Cannot connect to search engines, other sites fine

idrizmiftari · Sep 17, 2011

Helping a computer illiterate friend recover his PC from viruses (blind leading the blind). At first it wouldn't load windows but I ran a battery of removers and now the only issue is that all search engines cannot be accessed. What is strange is if I physically disconnect the line and reconnect I can access them, however resetting through ipconfig doesn't work.

I ran Malwarebytes, sypbot, adware, nod32, AVG, hijackthis and Combofix. Also scanned with RKUnhooker but got to afraid to touch anything. Unfortunately time is not with me, I have logs of Malwarebytes, Gmer,DDS,Hijackthis and Combofix. With Combofix it stated AVG scanner is present even though I uninstalled it and used AppRemover but still shows the alert; however it seemed like it ran fine. Thank you tremendously in advance for your time and patience. As I write this post I am heading out to work, will be back in 6 hours.

idrizmiftari · Sep 17, 2011

Malwarebytes log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7692

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/16/2011 9:59:15 PM
mbam-log-2011-09-16 (21-59-15).txt

Scan type: Full scan (C:\|R:\|)
Objects scanned: 294636
Time elapsed: 59 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

idrizmiftari · Sep 17, 2011

Gmer Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-17 11:20:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
Running: 2ezmo3cq.exe; Driver: C:\DOCUME~1\LTBABY~1\LOCALS~1\Temp\pgliqpoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:120] 8A65F0F9
Thread System [4:376] 8A32CB90

---- EOF - GMER 1.0.15 ----

idrizmiftari · Sep 17, 2011

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by LT BABY at 11:20:28 on 2011-09-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1520 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzIyNDAyMDA5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=5188a9f4d2a647d1a4bad153e62412d6-f43308e76f07837a7ea13e9f5929462580b6ee3d
IE: &AIM Toolbar Search
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://www.intranet.farmingdale.edu:8080/av/symantec/xp/webinst.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{7BECE399-15C8-41A3-A5B8-C4E7B517799D} : DhcpNameServer = 192.168.1.1 68.237.161.12
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lt baby\application data\mozilla\firefox\profiles\jgxkomdb.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\lt baby\application data\mozilla\plugins\npicaN.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-19 214024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-19 54760]
S2 McShield;McAfee Real-time Scanner; [x]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 McSysmon;McAfee SystemGuards; [x]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-19 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-19 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-19 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-19 40552]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
.
=============== Created Last 30 ================
.
2011-09-16 05:21:05 98816 ----a-w- c:\windows\sed.exe
2011-09-16 05:21:05 518144 ----a-w- c:\windows\SWREG.exe
2011-09-16 05:21:05 256000 ----a-w- c:\windows\PEV.exe
2011-09-16 05:21:05 208896 ----a-w- c:\windows\MBR.exe
2011-09-16 05:09:42 388096 ----a-r- c:\documents and settings\lt baby\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-16 05:09:41 -------- d-----w- c:\program files\Trend Micro
2011-09-15 15:16:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-15 14:30:05 -------- d-sha-r- C:\cmdcons
2011-09-15 05:44:52 -------- d-----r- c:\program files\Skype
2011-09-15 05:15:10 -------- d-----w- c:\program files\iPod
2011-09-15 05:12:44 -------- d-----w- c:\program files\Bonjour
2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-09-15 05:12:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-09-15 05:07:18 -------- d-----w- c:\program files\Lavasoft
2011-09-14 14:28:31 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-11 22:46:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-09-11 22:06:47 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-11 21:55:44 -------- d-----w- c:\windows\system32\winrm
2011-09-11 21:55:44 -------- d-----w- c:\windows\system32\GroupPolicy
2011-09-11 21:55:40 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-09-11 17:32:25 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-11 17:32:25 -------- d-----w- c:\documents and settings\lt baby\application data\AVG2012
2011-09-11 17:30:04 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-11 17:28:04 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-11 05:51:11 -------- d-----w- c:\documents and settings\lt baby\application data\Sakura
2011-09-11 04:45:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-11 04:10:01 -------- d-----w- c:\documents and settings\lt baby\local settings\application data\ESET
2011-09-11 01:33:26 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-09-11 01:32:15 -------- d-----w- c:\documents and settings\lt baby\application data\Malwarebytes
2011-09-11 01:32:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-11 01:32:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-11 01:32:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 01:32:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-08 21:57:12 -------- d-----w- c:\documents and settings\all users\application data\mJ21101PpGeC21101
2011-09-05 20:24:17 -------- d-----w- c:\documents and settings\lt baby\local settings\application data\Conduit
2011-09-05 20:24:02 -------- d-----w- c:\documents and settings\lt baby\application data\GetRightToGo
2011-09-05 01:37:05 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder
2011-09-03 13:59:25 -------- d-----w- c:\documents and settings\lt baby\application data\Unity
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-09-03 04:55:56 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2011-09-03 04:51:10 -------- d-----w- c:\documents and settings\lt baby\local settings\application data\Unity
2011-09-03 04:38:07 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc5AC.tmp
2011-09-03 04:34:42 14744 ----a-w- c:\documents and settings\lt baby\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2011-08-26 22:21:30 42392 ----a-w- c:\windows\system32\xfcodec.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-19 06:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800JD-75MSA3 rev.10.01E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8A6EADE1]<<
_asm { PUSH 0x8a669494; PUSH 0x0; PUSH 0x8a60dbd0; PUSH EAX; PUSH 0x8a6667d6; RET ; ADD [EAX+EAX], AL; ADD AL, [EAX]; INC EBX; ARPL [EDX+0x63], AX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6DFAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A6E0B00]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 156249998 (+255): user != kernel
.
============= FINISH: 11:21:39.90 ===============

idrizmiftari · Sep 17, 2011

Hijackthis log

[HJT log removed by Broni]

Broni · Sep 17, 2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

I still need Attach.txt part of DDS.
Please provide that.

Then...

