytes free Post-Run: 14,278,283,264 bytes free Current=10 Default=10 Failed=9 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11 - - End Of File - - 700BDAFCFBAA44704207295E99B242EF

here's a new hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:44:30 PM, on 3/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\PeerBlock\peerblock.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\ielizaga\Application Data\mdply3d\mdply3d.exe C:\WINDOWS\system32\rundll32.exe D:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O1 - Hosts: 74.208.105.171 gs.apple.com O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - D:\Program Files\Search Toolbar\tbcore3.dll O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - D:\Program Files\Search Toolbar\tbcore3.dll O4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [wvvttqsys] rundll32.exe "tusrpp.dll",DllRegisterServer O4 - HKLM\..\Run: [xxxvuudrv] rundll32.exe "urppnl.dll",s O4 - HKCU\..\Run: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [mdply3d] C:\Documents and Settings\ielizaga\Application Data\mdply3d\mdply3d.exe O4 - HKCU\..\Run: [byvtrpdrv] rundll32.exe "urppnl.dll",s O4 - HKUS\S-1-5-18\..\Run: [tuvsttsys] rundll32.exe "tusrpp.dll",DllRegisterServer (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [tuvsttsys] rundll32.exe "tusrpp.dll",DllRegisterServer (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://download.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/jar/cnsload.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263780057268 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1260315087266 O17 - HKLM\System\CCS\Services\Tcpip\..\{2669867D-E237-4792-8BC4-BE18FACE753C}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{FD99B04C-CFE4-4D74-8C55-21BA7183A524}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = us.oracle.com O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = us.oracle.com O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 7967 bytes