Google Redirect

[Kerjifire]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:07 on 23/03/2010 by S Chung (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys   -----c 95360 bytes   [22:21 24/10/2009]   [12:00 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys   --a--- 96512 bytes   [08:26 04/02/2010]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys   ------ 96512 bytes   [22:05 24/10/2009]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\atapi.sys   --a--c 96512 bytes   [18:40 13/04/2008]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys   --a--c 96512 bytes   [12:00 04/08/2004]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys   --a--- 96512 bytes   [12:00 04/08/2004]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

[Dr Jay]

Ok. That is clean.

How is your computer running at this point?

[Kerjifire]

atm fine. Just my Reg Mechanic, Superantispyware & Malwarebytes cant update.

[Dr Jay]

Please download A-Squared HiJackFree from here and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following:
Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.

[Kerjifire]

I ran combofix again and it found something and my programs update now! 

ComboFix 10-03-23.03 - S Chung 24/03/2010  16:08:24.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1461 [GMT 11:00]
Running from: c:\documents and settings\S Chung\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\eSellerateEngine.dll

.
(((((((((((((((((((((((((   Files Created from 2010-02-24 to 2010-03-24  )))))))))))))))))))))))))))))))
.

2010-03-22 10:46 . 2010-03-22 10:46   10134   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{D679B939-2FF1-58DE-40E0-4876F5C482A5}\ARPPRODUCTICON.exe
2010-03-21 23:56 . 2010-03-21 23:56   --------   d-----w-   C:\_OTL
2010-03-21 04:55 . 2010-01-07 05:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 04:55 . 2010-03-21 04:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-21 04:55 . 2010-01-07 05:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-03-21 03:57 . 2010-03-21 03:57   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Ahead
2010-03-21 02:28 . 2010-03-22 04:53   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-03-21 02:28 . 2009-03-29 22:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-03-21 02:28 . 2009-02-13 00:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-03-21 02:28 . 2009-02-13 00:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-03-21 02:28 . 2010-03-21 02:28   --------   d-----w-   c:\program files\Avira
2010-03-21 02:28 . 2010-03-21 02:28   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2010-03-21 00:03 . 2010-03-21 00:03   --------   d-----w-   c:\documents and settings\S Chung\Application Data\CheckPoint
2010-03-21 00:03 . 2010-03-21 00:03   --------   d-----w-   c:\program files\CheckPoint
2010-03-21 00:03 . 2009-11-22 04:42   69000   ----a-w-   c:\windows\system32\zlcomm.dll
2010-03-21 00:03 . 2009-11-22 04:42   103816   ----a-w-   c:\windows\system32\zlcommdb.dll
2010-03-21 00:03 . 2009-11-22 04:42   1238408   ----a-w-   c:\windows\system32\zpeng25.dll
2010-03-20 22:51 . 2009-12-16 03:42   43008   ----a-w-   c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-20 22:51 . 2009-12-16 03:42   340480   ----a-w-   c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-20 22:51 . 2009-12-16 03:42   872960   ----a-w-   c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-20 22:51 . 2009-12-16 03:41   346624   ----a-w-   c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-20 22:47 . 2010-03-20 22:47   --------   d-sh--w-   c:\documents and settings\M Chung\IECompatCache
2010-03-18 05:13 . 2010-03-07 19:31   549888   ----a-r-   C:\OTLPE.exe
2010-03-12 21:28 . 2008-04-14 00:11   56320   ----a-w-   c:\windows\system32\eventlog.dll
2010-03-07 04:47 . 2010-03-07 04:47   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-03-07 04:36 . 2010-03-07 04:36   --------   d-----w-   C:\ATI
2010-03-07 04:17 . 2010-03-07 04:17   --------   d-----w-   c:\program files\Phyxion.net
2010-03-07 03:09 . 2010-03-07 03:09   10134   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2010-03-06 04:41 . 2010-03-06 04:50   --------   d-----w-   c:\windows\maxdriver
2010-03-04 07:39 . 2010-03-06 01:28   --------   d-----w-   c:\documents and settings\S Chung\Application Data\mIRC
2010-03-02 10:46 . 2010-03-02 10:46   52224   ----a-w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-02 09:08 . 2010-03-02 09:09   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2010-03-02 09:08 . 2010-03-02 09:08   --------   d-----w-   c:\windows\system32\drivers\NSS
2010-03-02 09:08 . 2010-03-02 09:08   --------   d-----w-   c:\program files\Norton Security Scan
2010-03-02 09:08 . 2010-03-02 09:08   --------   d-----w-   c:\program files\NortonInstaller
2010-03-02 09:08 . 2010-03-02 09:08   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2010-03-01 11:14 . 2010-02-19 08:31   31936   ----a-w-   c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-03-01 11:14 . 2010-02-19 08:31   29344   ----a-w-   c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-02-27 04:40 . 2010-02-27 04:40   --------   d-----w-   c:\documents and settings\CS Chung\Application Data\Logitech
2010-02-26 23:36 . 2010-03-06 00:16   --------   d-----w-   c:\program files\WhoCrashed
2010-02-23 11:21 . 2010-02-23 11:21   --------   d-----w-   c:\program files\Combined Community Codec Pack
2010-02-23 11:16 . 2009-06-07 05:24   180224   ----a-w-   c:\windows\system32\xvidvfw.dll
2010-02-23 11:16 . 2009-06-07 05:16   819200   ----a-w-   c:\windows\system32\xvidcore.dll
2010-02-23 11:16 . 2010-03-02 09:05   --------   d-----w-   c:\program files\Xvid
2010-02-23 05:53 . 2010-02-23 05:58   --------   d-----w-   c:\program files\MegaLeecher
2010-02-22 07:22 . 2010-03-21 03:34   --------   d-----w-   c:\documents and settings\S Chung\Application Data\uTorrent