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

idrizmiftari · Sep 17, 2011

tdsskiller log

It seems that the search engines are working again, here is the tdsskiller log and the dds attach. I just noticed I created 2 identical threads thinking the first one disappeared into the ether of the internet. I apologize for the double posting and thank you tremendously for your help, my friend will be elated that his machine is working. Java has shutdown from an error since the reboot but other then that all looks beautiful.

TDSSkiller log

2011/09/17 16:37:54.0046 3316 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/17 16:37:54.0296 3316 ================================================================================
2011/09/17 16:37:54.0296 3316 SystemInfo:
2011/09/17 16:37:54.0296 3316
2011/09/17 16:37:54.0296 3316 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/17 16:37:54.0296 3316 Product type: Workstation
2011/09/17 16:37:54.0296 3316 ComputerName: COMPUTER
2011/09/17 16:37:54.0296 3316 UserName: LT BABY
2011/09/17 16:37:54.0296 3316 Windows directory: C:\WINDOWS
2011/09/17 16:37:54.0296 3316 System windows directory: C:\WINDOWS
2011/09/17 16:37:54.0296 3316 Processor architecture: Intel x86
2011/09/17 16:37:54.0296 3316 Number of processors: 2
2011/09/17 16:37:54.0296 3316 Page size: 0x1000
2011/09/17 16:37:54.0296 3316 Boot type: Normal boot
2011/09/17 16:37:54.0296 3316 ================================================================================
2011/09/17 16:37:55.0843 3316 Initialize success
2011/09/17 16:38:04.0140 3364 ================================================================================
2011/09/17 16:38:04.0140 3364 Scan started
2011/09/17 16:38:04.0140 3364 Mode: Manual;
2011/09/17 16:38:04.0140 3364 ================================================================================
2011/09/17 16:38:04.0765 3364 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/17 16:38:04.0812 3364 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/17 16:38:04.0828 3364 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
2011/09/17 16:38:04.0828 3364 ACPI - detected Virus.Win32.Rloader.a (0)
2011/09/17 16:38:04.0890 3364 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/17 16:38:04.0968 3364 ADIHdAudAddService (62afc64108bbdb8d3ca32aad559e5af1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/09/17 16:38:05.0031 3364 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/17 16:38:05.0093 3364 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/17 16:38:05.0140 3364 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/17 16:38:05.0187 3364 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/17 16:38:05.0250 3364 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/17 16:38:05.0265 3364 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/17 16:38:05.0281 3364 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/17 16:38:05.0296 3364 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/17 16:38:05.0328 3364 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/17 16:38:05.0343 3364 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/17 16:38:05.0375 3364 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/17 16:38:05.0390 3364 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/17 16:38:05.0468 3364 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/17 16:38:05.0500 3364 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/17 16:38:05.0562 3364 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/17 16:38:05.0625 3364 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/17 16:38:05.0656 3364 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/17 16:38:05.0875 3364 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/17 16:38:05.0906 3364 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/17 16:38:05.0937 3364 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/09/17 16:38:06.0015 3364 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/17 16:38:06.0203 3364 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/17 16:38:06.0218 3364 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/17 16:38:06.0250 3364 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/17 16:38:06.0296 3364 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/17 16:38:06.0312 3364 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/17 16:38:06.0359 3364 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/17 16:38:06.0453 3364 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/17 16:38:06.0484 3364 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/17 16:38:06.0515 3364 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/17 16:38:06.0546 3364 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/17 16:38:06.0562 3364 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/17 16:38:06.0625 3364 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/09/17 16:38:06.0640 3364 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/09/17 16:38:06.0656 3364 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/09/17 16:38:06.0671 3364 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/09/17 16:38:06.0687 3364 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/09/17 16:38:06.0718 3364 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/09/17 16:38:06.0734 3364 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/09/17 16:38:06.0750 3364 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/09/17 16:38:06.0843 3364 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/09/17 16:38:06.0875 3364 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/09/17 16:38:06.0984 3364 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/17 16:38:07.0031 3364 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/17 16:38:07.0046 3364 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/17 16:38:07.0093 3364 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/17 16:38:07.0125 3364 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/17 16:38:07.0171 3364 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/17 16:38:07.0203 3364 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/09/17 16:38:07.0234 3364 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/09/17 16:38:07.0296 3364 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/17 16:38:07.0359 3364 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/17 16:38:07.0406 3364 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/17 16:38:07.0421 3364 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/17 16:38:07.0484 3364 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/17 16:38:07.0515 3364 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/17 16:38:07.0578 3364 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/09/17 16:38:07.0656 3364 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/17 16:38:07.0671 3364 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/17 16:38:07.0734 3364 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/17 16:38:07.0765 3364 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/17 16:38:07.0859 3364 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/17 16:38:07.0906 3364 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/17 16:38:08.0000 3364 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/17 16:38:08.0140 3364 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/17 16:38:08.0156 3364 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/17 16:38:08.0218 3364 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/17 16:38:08.0250 3364 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/17 16:38:08.0312 3364 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/17 16:38:08.0359 3364 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/17 16:38:08.0421 3364 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/17 16:38:08.0484 3364 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/17 16:38:08.0546 3364 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/17 16:38:08.0593 3364 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/17 16:38:08.0625 3364 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/17 16:38:08.0640 3364 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/17 16:38:08.0656 3364 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/17 16:38:08.0687 3364 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/17 16:38:08.0703 3364 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/17 16:38:08.0718 3364 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/17 16:38:08.0750 3364 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/17 16:38:08.0750 3364 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/17 16:38:08.0781 3364 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/17 16:38:08.0812 3364 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/17 16:38:08.0890 3364 mfeavfk (26653763d99ea717fc9e069f6be6771e) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/09/17 16:38:08.0953 3364 mfebopk (e65ce1279f2c1fd9bd81184ceb7f5468) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/09/17 16:38:09.0000 3364 mfehidk (f817bfca67475cf04925ece4fcf9c3c0) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/09/17 16:38:09.0078 3364 mferkdk (fe03be0b990983a08a33389c00636175) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/09/17 16:38:09.0109 3364 mfesmfk (9c73aca963ad8883b9fc44b410e70b71) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/09/17 16:38:09.0250 3364 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/17 16:38:09.0328 3364 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/17 16:38:09.0343 3364 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/17 16:38:09.0390 3364 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/17 16:38:09.0421 3364 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/17 16:38:09.0468 3364 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/17 16:38:09.0531 3364 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/17 16:38:09.0625 3364 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/17 16:38:09.0656 3364 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/17 16:38:09.0703 3364 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/17 16:38:09.0734 3364 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/17 16:38:09.0765 3364 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/17 16:38:09.0796 3364 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/17 16:38:09.0828 3364 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/17 16:38:09.0890 3364 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/17 16:38:09.0921 3364 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/17 16:38:10.0000 3364 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/17 16:38:10.0015 3364 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/17 16:38:10.0062 3364 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/17 16:38:10.0125 3364 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/17 16:38:10.0203 3364 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/17 16:38:10.0328 3364 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/17 16:38:10.0375 3364 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/17 16:38:10.0468 3364 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/17 16:38:10.0609 3364 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/17 16:38:10.0734 3364 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/17 16:38:10.0750 3364 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/17 16:38:10.0781 3364 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/17 16:38:10.0796 3364 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/17 16:38:10.0843 3364 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/17 16:38:10.0906 3364 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/17 16:38:10.0953 3364 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/17 16:38:11.0000 3364 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/17 16:38:11.0078 3364 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/17 16:38:11.0109 3364 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/17 16:38:11.0187 3364 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/17 16:38:11.0218 3364 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/17 16:38:11.0281 3364 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/17 16:38:11.0296 3364 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/17 16:38:11.0375 3364 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/17 16:38:11.0468 3364 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/17 16:38:11.0531 3364 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/17 16:38:11.0578 3364 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/17 16:38:11.0625 3364 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/17 16:38:11.0640 3364 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/17 16:38:11.0687 3364 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/17 16:38:11.0703 3364 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/17 16:38:11.0718 3364 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/17 16:38:11.0734 3364 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/17 16:38:11.0765 3364 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/17 16:38:11.0812 3364 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/17 16:38:11.0875 3364 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/17 16:38:11.0906 3364 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/17 16:38:11.0968 3364 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/09/17 16:38:11.0984 3364 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/17 16:38:12.0062 3364 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/17 16:38:12.0125 3364 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/09/17 16:38:12.0187 3364 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/17 16:38:12.0234 3364 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/17 16:38:12.0281 3364 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/17 16:38:12.0359 3364 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/17 16:38:12.0437 3364 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/17 16:38:12.0500 3364 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/17 16:38:12.0562 3364 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/17 16:38:12.0625 3364 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/17 16:38:12.0703 3364 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/17 16:38:12.0812 3364 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/17 16:38:12.0843 3364 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/17 16:38:12.0859 3364 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/17 16:38:12.0890 3364 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/17 16:38:12.0906 3364 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/17 16:38:12.0953 3364 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/17 16:38:13.0015 3364 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/17 16:38:13.0078 3364 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/17 16:38:13.0093 3364 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/17 16:38:13.0140 3364 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/17 16:38:13.0203 3364 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/17 16:38:13.0250 3364 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/17 16:38:13.0265 3364 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/17 16:38:13.0296 3364 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/17 16:38:13.0406 3364 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/17 16:38:13.0453 3364 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/17 16:38:13.0500 3364 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/17 16:38:13.0609 3364 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/17 16:38:13.0718 3364 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/17 16:38:13.0781 3364 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/17 16:38:13.0875 3364 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/17 16:38:13.0921 3364 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/17 16:38:13.0984 3364 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/17 16:38:14.0062 3364 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/17 16:38:14.0125 3364 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/17 16:38:14.0171 3364 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/17 16:38:14.0218 3364 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/17 16:38:14.0296 3364 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/17 16:38:14.0343 3364 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/17 16:38:14.0375 3364 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/17 16:38:14.0437 3364 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/17 16:38:14.0578 3364 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/09/17 16:38:14.0812 3364 Boot (0x1200) (1dfade4e81a1790eafffa2cbaba6b0c5) \Device\Harddisk0\DR0\Partition0
2011/09/17 16:38:14.0812 3364 Boot (0x1200) (bee154c9218b047c8ca1d27b9090a59b) \Device\Harddisk1\DR1\Partition0
2011/09/17 16:38:14.0812 3364 ================================================================================
2011/09/17 16:38:14.0812 3364 Scan finished
2011/09/17 16:38:14.0812 3364 ================================================================================
2011/09/17 16:38:14.0828 3356 Detected object count: 1
2011/09/17 16:38:14.0828 3356 Actual detected object count: 1
2011/09/17 16:38:26.0781 3356 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/17 16:38:26.0781 3356 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
2011/09/17 16:38:28.0046 3356 Backup copy found, using it..
2011/09/17 16:38:28.0046 3356 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured after reboot
2011/09/17 16:38:28.0046 3356 Virus.Win32.Rloader.a(ACPI) - User select action: Cure
2011/09/17 16:38:34.0281 3312 Deinitialize success

