TechSpot

Cannot connect to search engines, other sites fine

Inactive
By idrizmiftari
Sep 17, 2011
  1. Helping a computer illiterate friend recover his PC from viruses (blind leading the blind). At first it wouldn't load windows but I ran a battery of removers and now the only issue is that all search engines cannot be accessed. What is strange is if I physically disconnect the line and reconnect I can access them, however resetting through ipconfig doesn't work.

    I ran Malwarebytes, sypbot, adware, nod32, AVG, hijackthis and Combofix. Also scanned with RKUnhooker but got to afraid to touch anything. Unfortunately time is not with me, I have logs of Malwarebytes, Gmer,DDS,Hijackthis and Combofix. With Combofix it stated AVG scanner is present even though I uninstalled it and used AppRemover but still shows the alert; however it seemed like it ran fine. Thank you tremendously in advance for your time and patience. As I write this post I am heading out to work, will be back in 6 hours.
     
  2. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    Malwarebytes log

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7692

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/16/2011 9:59:15 PM
    mbam-log-2011-09-16 (21-59-15).txt

    Scan type: Full scan (C:\|R:\|)
    Objects scanned: 294636
    Time elapsed: 59 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    Gmer Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-17 11:20:00
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
    Running: 2ezmo3cq.exe; Driver: C:\DOCUME~1\LTBABY~1\LOCALS~1\Temp\pgliqpoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:120] 8A65F0F9
    Thread System [4:376] 8A32CB90

    ---- EOF - GMER 1.0.15 ----
     
  4. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    DDS log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
    Run by LT BABY at 11:20:28 on 2011-09-17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1520 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzIyNDAyMDA5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=5188a9f4d2a647d1a4bad153e62412d6-f43308e76f07837a7ea13e9f5929462580b6ee3d
    IE: &AIM Toolbar Search
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://www.intranet.farmingdale.edu:8080/av/symantec/xp/webinst.cab
    TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
    TCP: Interfaces\{7BECE399-15C8-41A3-A5B8-C4E7B517799D} : DhcpNameServer = 192.168.1.1 68.237.161.12
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\lt baby\application data\mozilla\firefox\profiles\jgxkomdb.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\lt baby\application data\mozilla\plugins\npicaN.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-19 214024]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-19 54760]
    S2 McShield;McAfee Real-time Scanner; [x]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 McSysmon;McAfee SystemGuards; [x]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-19 79880]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-19 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-19 34216]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-19 40552]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
    .
    =============== Created Last 30 ================
    .
    2011-09-16 05:21:05 98816 ----a-w- c:\windows\sed.exe
    2011-09-16 05:21:05 518144 ----a-w- c:\windows\SWREG.exe
    2011-09-16 05:21:05 256000 ----a-w- c:\windows\PEV.exe
    2011-09-16 05:21:05 208896 ----a-w- c:\windows\MBR.exe
    2011-09-16 05:09:42 388096 ----a-r- c:\documents and settings\lt baby\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-09-16 05:09:41 -------- d-----w- c:\program files\Trend Micro
    2011-09-15 15:16:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-15 14:30:05 -------- d-sha-r- C:\cmdcons
    2011-09-15 05:44:52 -------- d-----r- c:\program files\Skype
    2011-09-15 05:15:10 -------- d-----w- c:\program files\iPod
    2011-09-15 05:12:44 -------- d-----w- c:\program files\Bonjour
    2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-09-15 05:07:18 -------- d-----w- c:\program files\Lavasoft
    2011-09-14 14:28:31 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-09-11 22:46:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-09-11 22:06:47 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-09-11 21:55:44 -------- d-----w- c:\windows\system32\winrm
    2011-09-11 21:55:44 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-09-11 21:55:40 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-09-11 17:32:25 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-09-11 17:32:25 -------- d-----w- c:\documents and settings\lt baby\application data\AVG2012
    2011-09-11 17:30:04 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-09-11 17:28:04 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-09-11 05:51:11 -------- d-----w- c:\documents and settings\lt baby\application data\Sakura
    2011-09-11 04:45:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-11 04:10:01 -------- d-----w- c:\documents and settings\lt baby\local settings\application data\ESET
    2011-09-11 01:33:26 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2011-09-11 01:32:15 -------- d-----w- c:\documents and settings\lt baby\application data\Malwarebytes
    2011-09-11 01:32:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-11 01:32:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-09-11 01:32:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-11 01:32:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-08 21:57:12 -------- d-----w- c:\documents and settings\all users\application data\mJ21101PpGeC21101
    2011-09-05 20:24:17 -------- d-----w- c:\documents and settings\lt baby\local settings\application data\Conduit
    2011-09-05 20:24:02 -------- d-----w- c:\documents and settings\lt baby\application data\GetRightToGo
    2011-09-05 01:37:05 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder
    2011-09-03 13:59:25 -------- d-----w- c:\documents and settings\lt baby\application data\Unity
    2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
    2011-09-03 04:55:56 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
    2011-09-03 04:51:10 -------- d-----w- c:\documents and settings\lt baby\local settings\application data\Unity
    2011-09-03 04:38:07 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc5AC.tmp
    2011-09-03 04:34:42 14744 ----a-w- c:\documents and settings\lt baby\application data\microsoft\identitycrl\production\ppcrlconfig.dll
    2011-08-26 22:21:30 42392 ----a-w- c:\windows\system32\xfcodec.dll
    .
    ==================== Find3M ====================
    .
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-19 06:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800JD-75MSA3 rev.10.01E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8A6EADE1]<<
    _asm { PUSH 0x8a669494; PUSH 0x0; PUSH 0x8a60dbd0; PUSH EAX; PUSH 0x8a6667d6; RET ; ADD [EAX+EAX], AL; ADD AL, [EAX]; INC EBX; ARPL [EDX+0x63], AX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6DFAB8]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A6E0B00]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    user != kernel MBR !!!
    sectors 156249998 (+255): user != kernel
    .
    ============= FINISH: 11:21:39.90 ===============
     
  5. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    Hijackthis log

    [HJT log removed by Broni]
     
  6. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    I still need Attach.txt part of DDS.
    Please provide that.

    Then...

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    tdsskiller log

    It seems that the search engines are working again, here is the tdsskiller log and the dds attach. I just noticed I created 2 identical threads thinking the first one disappeared into the ether of the internet. I apologize for the double posting and thank you tremendously for your help, my friend will be elated that his machine is working. Java has shutdown from an error since the reboot but other then that all looks beautiful.