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 05:00 . 2007-11-11 03:37   1591648   ----a-w-   c:\windows\Internet Logs\tvDebug.Zip
2010-03-24 04:57 . 2007-06-21 11:13   --------   d---a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-03-21 04:55 . 2009-11-19 10:05   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Malwarebytes
2010-03-21 04:55 . 2009-10-25 01:28   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-21 04:40 . 2010-01-26 03:06   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-03-21 00:08 . 2010-01-26 01:28   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-03-21 00:07 . 2009-06-07 06:33   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-03-21 00:03 . 2007-06-14 11:42   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2010-03-07 04:47 . 2009-11-19 10:05   --------   d-----w-   c:\documents and settings\S Chung\Application Data\ATI
2010-03-07 04:41 . 2010-03-07 04:37   --------   d-----w-   c:\program files\ATI Technologies
2010-03-07 04:37 . 2010-03-07 04:37   --------   d-----w-   c:\program files\ATI
2010-03-06 01:15 . 2009-11-09 09:16   --------   d-----w-   c:\program files\mIRC
2010-03-06 00:17 . 2008-04-25 05:16   --------   d-----w-   c:\program files\Lavasoft
2010-03-06 00:17 . 2007-11-05 03:08   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2010-03-03 06:40 . 2005-04-10 12:26   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-03-02 10:46 . 2010-01-26 01:28   65024   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-03-02 10:46 . 2010-01-26 01:28   5120   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-03-02 09:08 . 2007-06-14 11:01   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-03-02 09:05 . 2007-10-30 07:51   --------   d-----w-   c:\program files\Windows Media Connect 2
2010-03-01 11:22 . 2008-11-02 09:43   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-02-27 06:25 . 2007-11-20 10:21   --------   d-----w-   c:\program files\GameSpy Arcade
2010-02-27 05:20 . 2009-11-27 05:41   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Skype
2010-02-27 04:40 . 2007-06-14 11:46   149440   ----a-w-   c:\documents and settings\CS Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-26 10:53 . 2009-07-02 01:31   --------   d-----w-   c:\program files\DivX
2010-02-26 10:53 . 2009-05-22 11:46   --------   d-----w-   c:\program files\AskBarDis
2010-02-25 09:57 . 2009-07-31 12:26   --------   d-----w-   c:\program files\CamStudio
2010-02-23 11:20 . 2009-07-02 01:31   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-02-23 07:43 . 2008-08-03 09:07   401408   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-23 07:43 . 2008-08-03 09:07   765952   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-22 07:22 . 2010-02-11 06:29   --------   d-----w-   c:\program files\uTorrent
2010-02-21 11:12 . 2008-09-02 07:30   --------   d-----r-   c:\program files\Skype
2010-02-21 11:11 . 2008-09-02 07:30   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2010-02-17 09:29 . 2010-01-26 01:28   117760   ----a-w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-16 09:48 . 2010-02-16 09:48   180224   ----a-w-   c:\windows\system32\WinVd32.sys
2010-02-16 09:48 . 2010-02-16 09:48   7680   ----a-w-   c:\windows\system32\WinFLsrv.exe
2010-02-16 06:54 . 2010-02-16 06:37   --------   d-----w-   c:\program files\Audio Mid Recorder
2010-02-16 06:35 . 2007-08-25 04:54   --------   d-----w-   c:\program files\Common Files\AVSMedia
2010-02-16 06:35 . 2009-12-07 02:03   --------   d-----w-   c:\program files\AVS4YOU
2010-02-16 06:25 . 2009-11-26 08:15   --------   d-----w-   c:\program files\Mp3tag