Broni · Sep 17, 2011

Good news

I closed your other topic.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

idrizmiftari · Sep 17, 2011

Aswmbr and Combofix

Here are the Aswmbr and combofix logs requested.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-17 17:09:08
-----------------------------
17:09:08.656 OS Version: Windows 5.1.2600 Service Pack 3
17:09:08.656 Number of processors: 2 586 0xF02
17:09:08.656 ComputerName: COMPUTER UserName: LT BABY
17:09:09.140 Initialize success
17:09:38.781 AVAST engine defs: 11091701
17:09:56.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:09:56.656 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
17:09:56.656 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
17:09:56.656 Disk 1 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
17:09:58.687 Disk 0 MBR read successfully
17:09:58.687 Disk 0 MBR scan
17:09:58.718 Disk 0 Windows XP default MBR code
17:09:58.718 Disk 0 scanning sectors +156232125
17:09:58.796 Disk 0 scanning C:\WINDOWS\system32\drivers
17:10:14.515 Service scanning
17:10:15.812 Modules scanning
17:10:36.218 Disk 0 trace - called modules:
17:10:36.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:10:36.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a68eab8]
17:10:36.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6c1d98]
17:10:37.015 AVAST engine scan C:\WINDOWS
17:11:07.546 AVAST engine scan C:\WINDOWS\system32
17:13:10.437 AVAST engine scan C:\WINDOWS\system32\drivers
17:13:27.343 AVAST engine scan C:\Documents and Settings\LT BABY
17:14:54.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LT BABY\Desktop\MBR.dat"
17:14:54.546 The log file has been saved successfully to "C:\Documents and Settings\LT BABY\Desktop\aswMBR.txt"