    TDSSkiller log

    2011/09/17 16:37:54.0046 3316 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
    2011/09/17 16:37:54.0296 3316 ================================================================================
    2011/09/17 16:37:54.0296 3316 SystemInfo:
    2011/09/17 16:37:54.0296 3316
    2011/09/17 16:37:54.0296 3316 OS Version: 5.1.2600 ServicePack: 3.0
    2011/09/17 16:37:54.0296 3316 Product type: Workstation
    2011/09/17 16:37:54.0296 3316 ComputerName: COMPUTER
    2011/09/17 16:37:54.0296 3316 UserName: LT BABY
    2011/09/17 16:37:54.0296 3316 Windows directory: C:\WINDOWS
    2011/09/17 16:37:54.0296 3316 System windows directory: C:\WINDOWS
    2011/09/17 16:37:54.0296 3316 Processor architecture: Intel x86
    2011/09/17 16:37:54.0296 3316 Number of processors: 2
    2011/09/17 16:37:54.0296 3316 Page size: 0x1000
    2011/09/17 16:37:54.0296 3316 Boot type: Normal boot
    2011/09/17 16:37:54.0296 3316 ================================================================================
    2011/09/17 16:37:55.0843 3316 Initialize success
    2011/09/17 16:38:04.0140 3364 ================================================================================
    2011/09/17 16:38:04.0140 3364 Scan started
    2011/09/17 16:38:04.0140 3364 Mode: Manual;
    2011/09/17 16:38:04.0140 3364 ================================================================================
    2011/09/17 16:38:04.0765 3364 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/09/17 16:38:04.0812 3364 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/09/17 16:38:04.0828 3364 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
    2011/09/17 16:38:04.0828 3364 ACPI - detected Virus.Win32.Rloader.a (0)
    2011/09/17 16:38:04.0890 3364 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/09/17 16:38:04.0968 3364 ADIHdAudAddService (62afc64108bbdb8d3ca32aad559e5af1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    2011/09/17 16:38:05.0031 3364 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/09/17 16:38:05.0093 3364 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/09/17 16:38:05.0140 3364 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/09/17 16:38:05.0187 3364 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/09/17 16:38:05.0250 3364 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/09/17 16:38:05.0265 3364 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/09/17 16:38:05.0281 3364 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/09/17 16:38:05.0296 3364 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/09/17 16:38:05.0328 3364 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/09/17 16:38:05.0343 3364 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/09/17 16:38:05.0375 3364 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/09/17 16:38:05.0390 3364 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/09/17 16:38:05.0468 3364 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/09/17 16:38:05.0500 3364 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/09/17 16:38:05.0562 3364 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/09/17 16:38:05.0625 3364 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/09/17 16:38:05.0656 3364 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/09/17 16:38:05.0875 3364 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/09/17 16:38:05.0906 3364 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/09/17 16:38:05.0937 3364 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/09/17 16:38:06.0015 3364 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/09/17 16:38:06.0203 3364 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/09/17 16:38:06.0218 3364 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/09/17 16:38:06.0250 3364 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/09/17 16:38:06.0296 3364 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/09/17 16:38:06.0312 3364 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/09/17 16:38:06.0359 3364 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/09/17 16:38:06.0453 3364 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/09/17 16:38:06.0484 3364 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/09/17 16:38:06.0515 3364 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/09/17 16:38:06.0546 3364 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/09/17 16:38:06.0562 3364 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/09/17 16:38:06.0625 3364 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
    2011/09/17 16:38:06.0640 3364 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/09/17 16:38:06.0656 3364 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/09/17 16:38:06.0671 3364 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
    2011/09/17 16:38:06.0687 3364 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/09/17 16:38:06.0718 3364 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/09/17 16:38:06.0734 3364 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/09/17 16:38:06.0750 3364 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    2011/09/17 16:38:06.0843 3364 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/09/17 16:38:06.0875 3364 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/09/17 16:38:06.0984 3364 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/09/17 16:38:07.0031 3364 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/09/17 16:38:07.0046 3364 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/09/17 16:38:07.0093 3364 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/09/17 16:38:07.0125 3364 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/09/17 16:38:07.0171 3364 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/09/17 16:38:07.0203 3364 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/09/17 16:38:07.0234 3364 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/09/17 16:38:07.0296 3364 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/09/17 16:38:07.0359 3364 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/09/17 16:38:07.0406 3364 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/09/17 16:38:07.0421 3364 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/09/17 16:38:07.0484 3364 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/09/17 16:38:07.0515 3364 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/09/17 16:38:07.0578 3364 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    2011/09/17 16:38:07.0656 3364 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/09/17 16:38:07.0671 3364 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/09/17 16:38:07.0734 3364 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/09/17 16:38:07.0765 3364 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/09/17 16:38:07.0859 3364 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/09/17 16:38:07.0906 3364 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/09/17 16:38:08.0000 3364 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/09/17 16:38:08.0140 3364 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/09/17 16:38:08.0156 3364 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/09/17 16:38:08.0218 3364 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/09/17 16:38:08.0250 3364 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/09/17 16:38:08.0312 3364 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/09/17 16:38:08.0359 3364 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/09/17 16:38:08.0421 3364 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/09/17 16:38:08.0484 3364 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/09/17 16:38:08.0546 3364 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/09/17 16:38:08.0593 3364 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/09/17 16:38:08.0625 3364 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/09/17 16:38:08.0640 3364 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/09/17 16:38:08.0656 3364 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/09/17 16:38:08.0687 3364 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/09/17 16:38:08.0703 3364 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/09/17 16:38:08.0718 3364 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/09/17 16:38:08.0750 3364 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/09/17 16:38:08.0750 3364 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/09/17 16:38:08.0781 3364 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/09/17 16:38:08.0812 3364 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/09/17 16:38:08.0890 3364 mfeavfk (26653763d99ea717fc9e069f6be6771e) C:\WINDOWS\system32\drivers\mfeavfk.sys
    2011/09/17 16:38:08.0953 3364 mfebopk (e65ce1279f2c1fd9bd81184ceb7f5468) C:\WINDOWS\system32\drivers\mfebopk.sys
    2011/09/17 16:38:09.0000 3364 mfehidk (f817bfca67475cf04925ece4fcf9c3c0) C:\WINDOWS\system32\drivers\mfehidk.sys
    2011/09/17 16:38:09.0078 3364 mferkdk (fe03be0b990983a08a33389c00636175) C:\WINDOWS\system32\drivers\mferkdk.sys