2010-02-14 00:27 . 2010-01-26 03:06   --------   d-----w-   c:\program files\Spyware Doctor
2010-02-13 08:37 . 2010-02-12 11:04   --------   d-----w-   c:\documents and settings\S Chung\Application Data\vlc
2010-02-13 05:29 . 2010-02-13 05:29   --------   d-----w-   c:\documents and settings\S Chung\Application Data\dvdcss
2010-02-10 11:12 . 2010-02-10 11:12   --------   d-----w-   c:\documents and settings\S Chung\Application Data\AVS4YOU
2010-02-07 16:41 . 2010-02-07 16:41   86016   ----a-w-   c:\windows\system32\frapsvid.dll
2010-02-04 20:09 . 2010-02-04 20:09   503808   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcp71.dll
2010-02-04 20:09 . 2010-02-04 20:09   348160   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcr71.dll
2010-02-04 20:09 . 2010-02-04 20:09   499712   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\jmc.dll
2010-02-04 20:09 . 2010-02-04 20:09   61440   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-sse.dll
2010-02-04 20:09 . 2010-02-04 20:09   12800   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-d3d.dll
2010-02-04 20:04 . 2007-06-17 06:59   149440   ----a-w-   c:\documents and settings\M Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 20:04 . 2010-02-04 20:04   --------   d-----w-   c:\documents and settings\M Chung\Application Data\Logitech
2010-02-03 11:32 . 2008-08-23 11:04   --------   d-----w-   c:\program files\Sun
2010-02-03 11:30 . 2005-04-09 08:52   --------   d-----w-   c:\program files\Java
2010-02-03 04:52 . 2007-09-14 14:04   4605952   ----a-w-   c:\windows\system32\drivers\ati2mtag.sys
2010-02-03 04:12 . 2010-03-07 04:37   45056   ----a-w-   c:\windows\system32\aticalrt.dll
2010-02-03 04:12 . 2010-03-07 04:37   45056   ----a-w-   c:\windows\system32\aticalcl.dll
2010-02-03 04:10 . 2010-03-07 04:37   3633152   ----a-w-   c:\windows\system32\aticaldd.dll
2010-02-03 04:07 . 2010-03-07 04:37   311296   ----a-w-   c:\windows\system32\atiiiexx.dll
2010-02-03 04:02 . 2010-03-07 04:37   14188544   ----a-w-   c:\windows\system32\atioglxx.dll
2010-02-03 03:50 . 2004-05-07 03:16   3566048   ----a-w-   c:\windows\system32\ati3duag.dll
2010-02-03 03:40 . 2010-03-07 04:37   446464   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2010-02-03 03:39 . 2010-03-07 04:37   301568   ----a-w-   c:\windows\system32\ati2dvag.dll
2010-02-03 03:35 . 2004-05-07 03:16   2176640   ----a-w-   c:\windows\system32\ativvaxx.dll
2010-02-03 03:34 . 2010-03-07 04:37   887724   ----a-w-   c:\windows\system32\ativva6x.dat
2010-02-03 03:34 . 2010-03-07 04:37   3   ----a-w-   c:\windows\system32\ativva5x.dat
2010-02-03 03:32 . 2010-03-07 04:37   397312   ----a-w-   c:\windows\system32\atiok3x2.dll
2010-02-03 03:23 . 2010-03-07 04:37   208896   ----a-w-   c:\windows\system32\atipdlxx.dll
2010-02-03 03:23 . 2010-03-07 04:37   155648   ----a-w-   c:\windows\system32\Oemdspif.dll
2010-02-03 03:23 . 2010-03-07 04:37   26112   ----a-w-   c:\windows\system32\Ati2mdxx.exe
2010-02-03 03:23 . 2010-03-07 04:37   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2010-02-03 03:22 . 2010-03-07 04:37   159744   ----a-w-   c:\windows\system32\ati2evxx.dll
2010-02-03 03:21 . 2010-03-07 04:37   602112   ----a-w-   c:\windows\system32\ati2evxx.exe
2010-02-03 03:19 . 2010-03-07 04:37   53248   ----a-w-   c:\windows\system32\ATIDDC.DLL
2010-02-03 03:19 . 2010-03-07 04:37   143360   ----a-w-   c:\windows\system32\atiapfxx.exe
2010-02-03 03:18 . 2010-03-07 04:37   65024   ----a-w-   c:\windows\system32\atimpc32.dll