idrizmiftari · Sep 17, 2011

Combofix

ComboFix 11-09-17.03 - LT BABY 09/17/2011 17:17:08.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1628 [GMT -4:00]
Running from: c:\documents and settings\LT BABY\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-08-17 to 2011-09-17 )))))))))))))))))))))))))))))))
.
.
2011-09-17 21:15 . 2011-09-17 21:15 -------- d-----w- C:\32788R22FWJFW
2011-09-16 05:09 . 2011-09-16 05:09 388096 ----a-r- c:\documents and settings\LT BABY\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-16 05:09 . 2011-09-16 05:09 -------- d-----w- c:\program files\Trend Micro
2011-09-15 15:16 . 2011-07-19 09:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-15 05:44 . 2011-09-15 05:44 -------- d-----r- c:\program files\Skype
2011-09-15 05:15 . 2011-09-15 05:15 -------- d-----w- c:\program files\iPod
2011-09-15 05:12 . 2011-09-15 05:12 -------- d-----w- c:\program files\Bonjour
2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-09-15 05:12 . 2011-09-15 05:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-09-15 05:11 . 2011-09-15 05:12 -------- d-----w- c:\program files\QuickTime
2011-09-15 05:07 . 2011-09-15 05:07 -------- d-----w- c:\program files\Lavasoft
2011-09-14 14:28 . 2011-09-14 14:28 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-14 14:26 . 2011-09-15 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-09-11 22:46 . 2011-09-14 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-11 22:06 . 2011-09-14 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-09-11 21:55 . 2011-09-11 21:55 -------- d-----w- c:\windows\system32\winrm
2011-09-11 21:55 . 2011-09-11 21:55 -------- d-----w- c:\windows\system32\GroupPolicy
2011-09-11 21:55 . 2011-09-11 21:55 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-09-11 17:32 . 2011-09-11 17:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-11 17:32 . 2011-09-11 17:32 -------- d-----w- c:\documents and settings\LT BABY\Application Data\AVG2012
2011-09-11 17:30 . 2011-09-11 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-11 17:28 . 2011-09-11 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-09-11 05:51 . 2011-09-11 05:51 -------- d-----w- c:\documents and settings\LT BABY\Application Data\Sakura
2011-09-11 04:45 . 2011-09-11 04:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-11 04:10 . 2011-09-11 04:10 -------- d-----w- c:\documents and settings\LT BABY\Local Settings\Application Data\ESET
2011-09-11 03:59 . 2011-09-11 03:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-09-11 03:04 . 2011-09-11 03:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-09-11 01:33 . 2011-09-11 05:55 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-09-11 01:32 . 2011-09-11 01:32 -------- d-----w- c:\documents and settings\LT BABY\Application Data\Malwarebytes
2011-09-11 01:32 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-11 01:32 . 2011-09-11 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-11 01:32 . 2011-09-11 01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-11 01:32 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 01:04 . 2011-09-11 01:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-08 21:57 . 2011-09-11 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\mJ21101PpGeC21101
2011-09-05 20:24 . 2011-09-11 00:25 -------- d-----w- c:\documents and settings\LT BABY\Local Settings\Application Data\Conduit
2011-09-05 20:24 . 2011-09-05 20:25 -------- d-----w- c:\documents and settings\LT BABY\Application Data\GetRightToGo
2011-09-05 01:37 . 2011-09-05 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder
2011-09-03 13:59 . 2011-09-03 13:59 -------- d-----w- c:\documents and settings\LT BABY\Application Data\Unity
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-09-03 04:55 . 2011-09-03 04:55 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2011-09-03 04:51 . 2011-09-03 04:51 -------- d-----w- c:\documents and settings\LT BABY\Local Settings\Application Data\Unity
2011-09-03 04:38 . 2011-09-03 04:38 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc5AC.tmp
2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-17 20:39 . 2004-08-04 03:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-09-09 09:12 . 2004-08-11 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-19 06:40 . 2008-11-02 04:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2004-08-11 21:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-11 21:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2004-08-11 21:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-11 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-11 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-11 21:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-11 21:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-03 06:01 . 2011-09-15 13:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-16_05.31.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-17 20:39 . 2011-09-17 20:39 16384 c:\windows\temp\Perflib_Perfdata_1b4.dat
+ 2004-08-11 21:00 . 2011-09-17 20:43 73636 c:\windows\system32\perfc009.dat
- 2004-08-11 21:00 . 2011-09-03 05:07 73636 c:\windows\system32\perfc009.dat
+ 2004-08-11 21:00 . 2011-09-17 20:43 446540 c:\windows\system32\perfh009.dat
- 2004-08-11 21:00 . 2011-09-03 05:07 446540 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzIyNDAyMDA5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1796&mid=5188a9f4d2a647d1a4bad153e62412d6-f43308e76f07837a7ea13e9f5929462580b6ee3d" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 09:23 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 20:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 21:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-01 12:07 843776 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 5:00 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 23548983
*NewlyCreated* - ASWMBR
*Deregistered* - 23548983
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
IE: &AIM Toolbar Search
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://www.intranet.farmingdale.edu:8080/av/symantec/xp/webinst.cab
FF - ProfilePath - c:\documents and settings\LT BABY\Application Data\Mozilla\Firefox\Profiles\jgxkomdb.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-23548983.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-17 17:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800JD-75MSA3 rev.10.01E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 156249998 (+255): user != kernel
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-17 17:26:56
ComboFix-quarantined-files.txt 2011-09-17 21:26
ComboFix2.txt 2011-09-16 23:57
ComboFix3.txt 2011-09-16 15:26
ComboFix4.txt 2011-09-16 05:34
.
Pre-Run: 29,223,882,752 bytes free
Post-Run: 29,299,036,160 bytes free
.
- - End Of File - - 621B21687A649A9C8B7B572A9C648809

Broni · Sep 17, 2011

Looks good

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

idrizmiftari · Sep 17, 2011

OTL log

No other issues seem to be arising, his computer seems to be clean as far as I know. Thank you very much for the help.