    2011/09/17 16:38:09.0109 3364 mfesmfk (9c73aca963ad8883b9fc44b410e70b71) C:\WINDOWS\system32\drivers\mfesmfk.sys
    2011/09/17 16:38:09.0250 3364 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/09/17 16:38:09.0328 3364 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/09/17 16:38:09.0343 3364 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/09/17 16:38:09.0390 3364 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/09/17 16:38:09.0421 3364 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/09/17 16:38:09.0468 3364 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/09/17 16:38:09.0531 3364 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/09/17 16:38:09.0625 3364 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/09/17 16:38:09.0656 3364 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/09/17 16:38:09.0703 3364 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/09/17 16:38:09.0734 3364 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/09/17 16:38:09.0765 3364 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/09/17 16:38:09.0796 3364 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/09/17 16:38:09.0828 3364 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/09/17 16:38:09.0890 3364 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/09/17 16:38:09.0921 3364 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/09/17 16:38:10.0000 3364 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/09/17 16:38:10.0015 3364 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/09/17 16:38:10.0062 3364 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/09/17 16:38:10.0125 3364 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/09/17 16:38:10.0203 3364 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/09/17 16:38:10.0328 3364 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/09/17 16:38:10.0375 3364 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/09/17 16:38:10.0468 3364 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/09/17 16:38:10.0609 3364 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/09/17 16:38:10.0734 3364 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/09/17 16:38:10.0750 3364 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/09/17 16:38:10.0781 3364 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/09/17 16:38:10.0796 3364 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/09/17 16:38:10.0843 3364 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/09/17 16:38:10.0906 3364 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/09/17 16:38:10.0953 3364 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/09/17 16:38:11.0000 3364 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/09/17 16:38:11.0078 3364 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/09/17 16:38:11.0109 3364 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/09/17 16:38:11.0187 3364 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/09/17 16:38:11.0218 3364 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/09/17 16:38:11.0281 3364 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/09/17 16:38:11.0296 3364 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/09/17 16:38:11.0375 3364 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/09/17 16:38:11.0468 3364 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/09/17 16:38:11.0531 3364 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/09/17 16:38:11.0578 3364 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/09/17 16:38:11.0625 3364 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/09/17 16:38:11.0640 3364 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/09/17 16:38:11.0687 3364 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/09/17 16:38:11.0703 3364 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/09/17 16:38:11.0718 3364 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/09/17 16:38:11.0734 3364 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/09/17 16:38:11.0765 3364 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/09/17 16:38:11.0812 3364 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/09/17 16:38:11.0875 3364 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/09/17 16:38:11.0906 3364 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/09/17 16:38:11.0968 3364 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2011/09/17 16:38:11.0984 3364 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/09/17 16:38:12.0062 3364 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/09/17 16:38:12.0125 3364 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
    2011/09/17 16:38:12.0187 3364 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/09/17 16:38:12.0234 3364 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/09/17 16:38:12.0281 3364 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/09/17 16:38:12.0359 3364 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/09/17 16:38:12.0437 3364 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/09/17 16:38:12.0500 3364 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/09/17 16:38:12.0562 3364 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/09/17 16:38:12.0625 3364 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/09/17 16:38:12.0703 3364 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/09/17 16:38:12.0812 3364 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/09/17 16:38:12.0843 3364 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/09/17 16:38:12.0859 3364 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/09/17 16:38:12.0890 3364 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/09/17 16:38:12.0906 3364 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/09/17 16:38:12.0953 3364 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/09/17 16:38:13.0015 3364 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/09/17 16:38:13.0078 3364 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/09/17 16:38:13.0093 3364 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/09/17 16:38:13.0140 3364 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/09/17 16:38:13.0203 3364 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/09/17 16:38:13.0250 3364 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/09/17 16:38:13.0265 3364 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/09/17 16:38:13.0296 3364 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/09/17 16:38:13.0406 3364 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/09/17 16:38:13.0453 3364 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/09/17 16:38:13.0500 3364 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/09/17 16:38:13.0609 3364 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/09/17 16:38:13.0718 3364 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/09/17 16:38:13.0781 3364 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/09/17 16:38:13.0875 3364 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/09/17 16:38:13.0921 3364 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/09/17 16:38:13.0984 3364 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/09/17 16:38:14.0062 3364 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/09/17 16:38:14.0125 3364 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/09/17 16:38:14.0171 3364 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/09/17 16:38:14.0218 3364 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/09/17 16:38:14.0296 3364 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/09/17 16:38:14.0343 3364 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/09/17 16:38:14.0375 3364 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/09/17 16:38:14.0437 3364 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    2011/09/17 16:38:14.0578 3364 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    2011/09/17 16:38:14.0812 3364 Boot (0x1200) (1dfade4e81a1790eafffa2cbaba6b0c5) \Device\Harddisk0\DR0\Partition0
    2011/09/17 16:38:14.0812 3364 Boot (0x1200) (bee154c9218b047c8ca1d27b9090a59b) \Device\Harddisk1\DR1\Partition0
    2011/09/17 16:38:14.0812 3364 ================================================================================
    2011/09/17 16:38:14.0812 3364 Scan finished
    2011/09/17 16:38:14.0812 3364 ================================================================================
    2011/09/17 16:38:14.0828 3356 Detected object count: 1
    2011/09/17 16:38:14.0828 3356 Actual detected object count: 1
    2011/09/17 16:38:26.0781 3356 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/09/17 16:38:26.0781 3356 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
    2011/09/17 16:38:28.0046 3356 Backup copy found, using it..
    2011/09/17 16:38:28.0046 3356 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured after reboot
    2011/09/17 16:38:28.0046 3356 Virus.Win32.Rloader.a(ACPI) - User select action: Cure
    2011/09/17 16:38:34.0281 3312 Deinitialize success
     