2010-02-03 03:18 . 2010-03-07 04:37   65024   ----a-w-   c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2010-03-07 04:37   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2010-03-07 04:37   565248   ----a-w-   c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2010-03-07 04:37   180224   ----a-w-   c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2010-03-07 04:37   17408   ----a-w-   c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2004-05-07 03:15   638976   ----a-w-   c:\windows\system32\ati2cqag.dll
2010-02-02 08:37 . 2005-04-06 13:23   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-02-02 08:37 . 2009-10-27 10:01   --------   d-----w-   c:\program files\Macromedia
2010-02-02 08:37 . 2009-10-27 10:03   --------   d-----w-   c:\program files\Common Files\Macromedia
2010-02-02 08:20 . 2010-02-02 08:19   --------   d-----w-   c:\program files\Hypersnap
2010-01-29 07:54 . 2010-01-18 04:54   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Auslogics
2010-01-29 07:48 . 2010-01-18 04:54   --------   d-----w-   c:\program files\Auslogics
2010-01-28 10:32 . 2010-01-28 10:32   --------   d-----w-   c:\program files\New Folder
2010-01-28 10:02 . 2009-07-23 10:26   --------   d-----w-   c:\program files\Paint.NET
2010-01-28 09:58 . 2009-06-21 02:44   149440   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-28 07:11 . 2010-01-28 07:03   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2010-01-28 07:03 . 2010-01-28 07:03   9158   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-01-27 05:12 . 2008-07-03 07:37   215104   ----a-w-   c:\windows\system32\PnkBstrB.exe
2010-01-27 04:38 . 2008-07-03 07:38   138576   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2010-01-27 01:44 . 2009-10-25 05:09   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-01-26 21:21 . 2009-05-26 08:12   --------   d-----w-   c:\program files\Logitech
2010-01-26 21:17 . 2009-05-26 08:12   --------   d-----w-   c:\program files\Common Files\Logitech
2010-01-26 11:20 . 2010-01-26 11:20   --------   d-----w-   c:\program files\Realtek AC97
2010-01-26 09:29 . 2010-01-26 09:29   --------   d-----w-   c:\program files\Driver-Soft
2010-01-26 04:16 . 2010-01-26 04:16   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Simply Super Software
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2000-01-01 00:00 . 2000-01-01 00:00   23   --sh--r-   c:\windows\mtlid64s2.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 08:22   333192   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-01-22 67128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"DNTVSchedulerProTray Icon"="c:\program files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe" [2009-03-14 167936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 03:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 01:28   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Battle For Middle Earth I\\game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Call of Duty Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Nexon\\Combat Arms\\NMService.exe"=
"h:\combat arms\CombatArms.exe"= h:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"h:\combat arms\Engine.exe"= h:\combat arms\Engine.exe:*Enabled:Engine.exe
"h:\\Combat Arms\\NMService.exe"=
"h:\\Prince of Persia\\Prince of Persia.exe"=
"h:\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"h:\\BFME2\\game.dat"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\S Chung\\Desktop\\ \\Downloads\\utorrent(2).exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58508:TCP"= 58508:TCP:Pando Media Booster
"58508:UDP"= 58508:UDP:Pando Media Booster