OTL log:

OTL logfile created on: 9/17/2011 6:04:45 PM - Run 1
OTL by OldTimer - Version 3.2.29.0 Folder = C:\Documents and Settings\LT BABY\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 72.09% Memory free
3.33 Gb Paging File | 3.02 Gb Available in Paging File | 90.59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 27.32 Gb Free Space | 36.70% Space Free | Partition Type: NTFS
Drive R: | 74.45 Gb Total Space | 49.34 Gb Free Space | 66.27% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: LT BABY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/17 18:03:33 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT BABY\Desktop\OTL.exe
PRC - [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/03 02:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2007/09/06 10:20:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2006/08/28 02:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070829

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070829
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51636

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070829
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51636

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]

IE - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 15 5A 00 76 08 09 49 B0 FB 8D 42 28 83 2D 5B [binary data]
IE - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/15 09:34:19 | 000,000,000 | ---D | M]

[2011/09/15 01:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LT BABY\Application Data\Mozilla\Extensions
[2010/06/01 16:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LT BABY\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/09/15 09:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LT BABY\Application Data\Mozilla\Firefox\Profiles\jgxkomdb.default\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LT BABY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JGXKOMDB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome - Experimental ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=ct2776682
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Gamevance Textlinks Plugin (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\LT BABY\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/16 01:17:43 | 000,000,002 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzIyNDAyMDA5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=5188a9f4d2a647d1a4bad153e62412d6-f43308e76f07837a7ea13e9f5929462580b6ee3d File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Toolbar Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://www.intranet.farmingdale.edu:8080/av/symantec/xp/webinst.cab (WebBasedClientInstall Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BECE399-15C8-41A3-A5B8-C4E7B517799D}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (explorer.exe) - File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (explorer.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\LT BABY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LT BABY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - wdmaud.drv File not found
Drivers32: aux1 - wdmaud.drv File not found
Drivers32: aux2 - wdmaud.drv File not found
Drivers32: midi - wdmaud.drv File not found
Drivers32: midi1 - wdmaud.drv File not found
Drivers32: midi2 - wdmaud.drv File not found
Drivers32: midimapper - midimap.dll File not found
Drivers32: mixer - wdmaud.drv File not found
Drivers32: mixer1 - wdmaud.drv File not found
Drivers32: mixer2 - wdmaud.drv File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm File not found
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg711 - msg711.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.msgsm610 - msgsm32.acm File not found
Drivers32: msacm.siren - sirenacm.dll File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: msacm.vorbis - vorbis.acm File not found
Drivers32: vidc.cvid - iccvid.dll File not found
Drivers32: vidc.I420 - msh263.drv File not found
Drivers32: vidc.iv31 - ir32_32.dll File not found
Drivers32: vidc.iv32 - ir32_32.dll File not found
Drivers32: vidc.iv41 - ir41_32.ax File not found
Drivers32: vidc.iv50 - ir50_32.dll File not found
Drivers32: vidc.iyuv - iyuv_32.dll File not found
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: vidc.mrle - msrle32.dll File not found
Drivers32: vidc.msvc - msvidc32.dll File not found
Drivers32: vidc.uyvy - msyuv.dll File not found
Drivers32: VIDC.XFR1 - xfcodec.dll File not found
Drivers32: vidc.yuy2 - msyuv.dll File not found
Drivers32: vidc.yvu9 - tsbyuv.dll File not found
Drivers32: vidc.yvyu - msyuv.dll File not found
Drivers32: wave - wdmaud.drv File not found
Drivers32: wave1 - wdmaud.drv File not found
Drivers32: wave2 - wdmaud.drv File not found
Drivers32: wavemapper - msacm32.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/17 18:03:33 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LT BABY\Desktop\OTL.exe
[2011/09/17 17:15:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/17 17:15:33 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/09/17 17:08:51 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\LT BABY\Desktop\aswMBR.exe
[2011/09/17 16:37:26 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LT BABY\Desktop\tdsskiller.exe
[2011/09/17 11:20:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\dds.scr
[2011/09/16 19:57:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/16 01:21:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/16 01:21:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/16 01:21:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/16 01:21:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/16 01:20:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/16 01:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/16 01:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Start Menu\Programs\HiJackThis
[2011/09/16 00:56:18 | 004,214,248 | R--- | C] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\ComboFix.exe
[2011/09/15 11:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/15 10:30:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/15 10:27:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/15 10:26:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LT BABY\Start Menu\Programs\Administrative Tools
[2011/09/15 09:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/09/15 01:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/09/15 01:44:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/09/15 01:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/09/15 01:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/15 01:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/15 01:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/15 01:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/15 01:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/14 10:28:31 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/14 10:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/09/11 18:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/11 18:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/11 17:55:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/09/11 17:55:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/09/11 17:55:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/09/11 17:55:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/09/11 13:32:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/11 13:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\AVG2012
[2011/09/11 13:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/11 13:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/11 01:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\Sakura
[2011/09/11 00:30:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LT BABY\Recent
[2011/09/11 00:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\ESET
[2011/09/10 23:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/09/10 23:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/09/10 22:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/10 22:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/10 21:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Start Menu\Programs\Free Registry Cleaner
[2011/09/10 21:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011/09/10 21:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\Malwarebytes
[2011/09/10 21:32:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/10 21:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/10 21:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/10 21:32:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/10 21:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/10 21:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/10 21:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/08 17:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mJ21101PpGeC21101
[2011/09/05 16:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\Conduit
[2011/09/05 16:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\GetRightToGo
[2011/09/04 21:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/09/03 09:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Application Data\Unity
[2011/09/03 00:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/09/03 00:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\Unity