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Good news :)

    I closed your other topic.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    Aswmbr and Combofix

    Here are the Aswmbr and combofix logs requested.

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-17 17:09:08
    -----------------------------
    17:09:08.656 OS Version: Windows 5.1.2600 Service Pack 3
    17:09:08.656 Number of processors: 2 586 0xF02
    17:09:08.656 ComputerName: COMPUTER UserName: LT BABY
    17:09:09.140 Initialize success
    17:09:38.781 AVAST engine defs: 11091701
    17:09:56.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    17:09:56.656 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
    17:09:56.656 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
    17:09:56.656 Disk 1 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
    17:09:58.687 Disk 0 MBR read successfully
    17:09:58.687 Disk 0 MBR scan
    17:09:58.718 Disk 0 Windows XP default MBR code
    17:09:58.718 Disk 0 scanning sectors +156232125
    17:09:58.796 Disk 0 scanning C:\WINDOWS\system32\drivers
    17:10:14.515 Service scanning
    17:10:15.812 Modules scanning
    17:10:36.218 Disk 0 trace - called modules:
    17:10:36.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    17:10:36.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a68eab8]
    17:10:36.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6c1d98]
    17:10:37.015 AVAST engine scan C:\WINDOWS
    17:11:07.546 AVAST engine scan C:\WINDOWS\system32
    17:13:10.437 AVAST engine scan C:\WINDOWS\system32\drivers
    17:13:27.343 AVAST engine scan C:\Documents and Settings\LT BABY
    17:14:54.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LT BABY\Desktop\MBR.dat"
    17:14:54.546 The log file has been saved successfully to "C:\Documents and Settings\LT BABY\Desktop\aswMBR.txt"
     
  10. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    Combofix

    ComboFix 11-09-17.03 - LT BABY 09/17/2011 17:17:08.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1628 [GMT -4:00]
    Running from: c:\documents and settings\LT BABY\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-17 to 2011-09-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-17 21:15 . 2011-09-17 21:15 -------- d-----w- C:\32788R22FWJFW
    2011-09-16 05:09 . 2011-09-16 05:09 388096 ----a-r- c:\documents and settings\LT BABY\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-16 05:09 . 2011-09-16 05:09 -------- d-----w- c:\program files\Trend Micro
    2011-09-15 15:16 . 2011-07-19 09:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-15 05:44 . 2011-09-15 05:44 -------- d-----r- c:\program files\Skype
    2011-09-15 05:15 . 2011-09-15 05:15 -------- d-----w- c:\program files\iPod
    2011-09-15 05:12 . 2011-09-15 05:12 -------- d-----w- c:\program files\Bonjour
    2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-09-15 05:11 . 2011-09-15 05:12 -------- d-----w- c:\program files\QuickTime
    2011-09-15 05:07 . 2011-09-15 05:07 -------- d-----w- c:\program files\Lavasoft
    2011-09-14 14:28 . 2011-09-14 14:28 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-09-14 14:26 . 2011-09-15 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2011-09-11 22:46 . 2011-09-14 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-09-11 22:06 . 2011-09-14 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-09-11 21:55 . 2011-09-11 21:55 -------- d-----w- c:\windows\system32\winrm
    2011-09-11 21:55 . 2011-09-11 21:55 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-09-11 21:55 . 2011-09-11 21:55 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-09-11 17:32 . 2011-09-11 17:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-09-11 17:32 . 2011-09-11 17:32 -------- d-----w- c:\documents and settings\LT BABY\Application Data\AVG2012
    2011-09-11 17:30 . 2011-09-11 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
    2011-09-11 17:28 . 2011-09-11 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-09-11 05:51 . 2011-09-11 05:51 -------- d-----w- c:\documents and settings\LT BABY\Application Data\Sakura
    2011-09-11 04:45 . 2011-09-11 04:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-11 04:10 . 2011-09-11 04:10 -------- d-----w- c:\documents and settings\LT BABY\Local Settings\Application Data\ESET
    2011-09-11 03:59 . 2011-09-11 03:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
    2011-09-11 03:04 . 2011-09-11 03:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2011-09-11 01:33 . 2011-09-11 05:55 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2011-09-11 01:32 . 2011-09-11 01:32 -------- d-----w- c:\documents and settings\LT BABY\Application Data\Malwarebytes
    2011-09-11 01:32 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-11 01:32 . 2011-09-11 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-09-11 01:32 . 2011-09-11 01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-11 01:32 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-11 01:04 . 2011-09-11 01:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-09-08 21:57 . 2011-09-11 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\mJ21101PpGeC21101
    2011-09-05 20:24 . 2011-09-11 00:25 -------- d-----w- c:\documents and settings\LT BABY\Local Settings\Application Data\Conduit
    2011-09-05 20:24 . 2011-09-05 20:25 -------- d-----w- c:\documents and settings\LT BABY\Application Data\GetRightToGo
    2011-09-05 01:37 . 2011-09-05 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder
    2011-09-03 13:59 . 2011-09-03 13:59 -------- d-----w- c:\documents and settings\LT BABY\Application Data\Unity
    2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
    2011-09-03 04:55 . 2011-09-03 04:55 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
    2011-09-03 04:51 . 2011-09-03 04:51 -------- d-----w- c:\documents and settings\LT BABY\Local Settings\Application Data\Unity
    2011-09-03 04:38 . 2011-09-03 04:38 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc5AC.tmp
    2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-17 20:39 . 2004-08-04 03:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
    2011-09-09 09:12 . 2004-08-11 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-19 06:40 . 2008-11-02 04:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-15 13:29 . 2004-08-11 21:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-08 14:02 . 2004-08-11 21:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-06-24 14:10 . 2004-08-11 21:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2004-08-11 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36 . 2004-08-11 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05 . 2004-08-11 21:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2004-08-11 21:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-09-03 06:01 . 2011-09-15 13:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-09-16_05.31.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-09-17 20:39 . 2011-09-17 20:39 16384 c:\windows\temp\Perflib_Perfdata_1b4.dat
    + 2004-08-11 21:00 . 2011-09-17 20:43 73636 c:\windows\system32\perfc009.dat
    - 2004-08-11 21:00 . 2011-09-03 05:07 73636 c:\windows\system32\perfc009.dat
    + 2004-08-11 21:00 . 2011-09-17 20:43 446540 c:\windows\system32\perfh009.dat
    - 2004-08-11 21:00 . 2011-09-03 05:07 446540 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzIyNDAyMDA5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1796&mid=5188a9f4d2a647d1a4bad153e62412d6-f43308e76f07837a7ea13e9f5929462580b6ee3d" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
    2004-02-19 09:23 61440 ----a-w- c:\dell\bldbubg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2006-07-21 20:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2006-10-20 21:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2006-05-01 12:07 843776 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 5:00 PM 14336]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 23548983
    *NewlyCreated* - ASWMBR
    *Deregistered* - 23548983
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
    .
    .
    ------- Supplementary Scan -------
    .
    mSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    IE: &AIM Toolbar Search
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
    DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://www.intranet.farmingdale.edu:8080/av/symantec/xp/webinst.cab
    FF - ProfilePath - c:\documents and settings\LT BABY\Application Data\Mozilla\Firefox\Profiles\jgxkomdb.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-23548983.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-17 17:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800JD-75MSA3 rev.10.01E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
    .
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user != kernel MBR !!!
    sectors 156249998 (+255): user != kernel
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3980)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-09-17 17:26:56
    ComboFix-quarantined-files.txt 2011-09-17 21:26
    ComboFix2.txt 2011-09-16 23:57
    ComboFix3.txt 2011-09-16 15:26
    ComboFix4.txt 2011-09-16 05:34
    .
    Pre-Run: 29,223,882,752 bytes free
    Post-Run: 29,299,036,160 bytes free
    .
    - - End Of File - - 621B21687A649A9C8B7B572A9C648809
     
  11. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
     
  12. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    OTL log

    No other issues seem to be arising, his computer seems to be clean as far as I know. Thank you very much for the help.