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [26/01/2010 2:06 PM 207792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21/03/2010 1:28 PM 108289]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [26/01/2010 2:08 PM 112592]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [15/10/2009 12:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [15/10/2009 12:30 AM 476528]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/01/2010 11:38 AM 10384]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [16/02/2010 8:48 PM 17984]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SuperMounter;SuperMounter;

S2 DNTVSchedulerPro;DNTV Scheduler Pro Service;c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf --> c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf [?]
S2 gupdate1ca0c3d8ecb7ade;Google Update Service (gupdate1ca0c3d8ecb7ade);c:\program files\Google\Update\GoogleUpdate.exe [24/07/2009 8:03 PM 133104]
S2 msrvc;msrvc;c:\ssrcc\msrvc.exe --> c:\ssrcc\msrvc.exe [?]
S2 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe --> c:\ssrcc\ssrcc.exe [?]
S3 gagp440p;gAGP440p;

S3 lwadihid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [24/06/2008 8:01 PM 20864]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [26/01/2010 2:10 PM 359624]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ      getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2010-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-02 09:01]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]

2010-03-21 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-03-01 11:20]

2010-03-21 c:\windows\Tasks\Norton Security Scan for S Chung.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-03-02 09:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-VLC media player - k:\my computer\My Videos\VLC Media Player\VLC\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 16:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


c:\windows\system32\sys_drv.dat 9036 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 17984 bytes executable
c:\documents and settings\S Chung\Application Data\systemfl.$dk 990 bytes

scan completed successfully
hidden files: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]
"ImagePath"="System32\Drivers\atapi.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(876)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-03-24  16:27:42
ComboFix-quarantined-files.txt  2010-03-24 05:27
ComboFix2.txt  2010-02-25 07:51

Pre-Run: 13,737,954,816 bytes free
Post-Run: 13,862,326,272 bytes free

- - End Of File - - 103B9726A1F4ECD5CDE9533D4614239E

[Dr Jay]

That isn't much. Let's check out the HOSTS file. I think it is blocking the sites you cannot go to. (SuperAntiSpyware MBAM etc)

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



  IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

[Kerjifire]

http://www.getsysteminfo.com/read.php?file=209b3cdc36893b21932b2fb7be8c726f

btw for future GetSystemInfo's for other ppl, it auto uploads to Kaspersky GSI Parser

[Dr Jay]

Please download OTM
 

• Save it to your desktop.
  
• Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL   C (or, after highlighting, right-click and choose Copy):
  
  

Code: [Select]

:files
C:\WINDOWS\system32\caacedfedaadeca.dll
C:\WINDOWS\system32\DNT1.dll
C:\WINDOWS\system32\DNT2.dll
C:\WINDOWS\system32\DNT3.dll
C:\WINDOWS\system32\DNT4.dll
C:\WINDOWS\system32\OOD2KBS.exe
C:\WINDOWS\system32\ood2kmsg.dll
C:\WINDOWS\system32\OODCSPRO.dll

:commands
[purity]
[emptytemp]
[reboot]

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL   C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[Kerjifire]

All processes killed
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\caacedfedaadeca.dll
C:\WINDOWS\system32\caacedfedaadeca.dll moved successfully.
C:\WINDOWS\system32\DNT1.dll moved successfully.
C:\WINDOWS\system32\DNT2.dll moved successfully.
C:\WINDOWS\system32\DNT3.dll moved successfully.
C:\WINDOWS\system32\DNT4.dll moved successfully.
C:\WINDOWS\system32\OOD2KBS.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ood2kmsg.dll
C:\WINDOWS\system32\ood2kmsg.dll moved successfully.
C:\WINDOWS\system32\OODCSPRO.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: All Users.WINDOWS
 
User: CS Chung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297067 bytes
->Java cache emptied: 19431866 bytes
->FireFox cache emptied: 41971127 bytes
->Flash cache emptied: 4577 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 67015797 bytes
->Flash cache emptied: 1487 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService.NT AUTHORITY
->Temp folder emptied: 1984776 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 4360068 bytes
 
User: M Chung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297723 bytes
->Java cache emptied: 67034502 bytes
->FireFox cache emptied: 48346844 bytes
->Flash cache emptied: 40412 bytes
 
User: MSOCache
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 1985080 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes
 
User: S Chung
->Temp folder emptied: 1430880 bytes
->Temporary Internet Files folder emptied: 10899199 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58731322 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 9101 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 21466278 bytes
%systemroot%\System32 .tmp files removed: 5786641 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1040547 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33661 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 337.00 mb
 
 
OTM by OldTimer - Version 3.1.10.1 log created on 03252010_191021

Files moved on Reboot...
C:\Documents and Settings\S Chung\Local Settings\Temp\~DF4ED.tmp moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\XUL.mfl moved successfully.
File C:\WINDOWS\temp\ZLT0042f.TMP not found!

Registry entries deleted on Reboot...

[Dr Jay]

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

[Kerjifire]

it's taking a really long time =.=     aka. 5% after 30 mins

[Dr Jay]

Post the log when done.

[Kerjifire]

ok... it screws up. It ends up saying something like: No File. Windows has failed writing. i tried it 2 times

[Dr Jay]

Try a different one.

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
• Copy and paste that information in your next post.

[Kerjifire]

   KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, March 30, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, March 29, 2010 21:36:02
Records in database: 3898164
Scan settings
scan using the following database    extended
Scan archives    yes
Scan e-mail databases    yes
Scan area    My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Objects scanned    242308
Threats found    1
Infected objects found    2
Suspicious objects found    0
Scan duration    06:09:41

File name    Threat    Threats count
C:\Program Files\mIRC\mirc.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.g   1   
C:\Program Files\mIRC\mirc.exe.bak   Infected: not-a-virus:Client-IRC.Win32.mIRC.g   1   
Selected area has been scanned.


Took so long =.=