========== Files - Modified Within 30 Days ==========

[2011/09/17 18:03:33 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT BABY\Desktop\OTL.exe
[2011/09/17 17:15:19 | 004,214,248 | R--- | M] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\ComboFix.exe
[2011/09/17 17:14:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\MBR.dat
[2011/09/17 17:08:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LT BABY\Desktop\aswMBR.exe
[2011/09/17 16:43:36 | 000,446,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/17 16:43:36 | 000,073,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/17 16:39:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/17 16:39:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/17 16:39:21 | 2136,588,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/17 16:37:28 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LT BABY\Desktop\tdsskiller.exe
[2011/09/17 11:20:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\dds.scr
[2011/09/17 11:18:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\2ezmo3cq.exe
[2011/09/16 12:09:26 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\HiJackThis.lnk
[2011/09/16 11:11:50 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\rkill.com
[2011/09/16 01:17:43 | 000,000,002 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/16 00:57:01 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\RKUnhookerLE.EXE
[2011/09/15 11:22:28 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/15 10:30:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/15 09:34:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\LT BABY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/15 09:34:22 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/15 01:16:02 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/15 01:11:59 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/15 00:59:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/14 10:28:31 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/14 10:18:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/14 06:15:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/11 18:44:07 | 000,000,302 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/09/11 16:32:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/11 01:21:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/08 17:57:01 | 000,001,180 | -HS- | M] () -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\o63enu3yd4f2q
[2011/09/08 17:57:01 | 000,001,180 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\o63enu3yd4f2q
[2011/08/26 18:21:30 | 000,042,392 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll

========== Files Created - No Company Name ==========

[2011/09/17 17:14:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\MBR.dat
[2011/09/17 11:18:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\2ezmo3cq.exe
[2011/09/16 20:56:34 | 2136,588,288 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/16 11:11:49 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\rkill.com
[2011/09/16 01:21:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/16 01:21:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/16 01:21:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/16 01:21:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/16 01:21:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/16 01:09:42 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\HiJackThis.lnk
[2011/09/16 00:57:01 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\LT BABY\Desktop\RKUnhookerLE.EXE
[2011/09/15 10:30:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/15 10:30:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/15 09:34:22 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\LT BABY\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/15 09:34:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/15 09:34:22 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/15 01:16:02 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/15 01:11:59 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/11 17:54:04 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/09/08 17:57:01 | 000,001,180 | -HS- | C] () -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\o63enu3yd4f2q
[2011/09/08 17:57:01 | 000,001,180 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o63enu3yd4f2q
[2011/08/26 18:21:30 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/05/18 12:45:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/14 08:15:18 | 000,044,748 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/09 12:57:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/19 15:31:08 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/07/19 02:32:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/11 23:03:21 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/11 13:03:28 | 000,011,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\widijeve
[2008/12/13 10:56:39 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson640.ini
[2008/12/13 10:56:31 | 000,051,712 | ---- | C] () -- C:\WINDOWS\RUNEPSON.EXE
[2008/11/02 17:55:17 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/06 10:39:38 | 000,000,227 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/09/06 10:00:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/08/29 08:09:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/29 08:03:33 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/08/29 08:03:33 | 000,000,302 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/29 07:42:18 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/08/29 07:42:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/08/29 07:42:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/08/29 07:41:22 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,219,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,446,540 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,073,636 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