    OTL log:

    OTL logfile created on: 9/17/2011 6:04:45 PM - Run 1
    OTL by OldTimer - Version 3.2.29.0 Folder = C:\Documents and Settings\LT BABY\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 72.09% Memory free
    3.33 Gb Paging File | 3.02 Gb Available in Paging File | 90.59% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.45 Gb Total Space | 27.32 Gb Free Space | 36.70% Space Free | Partition Type: NTFS
    Drive R: | 74.45 Gb Total Space | 49.34 Gb Free Space | 66.27% Space Free | Partition Type: NTFS

    Computer Name: COMPUTER | User Name: LT BABY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/17 18:03:33 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT BABY\Desktop\OTL.exe
    PRC - [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/03 02:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
    SRV - File not found [Unknown | Stopped] -- -- (McShield)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2007/09/06 10:20:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2006/08/28 02:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070829


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070829
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51636

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070829
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51636

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]

    IE - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]
    IE - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/15 09:34:19 | 000,000,000 | ---D | M]

    [2011/09/15 01:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LT BABY\Application Data\Mozilla\Extensions
    [2010/06/01 16:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LT BABY\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/09/15 09:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LT BABY\Application Data\Mozilla\Firefox\Profiles\jgxkomdb.default\extensions
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\LT BABY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JGXKOMDB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    ========== Chrome - Experimental ==========

    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=ct2776682
    CHR - default_search_provider: suggest_url = http://search.conduit.com/
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gcswf32.dll
    CHR - plugin: Gamevance Textlinks Plugin (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/09/16 01:17:43 | 000,000,002 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzIyNDAyMDA5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=5188a9f4d2a647d1a4bad153e62412d6-f43308e76f07837a7ea13e9f5929462580b6ee3d File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &AIM Toolbar Search - Reg Error: Value error. File not found
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://www.intranet.farmingdale.edu:8080/av/symantec/xp/webinst.cab (WebBasedClientInstall Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BECE399-15C8-41A3-A5B8-C4E7B517799D}: DhcpNameServer = 192.168.1.1 68.237.161.12
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
    O20 - HKU\.DEFAULT Winlogon: Shell - (explorer.exe) - File not found
    O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - File not found
    O20 - HKU\S-1-5-18 Winlogon: Shell - (explorer.exe) - File not found
    O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - File not found
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\LT BABY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\LT BABY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
    O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
    O29 - HKLM SecurityProviders - (schannel.dll) - File not found
    O29 - HKLM SecurityProviders - (digest.dll) - File not found
    O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - wdmaud.drv File not found
    Drivers32: aux1 - wdmaud.drv File not found
    Drivers32: aux2 - wdmaud.drv File not found
    Drivers32: midi - wdmaud.drv File not found
    Drivers32: midi1 - wdmaud.drv File not found
    Drivers32: midi2 - wdmaud.drv File not found
    Drivers32: midimapper - midimap.dll File not found
    Drivers32: mixer - wdmaud.drv File not found
    Drivers32: mixer1 - wdmaud.drv File not found
    Drivers32: mixer2 - wdmaud.drv File not found
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - imaadp32.acm File not found
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - msadp32.acm File not found
    Drivers32: msacm.msaudio1 - msaud32.acm File not found
    Drivers32: msacm.msg711 - msg711.acm File not found
    Drivers32: msacm.msg723 - msg723.acm File not found
    Drivers32: msacm.msgsm610 - msgsm32.acm File not found
    Drivers32: msacm.siren - sirenacm.dll File not found
    Drivers32: msacm.sl_anet - sl_anet.acm File not found
    Drivers32: msacm.trspch - tssoft32.acm File not found
    Drivers32: msacm.vorbis - vorbis.acm File not found
    Drivers32: vidc.cvid - iccvid.dll File not found
    Drivers32: vidc.I420 - msh263.drv File not found
    Drivers32: vidc.iv31 - ir32_32.dll File not found
    Drivers32: vidc.iv32 - ir32_32.dll File not found
    Drivers32: vidc.iv41 - ir41_32.ax File not found
    Drivers32: vidc.iv50 - ir50_32.dll File not found
    Drivers32: vidc.iyuv - iyuv_32.dll File not found
    Drivers32: vidc.M261 - msh261.drv File not found
    Drivers32: vidc.M263 - msh263.drv File not found
    Drivers32: vidc.mrle - msrle32.dll File not found
    Drivers32: vidc.msvc - msvidc32.dll File not found
    Drivers32: vidc.uyvy - msyuv.dll File not found
    Drivers32: VIDC.XFR1 - xfcodec.dll File not found
    Drivers32: vidc.yuy2 - msyuv.dll File not found
    Drivers32: vidc.yvu9 - tsbyuv.dll File not found
    Drivers32: vidc.yvyu - msyuv.dll File not found
    Drivers32: wave - wdmaud.drv File not found
    Drivers32: wave1 - wdmaud.drv File not found
    Drivers32: wave2 - wdmaud.drv File not found
    Drivers32: wavemapper - msacm32.drv File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/17 18:03:33 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LT BABY\Desktop\OTL.exe
    [2011/09/17 17:15:55 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/09/17 17:15:33 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/09/17 17:08:51 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\LT BABY\Desktop\aswMBR.exe
    [2011/09/17 16:37:26 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LT BABY\Desktop\tdsskiller.exe
    [2011/09/17 11:20:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\dds.scr
    [2011/09/16 19:57:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/09/16 01:21:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/09/16 01:21:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/09/16 01:21:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/09/16 01:21:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/09/16 01:20:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/16 01:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/09/16 01:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Start Menu\Programs\HiJackThis
    [2011/09/16 00:56:18 | 004,214,248 | R--- | C] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\ComboFix.exe
    [2011/09/15 11:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/09/15 10:30:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/09/15 10:27:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/09/15 10:26:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LT BABY\Start Menu\Programs\Administrative Tools
    [2011/09/15 09:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/09/15 01:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2011/09/15 01:44:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2011/09/15 01:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/09/15 01:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/09/15 01:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/09/15 01:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/09/15 01:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/09/15 01:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011/09/14 10:28:31 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/09/14 10:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2011/09/11 18:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/09/11 18:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/09/11 17:55:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
    [2011/09/11 17:55:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2011/09/11 17:55:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2011/09/11 17:55:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
    [2011/09/11 13:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/09/11 13:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\AVG2012
    [2011/09/11 13:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/09/11 13:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/09/11 01:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\Sakura
    [2011/09/11 00:30:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LT BABY\Recent
    [2011/09/11 00:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\ESET
    [2011/09/10 23:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
    [2011/09/10 23:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2011/09/10 22:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2011/09/10 22:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2011/09/10 21:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Start Menu\Programs\Free Registry Cleaner
    [2011/09/10 21:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
    [2011/09/10 21:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\Malwarebytes
    [2011/09/10 21:32:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/09/10 21:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/10 21:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/09/10 21:32:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/09/10 21:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/09/10 21:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/09/10 21:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/09/08 17:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mJ21101PpGeC21101
    [2011/09/05 16:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\Conduit
    [2011/09/05 16:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\GetRightToGo
    [2011/09/04 21:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
    [2011/09/03 09:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\Unity
    [2011/09/03 00:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
    [2011/09/03 00:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\Unity