idrizmiftari · Sep 17, 2011

OTL log part 2

========== LOP Check ==========

[2009/08/28 00:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Research In Motion
[2011/02/26 10:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\imeshbandmltbpi
[2011/02/11 19:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\391C5
[2011/09/14 10:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/11 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009/07/26 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bazoveza
[2009/05/09 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\befuvanu
[2009/05/09 16:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bewihafe
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bofofevu
[2011/09/11 13:32:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dapavama
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\darunuwe
[2009/05/09 16:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\darususi
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\denufudu
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\donojawi
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fedeyipu
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fenobeko
[2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firugoti
[2009/05/22 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fivipute
[2009/05/09 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fosadite
[2009/05/09 16:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fusigoka
[2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fuzowezo
[2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\garazuha
[2009/05/09 16:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\geligehu
[2009/05/09 16:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gihoyojo
[2009/05/09 16:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gohifodi
[2009/05/09 11:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gomuzidi
[2009/07/26 18:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\guhiziho
[2009/05/09 16:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hekazezi
[2009/05/21 00:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hekeyapi
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hivunote
[2009/05/09 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hutikovu
[2009/05/09 16:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\janifedu
[2009/05/09 16:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\javinete
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jefaduku
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jezemimu
[2009/05/09 16:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jomotewa
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\juposeno
[2009/05/09 16:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jutizowi
[2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kewevuro
[2009/05/09 16:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kewowupa
[2009/05/09 16:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kimuremo
[2009/05/22 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kivigoru
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kiyajeru
[2009/05/09 16:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kubidima
[2009/05/09 16:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kujonuva
[2009/05/09 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kuvimulo
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lepekisu
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lezaromo
[2009/05/09 16:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\litikusi
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\malaruwo
[2009/05/09 16:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\matizava
[2010/01/09 11:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/09/11 16:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/10 23:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mJ21101PpGeC21101
[2009/05/24 18:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muhoyawa
[2009/07/26 18:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\namiviko
[2009/05/09 16:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nawonane
[2009/07/26 18:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\netojeke
[2009/05/09 16:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nevorefa
[2009/05/09 16:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nifodiyu
[2009/05/09 16:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nijetiyi
[2009/05/09 16:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nimidiki
[2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\norefose
[2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\novusina
[2009/06/11 21:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nutuhunu
[2009/05/16 20:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nuwuzeku
[2009/06/09 23:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\papororo
[2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\patayaru
[2009/05/09 16:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pawovuda
[2009/05/09 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\peheliba
[2009/05/09 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pehirema
[2009/05/09 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\peroruvo
[2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pogewaso
[2009/05/09 16:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rakedega
[2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ramuzovi
[2009/06/11 21:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ravezula
[2009/07/26 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ravufuge
[2009/05/09 16:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\resemuzu
[2009/05/09 16:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\robejaku
[2009/05/09 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ruhegozi
[2009/07/26 18:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\satukivu
[2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sihosido
[2009/07/26 18:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\siwelehu
[2009/05/09 16:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sohibesi
[2009/06/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sugemeha
[2011/09/10 23:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/09 16:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tevaziva
[2011/09/11 00:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tiwedihu
[2009/05/09 16:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tomavita
[2009/06/06 09:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\toyoyavi
[2009/05/09 16:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vegozadi
[2011/09/10 23:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vonibusa
[2009/05/09 16:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vozafiwu
[2011/09/10 23:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vumehijo
[2009/06/08 01:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vuzofafu
[2009/06/09 00:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wamejawe
[2009/05/09 16:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wazuloro
[2011/09/04 21:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wekavube
[2009/05/28 23:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wenihubi
[2009/05/09 16:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wepejapu
[2009/05/24 18:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wolizapa
[2009/05/09 16:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wotuzapi
[2009/05/18 23:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuduzuli
[2009/05/09 16:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuniferi
[2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuyojogi
[2009/05/09 16:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yabohoyu
[2009/05/09 16:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yinerodu
[2011/09/11 00:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yubihimo
[2009/05/09 16:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yujawohu
[2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yupabuse
[2011/09/10 18:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zapujevu
[2009/05/09 16:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zarebeba
[2009/06/11 23:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zuhuyaba
[2009/05/09 16:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zujopuhe
[2010/12/07 20:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 22:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/05 20:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/08/28 00:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\acccore
[2011/09/11 13:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\AVG2012
[2011/09/11 00:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\FrostWire
[2011/09/05 16:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\GetRightToGo
[2009/04/11 16:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\ICAClient
[2011/04/22 08:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\id Software
[2011/01/22 20:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\imeshbandmltbpi
[2011/02/18 16:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\LimeWire
[2011/01/09 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\mediabarim
[2011/02/07 19:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\ooVoo Details
[2011/09/04 21:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\OpenCandy
[2009/07/19 16:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\Research In Motion
[2011/09/11 01:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\Sakura
[2011/09/03 09:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\Unity
[2011/08/04 12:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\vmntemplate
[2009/08/12 19:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT BABY\Application Data\Watchtower
[2008/12/13 10:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/14 23:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\ICAClient
[2011/02/24 23:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\imeshbandmltbpi
[2011/01/14 01:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\mediabarim
[2009/08/12 10:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ray\Application Data\Watchtower

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/09/15 09:52:31 | 000,000,360 | ---- | M] () -- C:\aaw7boot.log
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/09/11 16:32:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/15 10:30:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/08/29 07:43:04 | 000,005,829 | RH-- | M] () -- C:\dell.sdr
[2011/09/17 16:39:21 | 2136,588,288 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/06 10:03:41 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2011/02/13 22:22:07 | 000,001,094 | -H-- | M] () -- C:\IPH.PH
[2011/09/15 11:17:51 | 000,025,877 | ---- | M] () -- C:\JavaRa.log
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/09 11:34:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/17 16:39:20 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 17:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/05/09 11:40:06 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/16 20:09:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\LT BABY\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 17:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\LT BABY\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/09/17 11:18:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\2ezmo3cq.exe
[2011/09/17 17:08:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LT BABY\Desktop\aswMBR.exe
[2011/09/17 17:15:19 | 004,214,248 | R--- | M] (Swearware) -- C:\Documents and Settings\LT BABY\Desktop\ComboFix.exe
[2011/09/17 18:03:33 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT BABY\Desktop\OTL.exe
[2011/09/16 00:57:01 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\LT BABY\Desktop\RKUnhookerLE.EXE
[2011/09/17 16:37:28 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\LT BABY\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/05/16 20:09:08 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\LT BABY\Favorites\Desktop.ini
[2011/09/15 00:46:48 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\LT BABY\Favorites\My Music.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/08/14 12:43:51 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/09/17 17:28:40 | 000,458,752 | ---- | M] () -- C:\Documents and Settings\LT BABY\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1

< End of report >

idrizmiftari · Sep 17, 2011

OTL extras log

OTL Extras logfile created on: 9/17/2011 6:04:45 PM - Run 1
OTL by OldTimer - Version 3.2.29.0 Folder = C:\Documents and Settings\LT BABY\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 72.09% Memory free
3.33 Gb Paging File | 3.02 Gb Available in Paging File | 90.59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 27.32 Gb Free Space | 36.70% Space Free | Partition Type: NTFS
Drive R: | 74.45 Gb Total Space | 49.34 Gb Free Space | 66.27% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: LT BABY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1004747553-854733563-2513261659-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 27
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BASICR" = Microsoft Office Basic 2007
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"OPERATION7" = OPERATION7
"Sakura" = Sakura
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2011 11:50:19 AM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 9/10/2011 6:37:04 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711726
Description =

Error - 9/10/2011 6:37:10 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 9/10/2011 6:56:18 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711726
Description =

Error - 9/10/2011 6:57:38 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 9/10/2011 6:57:47 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711726
Description =

Error - 9/10/2011 6:57:48 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 9/10/2011 6:58:14 PM | Computer Name = OPTIPLEX745D1 | Source = Symantec AntiVirus | ID = 16711726
Description =

Error - 9/17/2011 4:34:34 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 9/17/2011 4:44:32 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

[ System Events ]
Error - 9/16/2011 7:39:19 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 9/16/2011 7:39:40 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/16/2011 7:41:03 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/16/2011 8:20:43 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/16/2011 8:55:49 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/16/2011 8:56:39 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 9/17/2011 11:06:36 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 9/17/2011 4:29:29 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 9/17/2011 4:39:33 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 9/17/2011 4:39:33 PM | Computer Name = COMPUTER | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

< End of report >

Broni · Sep 17, 2011

You can reinstall AVG at any time now.

You have some McAfee leftovers.
Run this tool to remove them: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

====================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51636
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51636
O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1004747553-854733563-2513261659-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzIyNDA yMDA5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0. 1796"&"mid=5188a9f4d2a647d1a4bad153e62412d6-f43308e76f07837a7ea13e9f5929462580b6ee3d File not found
O8 - Extra context menu item: &AIM Toolbar Search - Reg Error: Value error. File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
[2011/09/08 17:57:01 | 000,001,180 | -HS- | M] () -- C:\Documents and Settings\LT BABY\Local Settings\Application Data\o63enu3yd4f2q
[2011/09/08 17:57:01 | 000,001,180 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\o63enu3yd4f2q
[2009/01/11 13:03:28 | 000,011,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\widijeve
[2011/02/11 19:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\391C5
[2011/09/14 10:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/07/26 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bazoveza
[2009/05/09 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\befuvanu
[2009/05/09 16:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bewihafe
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bofofevu
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dapavama
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\darunuwe
[2009/05/09 16:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\darususi
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\denufudu
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\donojawi
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fedeyipu
[2009/07/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fenobeko
[2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firugoti
[2009/05/22 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fivipute
[2009/05/09 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fosadite
[2009/05/09 16:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fusigoka
[2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fuzowezo
[2009/07/26 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\garazuha
[2009/05/09 16:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\geligehu
[2009/05/09 16:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gihoyojo
[2009/05/09 16:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gohifodi
[2009/05/09 11:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gomuzidi
[2009/07/26 18:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\guhiziho
[2009/05/09 16:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hekazezi
[2009/05/21 00:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hekeyapi
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hivunote
[2009/05/09 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hutikovu
[2009/05/09 16:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\janifedu
[2009/05/09 16:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\javinete
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jefaduku
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jezemimu
[2009/05/09 16:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jomotewa
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\juposeno
[2009/05/09 16:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jutizowi
[2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kewevuro
[2009/05/09 16:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kewowupa
[2009/05/09 16:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kimuremo
[2009/05/22 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kivigoru
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kiyajeru
[2009/05/09 16:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kubidima
[2009/05/09 16:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kujonuva
[2009/05/09 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kuvimulo
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lepekisu
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lezaromo
[2009/05/09 16:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\litikusi
[2009/07/26 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\malaruwo
[2009/05/09 16:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\matizava
[2011/09/10 23:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mJ21101PpGeC21101
[2009/05/24 18:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muhoyawa
[2009/07/26 18:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\namiviko
[2009/05/09 16:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nawonane
[2009/07/26 18:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\netojeke
[2009/05/09 16:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nevorefa
[2009/05/09 16:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nifodiyu
[2009/05/09 16:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nijetiyi
[2009/05/09 16:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nimidiki
[2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\norefose
[2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\novusina
[2009/06/11 21:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nutuhunu
[2009/05/16 20:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nuwuzeku
[2009/06/09 23:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\papororo
[2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\patayaru
[2009/05/09 16:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pawovuda
[2009/05/09 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\peheliba
[2009/05/09 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pehirema
[2009/05/09 16:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\peroruvo
[2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pogewaso
[2009/05/09 16:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rakedega
[2009/07/26 18:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ramuzovi
[2009/06/11 21:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ravezula
[2009/07/26 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ravufuge
[2009/05/09 16:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\resemuzu
[2009/05/09 16:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\robejaku
[2009/05/09 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ruhegozi
[2009/07/26 18:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\satukivu
[2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sihosido
[2009/07/26 18:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\siwelehu
[2009/05/09 16:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sohibesi
[2009/06/07 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sugemeha
[2009/05/09 16:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tevaziva
[2011/09/11 00:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tiwedihu
[2009/05/09 16:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tomavita
[2009/06/06 09:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\toyoyavi
[2009/05/09 16:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vegozadi
[2011/09/10 23:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vonibusa
[2009/05/09 16:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vozafiwu
[2011/09/10 23:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vumehijo
[2009/06/08 01:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vuzofafu
[2009/06/09 00:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wamejawe
[2009/05/09 16:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wazuloro
[2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wekavube
[2009/05/28 23:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wenihubi
[2009/05/09 16:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wepejapu
[2009/05/24 18:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wolizapa
[2009/05/09 16:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wotuzapi
[2009/05/18 23:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuduzuli
[2009/05/09 16:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuniferi
[2011/09/11 00:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wuyojogi
[2009/05/09 16:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yabohoyu
[2009/05/09 16:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yinerodu
[2011/09/11 00:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yubihimo
[2009/05/09 16:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yujawohu
[2009/05/09 11:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yupabuse
[2011/09/10 18:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zapujevu
[2009/05/09 16:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zarebeba
[2009/06/11 23:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zuhuyaba
[2009/05/09 16:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zujopuhe
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Broni · Sep 22, 2011

Still with me?

TechSpot

Welcome to TechSpot

Cannot connect to search engines, other sites fine

idrizmiftari Newcomer, in training

idrizmiftari Newcomer, in training

idrizmiftari Newcomer, in training

idrizmiftari Newcomer, in training

idrizmiftari Newcomer, in training

Broni Malware Annihilator Posts: 39,324 +175

idrizmiftari Newcomer, in training

Attached Files:

attach.txt

Broni Malware Annihilator Posts: 39,324 +175

idrizmiftari Newcomer, in training

idrizmiftari Newcomer, in training

Broni Malware Annihilator Posts: 39,324 +175

idrizmiftari Newcomer, in training

idrizmiftari Newcomer, in training

idrizmiftari Newcomer, in training

Broni Malware Annihilator Posts: 39,324 +175

Broni Malware Annihilator Posts: 39,324 +175

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.