    ========== Files - Modified Within 30 Days ==========

    [2011/09/17 18:03:33 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT BABY\Desktop\OTL.exe
    [2011/09/17 17:15:19 | 004,214,248 | R--- | M] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\ComboFix.exe
    [2011/09/17 17:14:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\MBR.dat
    [2011/09/17 17:08:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LT BABY\Desktop\aswMBR.exe
    [2011/09/17 16:43:36 | 000,446,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/09/17 16:43:36 | 000,073,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/09/17 16:39:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/17 16:39:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/17 16:39:21 | 2136,588,288 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/17 16:37:28 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LT BABY\Desktop\tdsskiller.exe
    [2011/09/17 11:20:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\dds.scr
    [2011/09/17 11:18:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\2ezmo3cq.exe
    [2011/09/16 12:09:26 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\HiJackThis.lnk
    [2011/09/16 11:11:50 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\rkill.com
    [2011/09/16 01:17:43 | 000,000,002 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/09/16 00:57:01 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\RKUnhookerLE.EXE
    [2011/09/15 11:22:28 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/09/15 10:30:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/09/15 09:34:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\LT BABY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/09/15 09:34:22 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/09/15 01:16:02 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/09/15 01:11:59 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/09/15 00:59:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/09/14 10:28:31 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/09/14 10:18:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/09/14 06:15:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/09/11 18:44:07 | 000,000,302 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2011/09/11 16:32:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/09/11 01:21:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/09/08 17:57:01 | 000,001,180 | -HS- | M] () -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\o63enu3yd4f2q
    [2011/09/08 17:57:01 | 000,001,180 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\o63enu3yd4f2q
    [2011/08/26 18:21:30 | 000,042,392 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll

    ========== Files Created - No Company Name ==========

    [2011/09/17 17:14:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\MBR.dat
    [2011/09/17 11:18:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\2ezmo3cq.exe
    [2011/09/16 20:56:34 | 2136,588,288 | -HS- | C] () -- C:\hiberfil.sys
    [2011/09/16 11:11:49 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\rkill.com
    [2011/09/16 01:21:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/09/16 01:21:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/09/16 01:21:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/09/16 01:21:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/09/16 01:21:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/09/16 01:09:42 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\HiJackThis.lnk
    [2011/09/16 00:57:01 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\RKUnhookerLE.EXE
    [2011/09/15 10:30:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/09/15 10:30:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/09/15 09:34:22 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LT BABY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/09/15 09:34:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/09/15 09:34:22 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/09/15 01:16:02 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/09/15 01:11:59 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/09/11 17:54:04 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
    [2011/09/08 17:57:01 | 000,001,180 | -HS- | C] () -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\o63enu3yd4f2q
    [2011/09/08 17:57:01 | 000,001,180 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o63enu3yd4f2q
    [2011/08/26 18:21:30 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/18 12:45:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/05/14 08:15:18 | 000,044,748 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/01/09 12:57:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/07/19 15:31:08 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/07/19 02:32:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/06/11 23:03:21 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/01/11 13:03:28 | 000,011,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\widijeve
    [2008/12/13 10:56:39 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson640.ini
    [2008/12/13 10:56:31 | 000,051,712 | ---- | C] () -- C:\WINDOWS\RUNEPSON.EXE
    [2008/11/02 17:55:17 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/09/06 10:39:38 | 000,000,227 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2007/09/06 10:00:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007/08/29 08:09:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/08/29 08:03:33 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
    [2007/08/29 08:03:33 | 000,000,302 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/08/29 07:42:18 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2007/08/29 07:42:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
    [2007/08/29 07:42:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
    [2007/08/29 07:41:22 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/11 17:06:43 | 000,219,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/11 17:00:28 | 000,446,540 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/11 17:00:28 | 000,073,636 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
     
  13. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    OTL log part 2

    ========== LOP Check ==========

    [2009/08/28 00:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Research In Motion
    [2011/02/26 10:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\imeshbandmltbpi
    [2011/02/11 19:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\391C5
    [2011/09/14 10:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/09/11 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2009/07/26 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bazoveza
    [2009/05/09 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\befuvanu
    [2009/05/09 16:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bewihafe
    [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bofofevu
    [2011/09/11 13:32:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dapavama
    [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\darunuwe
    [2009/05/09 16:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\darususi
    [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\denufudu
    [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\donojawi
    [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fedeyipu
    [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fenobeko
    [2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firugoti
    [2009/05/22 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fivipute
    [2009/05/09 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fosadite
    [2009/05/09 16:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fusigoka
    [2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fuzowezo
    [2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\garazuha
    [2009/05/09 16:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\geligehu
    [2009/05/09 16:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gihoyojo
    [2009/05/09 16:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gohifodi
    [2009/05/09 11:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gomuzidi
    [2009/07/26 18:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\guhiziho
    [2009/05/09 16:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hekazezi
    [2009/05/21 00:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hekeyapi
    [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hivunote
    [2009/05/09 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hutikovu
    [2009/05/09 16:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\janifedu
    [2009/05/09 16:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\javinete
    [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jefaduku
    [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jezemimu
    [2009/05/09 16:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jomotewa
    [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\juposeno
    [2009/05/09 16:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jutizowi
    [2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kewevuro
    [2009/05/09 16:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kewowupa
    [2009/05/09 16:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kimuremo
    [2009/05/22 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kivigoru
    [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kiyajeru
    [2009/05/09 16:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kubidima
    [2009/05/09 16:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kujonuva
    [2009/05/09 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kuvimulo
    [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lepekisu
    [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lezaromo
    [2009/05/09 16:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\litikusi
    [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\malaruwo
    [2009/05/09 16:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\matizava
    [2010/01/09 11:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [2011/09/11 16:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/09/10 23:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mJ21101PpGeC21101
    [2009/05/24 18:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muhoyawa
    [2009/07/26 18:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\namiviko
    [2009/05/09 16:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nawonane
    [2009/07/26 18:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\netojeke
    [2009/05/09 16:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nevorefa
    [2009/05/09 16:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nifodiyu
    [2009/05/09 16:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nijetiyi
    [2009/05/09 16:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nimidiki
    [2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\norefose
    [2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\novusina
    [2009/06/11 21:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nutuhunu
    [2009/05/16 20:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nuwuzeku
    [2009/06/09 23:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\papororo
    [2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\patayaru
    [2009/05/09 16:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pawovuda
    [2009/05/09 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\peheliba
    [2009/05/09 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pehirema
    [2009/05/09 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\peroruvo
    [2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pogewaso
    [2009/05/09 16:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rakedega
    [2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ramuzovi
    [2009/06/11 21:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ravezula
    [2009/07/26 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ravufuge
    [2009/05/09 16:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\resemuzu
    [2009/05/09 16:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\robejaku
    [2009/05/09 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ruhegozi
    [2009/07/26 18:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\satukivu
    [2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sihosido
    [2009/07/26 18:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\siwelehu
    [2009/05/09 16:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sohibesi
    [2009/06/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sugemeha
    [2011/09/10 23:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/05/09 16:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tevaziva
    [2011/09/11 00:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tiwedihu
    [2009/05/09 16:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tomavita
    [2009/06/06 09:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\toyoyavi
    [2009/05/09 16:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vegozadi
    [2011/09/10 23:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vonibusa
    [2009/05/09 16:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vozafiwu
    [2011/09/10 23:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vumehijo
    [2009/06/08 01:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vuzofafu
    [2009/06/09 00:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wamejawe
    [2009/05/09 16:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wazuloro
    [2011/09/04 21:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
    [2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wekavube
    [2009/05/28 23:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wenihubi
    [2009/05/09 16:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wepejapu
    [2009/05/24 18:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wolizapa
    [2009/05/09 16:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wotuzapi
    [2009/05/18 23:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuduzuli
    [2009/05/09 16:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuniferi
    [2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuyojogi
    [2009/05/09 16:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yabohoyu
    [2009/05/09 16:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yinerodu
    [2011/09/11 00:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yubihimo
    [2009/05/09 16:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yujawohu
    [2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yupabuse
    [2011/09/10 18:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zapujevu
    [2009/05/09 16:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zarebeba
    [2009/06/11 23:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zuhuyaba
    [2009/05/09 16:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zujopuhe
    [2010/12/07 20:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/13 22:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/08/05 20:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2009/08/28 00:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\acccore
    [2011/09/11 13:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\AVG2012
    [2011/09/11 00:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\FrostWire
    [2011/09/05 16:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\GetRightToGo
    [2009/04/11 16:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\ICAClient
    [2011/04/22 08:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\id Software
    [2011/01/22 20:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\imeshbandmltbpi
    [2011/02/18 16:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\LimeWire
    [2011/01/09 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\mediabarim
    [2011/02/07 19:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\ooVoo Details
    [2011/09/04 21:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\OpenCandy
    [2009/07/19 16:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\Research In Motion
    [2011/09/11 01:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\Sakura
    [2011/09/03 09:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\Unity
    [2011/08/04 12:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\vmntemplate
    [2009/08/12 19:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\Watchtower
    [2008/12/13 10:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/10/14 23:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\ICAClient
    [2011/02/24 23:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\imeshbandmltbpi
    [2011/01/14 01:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\mediabarim
    [2009/08/12 10:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\Watchtower

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/09/15 09:52:31 | 000,000,360 | ---- | M] () -- C:\aaw7boot.log
    [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/09/11 16:32:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/09/15 10:30:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/08/29 07:43:04 | 000,005,829 | RH-- | M] () -- C:\dell.sdr
    [2011/09/17 16:39:21 | 2136,588,288 | -HS- | M] () -- C:\hiberfil.sys
    [2007/09/06 10:03:41 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2011/02/13 22:22:07 | 000,001,094 | -H-- | M] () -- C:\IPH.PH
    [2011/09/15 11:17:51 | 000,025,877 | ---- | M] () -- C:\JavaRa.log
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/05/09 11:34:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/09/17 16:39:20 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 17:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/05/09 11:40:06 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/05/16 20:09:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\LT BABY\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/11 17:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\LT BABY\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/17 11:18:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\2ezmo3cq.exe
    [2011/09/17 17:08:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LT BABY\Desktop\aswMBR.exe
    [2011/09/17 17:15:19 | 004,214,248 | R--- | M] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\ComboFix.exe
    [2011/09/17 18:03:33 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT BABY\Desktop\OTL.exe
    [2011/09/16 00:57:01 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\RKUnhookerLE.EXE
    [2011/09/17 16:37:28 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LT BABY\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/05/16 20:09:08 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\LT BABY\Favorites\Desktop.ini
    [2011/09/15 00:46:48 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\LT BABY\Favorites\My Music.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/08/14 12:43:51 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/09/17 17:28:40 | 000,458,752 | ---- | M] () -- C:\Documents and Settings\LT BABY\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    < End of report >
     
  14. idrizmiftari

    idrizmiftari TS Rookie Topic Starter

    OTL extras log

    OTL Extras logfile created on: 9/17/2011 6:04:45 PM - Run 1
    OTL by OldTimer - Version 3.2.29.0 Folder = C:\Documents and Settings\LT BABY\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 72.09% Memory free
    3.33 Gb Paging File | 3.02 Gb Available in Paging File | 90.59% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.45 Gb Total Space | 27.32 Gb Free Space | 36.70% Space Free | Partition Type: NTFS
    Drive R: | 74.45 Gb Total Space | 49.34 Gb Free Space | 66.27% Space Free | Partition Type: NTFS

    Computer Name: COMPUTER | User Name: LT BABY | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .reg [@ = regfile] -- regedit.exe "%1"

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 27
    "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
    "{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "BASICR" = Microsoft Office Basic 2007
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "OPERATION7" = OPERATION7
    "Sakura" = Sakura
    "SMALLBUSINESSR" = Microsoft Office Small Business 2007
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xfire" = Xfire (remove only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/10/2011 11:50:19 AM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 9/10/2011 6:37:04 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711726
    Description =

    Error - 9/10/2011 6:37:10 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711731
    Description =

    Error - 9/10/2011 6:56:18 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711726
    Description =

    Error - 9/10/2011 6:57:38 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711731
    Description =

    Error - 9/10/2011 6:57:47 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711726
    Description =

    Error - 9/10/2011 6:57:48 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711731
    Description =

    Error - 9/10/2011 6:58:14 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711726
    Description =

    Error - 9/17/2011 4:34:34 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

    Error - 9/17/2011 4:44:32 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

    [ System Events ]
    Error - 9/16/2011 7:39:19 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

    Error - 9/16/2011 7:39:40 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 9/16/2011 7:41:03 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 9/16/2011 8:20:43 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 9/16/2011 8:55:49 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 9/16/2011 8:56:39 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
    Description = The McAfee Real-time Scanner service failed to start due to the following
    error: %%3

    Error - 9/17/2011 11:06:36 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
    Description = The McAfee Real-time Scanner service failed to start due to the following
    error: %%3

    Error - 9/17/2011 4:29:29 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
    Description = The McAfee Real-time Scanner service failed to start due to the following
    error: %%3

    Error - 9/17/2011 4:39:33 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
    Description = The McAfee Real-time Scanner service failed to start due to the following
    error: %%3

    Error - 9/17/2011 4:39:33 PM | Computer Name = COMPUTER | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
    the volume.


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    You can reinstall AVG at any time now.

    You have some McAfee leftovers.
    Run this tool to remove them: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
      SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
      SRV - File not found [Unknown | Stopped] -- -- (McShield)
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51636
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51636
      O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKLM..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzIyNDA yMDA5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0. 1796"&"mid=5188a9f4d2a647d1a4bad153e62412d6-f43308e76f07837a7ea13e9f5929462580b6ee3d File not found
      O8 - Extra context menu item: &AIM Toolbar Search - Reg Error: Value error. File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
      [2011/09/08 17:57:01 | 000,001,180 | -HS- | M] () -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\o63enu3yd4f2q
      [2011/09/08 17:57:01 | 000,001,180 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\o63enu3yd4f2q
      [2009/01/11 13:03:28 | 000,011,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\widijeve
      [2011/02/11 19:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\391C5
      [2011/09/14 10:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
      [2009/07/26 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bazoveza
      [2009/05/09 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\befuvanu
      [2009/05/09 16:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bewihafe
      [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bofofevu
      [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dapavama
      [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\darunuwe
      [2009/05/09 16:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\darususi
      [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\denufudu
      [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\donojawi
      [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fedeyipu
      [2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fenobeko
      [2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firugoti
      [2009/05/22 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fivipute
      [2009/05/09 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fosadite
      [2009/05/09 16:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fusigoka
      [2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fuzowezo
      [2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\garazuha
      [2009/05/09 16:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\geligehu
      [2009/05/09 16:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gihoyojo
      [2009/05/09 16:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gohifodi
      [2009/05/09 11:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gomuzidi
      [2009/07/26 18:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\guhiziho
      [2009/05/09 16:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hekazezi
      [2009/05/21 00:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hekeyapi
      [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hivunote
      [2009/05/09 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hutikovu
      [2009/05/09 16:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\janifedu
      [2009/05/09 16:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\javinete
      [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jefaduku
      [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jezemimu
      [2009/05/09 16:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jomotewa
      [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\juposeno
      [2009/05/09 16:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jutizowi
      [2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kewevuro
      [2009/05/09 16:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kewowupa
      [2009/05/09 16:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kimuremo
      [2009/05/22 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kivigoru
      [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kiyajeru
      [2009/05/09 16:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kubidima
      [2009/05/09 16:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kujonuva
      [2009/05/09 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kuvimulo
      [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lepekisu
      [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lezaromo
      [2009/05/09 16:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\litikusi
      [2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\malaruwo
      [2009/05/09 16:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\matizava
      [2011/09/10 23:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mJ21101PpGeC21101
      [2009/05/24 18:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muhoyawa
      [2009/07/26 18:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\namiviko
      [2009/05/09 16:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nawonane
      [2009/07/26 18:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\netojeke
      [2009/05/09 16:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nevorefa
      [2009/05/09 16:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nifodiyu
      [2009/05/09 16:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nijetiyi
      [2009/05/09 16:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nimidiki
      [2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\norefose
      [2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\novusina
      [2009/06/11 21:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nutuhunu
      [2009/05/16 20:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nuwuzeku
      [2009/06/09 23:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\papororo
      [2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\patayaru
      [2009/05/09 16:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pawovuda
      [2009/05/09 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\peheliba
      [2009/05/09 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pehirema
      [2009/05/09 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\peroruvo
      [2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pogewaso
      [2009/05/09 16:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rakedega
      [2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ramuzovi
      [2009/06/11 21:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ravezula
      [2009/07/26 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ravufuge
      [2009/05/09 16:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\resemuzu
      [2009/05/09 16:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\robejaku
      [2009/05/09 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ruhegozi
      [2009/07/26 18:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\satukivu
      [2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sihosido
      [2009/07/26 18:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\siwelehu
      [2009/05/09 16:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sohibesi
      [2009/06/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sugemeha
      [2009/05/09 16:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tevaziva
      [2011/09/11 00:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tiwedihu
      [2009/05/09 16:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tomavita
      [2009/06/06 09:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\toyoyavi
      [2009/05/09 16:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vegozadi
      [2011/09/10 23:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vonibusa
      [2009/05/09 16:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vozafiwu
      [2011/09/10 23:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vumehijo
      [2009/06/08 01:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vuzofafu
      [2009/06/09 00:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wamejawe
      [2009/05/09 16:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wazuloro
      [2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wekavube
      [2009/05/28 23:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wenihubi
      [2009/05/09 16:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wepejapu
      [2009/05/24 18:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wolizapa
      [2009/05/09 16:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wotuzapi
      [2009/05/18 23:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuduzuli
      [2009/05/09 16:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuniferi
      [2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuyojogi
      [2009/05/09 16:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yabohoyu
      [2009/05/09 16:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yinerodu
      [2011/09/11 00:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yubihimo
      [2009/05/09 16:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yujawohu
      [2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yupabuse
      [2011/09/10 18:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zapujevu
      [2009/05/09 16:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zarebeba
      [2009/06/11 23:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zuhuyaba
      [2009/05/09 16:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zujopuhe
      @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Still with me?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.