Solved Infected by rootkit zeroaccess

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
internet works properly with this :
so here s the log

OTL logfile created on: 4/9/2012 2:56:29 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 32.89 Gb Free Space | 14.12% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (WLSetupSvc)
SRV - File not found [Auto] -- -- (atkkeyboardservice)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/06 20:27:15 | 000,090,952 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/10/28 21:18:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Documents and Settings\Owner\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu) [Auto] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu) [Auto] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Avast4 antivirus\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Avast4 antivirus\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Avast4 antivirus\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Avast4 antivirus\aswUpdSv.exe -- (aswUpdSv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/05 08:28:06 | 000,024,656 | ---- | M] (Tall Emu) [Kernel | System] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/12/05 08:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/12/05 08:27:52 | 000,223,312 | ---- | M] (Tall Emu) [File_System | System] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2004/08/26 23:12:34 | 002,241,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/18 01:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/18 01:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/18 01:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/06/16 15:14:00 | 000,180,480 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/03/18 01:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2001/08/17 14:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.NP_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
IE - HKU\Administrator.NP_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Berny_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Berny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481032
IE - HKU\Berny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Eliz_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us
IE - HKU\Eliz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\nad_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
IE - HKU\nad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP:



O1 HOSTS File: ([2012/04/07 19:01:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Administrator.NP_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Eliz_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Eliz_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Eliz_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\nad_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\Owner_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator.NP_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator.NP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator.NP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator.NP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Berny_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Berny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Eliz_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Eliz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\nad_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\nad_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/MeetUploader_200909.cab (MeetUploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 21:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 13:32:43 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
[2012/04/09 12:32:08 | 004,452,637 | ---- | C] (Swearware) -- C:\Documents and Settings\nad\Desktop\asw.exe
[2012/04/09 12:27:23 | 004,452,637 | ---- | C] (Swearware) -- C:\Documents and Settings\Eliz\Desktop\asw.exe
[2012/04/09 12:01:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nad\Cookies
[2012/04/09 12:00:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nad\Application Data\Microsoft
[2012/04/09 12:00:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nad\Application Data
[2012/04/09 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\My Documents\My Pictures
[2012/04/09 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\My Documents\My Music
[2012/04/09 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\Favorites
[2012/04/09 12:00:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nad\IETldCache
[2012/04/09 12:00:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nad\Local Settings
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Local Settings\Application Data\Microsoft Help
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Local Settings\Application Data\Microsoft
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Application Data\Macromedia
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Application Data\Identities
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Desktop
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\My Documents\CyberLink
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Application Data\CyberLink
[2012/04/09 12:00:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nad\SendTo
[2012/04/09 12:00:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nad\Recent
[2012/04/09 12:00:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\Start Menu\Programs\Startup
[2012/04/09 12:00:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\Start Menu
[2012/04/09 12:00:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\My Documents
[2012/04/09 12:00:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\Start Menu\Programs\Accessories
[2012/04/09 12:00:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nad\Templates
[2012/04/09 12:00:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nad\PrintHood
[2012/04/09 12:00:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nad\NetHood
[2012/04/08 22:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2012/04/08 16:36:02 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe
[2012/04/08 16:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Junction
[2012/04/08 16:11:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2012/04/08 16:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Winsock
[2012/04/07 19:58:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/07 19:39:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2012/04/07 19:07:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/07 18:33:00 | 004,452,637 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/04/07 18:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\bootkit_remover
[2012/04/07 09:10:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 09:10:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 09:10:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 09:10:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 09:10:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/07 09:10:09 | 000,000,000 | ---D | C] -- C:\b
[2012/04/07 09:10:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/06 20:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/04/06 20:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/04/06 20:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/04/06 20:26:45 | 007,156,360 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.NP\Desktop\HitmanPro36.exe
[2012/04/06 20:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\My Documents\Simply Super Software
[2012/04/06 20:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2012/04/06 20:23:43 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\ztv7z.dll
[2012/04/06 20:23:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2012/04/06 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012/04/06 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/04/06 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Simply Super Software
[2012/04/06 20:22:11 | 012,150,424 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Administrator.NP\Desktop\trjsetup683.exe
[2012/04/06 10:56:24 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/04/06 09:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\burning and dvd software
[2012/04/06 09:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\games
[2012/04/06 09:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\antivirus 3 steps
[2012/04/05 18:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2012/04/05 18:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\SUPERAntiSpyware
[2012/04/05 18:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/05 18:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/05 18:15:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/05 16:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/04/05 13:32:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.NP\PrivacIE
[2012/04/05 13:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Malwarebytes
[2012/04/05 13:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Local Settings\Application Data\Adobe
[2012/04/05 13:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Adobe
[2012/04/05 13:14:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Microsoft
[2012/04/05 13:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.NP\SendTo
[2012/04/05 13:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.NP\Recent
[2012/04/05 13:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.NP\Application Data
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Startup
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\Start Menu
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\My Documents\My Pictures
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\My Documents\My Music
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\My Documents
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\Favorites
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Accessories
[2012/04/05 13:14:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.NP\IETldCache
[2012/04/05 13:14:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.NP\Cookies
[2012/04/05 13:14:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.NP\Templates
[2012/04/05 13:14:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.NP\PrintHood
[2012/04/05 13:14:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.NP\NetHood
[2012/04/05 13:14:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.NP\Local Settings
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Local Settings\Application Data\Microsoft Help
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Local Settings\Application Data\Microsoft
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Macromedia
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Identities
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Desktop
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\My Documents\CyberLink
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\CyberLink
[2012/03/27 08:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\spintopgames
[2012/03/18 18:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Jewel Quest Solitaire III
[2012/03/18 18:05:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/03/15 19:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\stpatricks
[2012/03/10 16:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Ashampoo
[2012/03/10 16:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo Burning Studio 2012
[2012/03/10 15:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========

[2012/04/09 13:42:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 13:30:56 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
[2012/04/09 12:08:31 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\nad\Desktop\My Computer.lnk
[2012/04/09 12:01:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\nad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/09 10:14:23 | 000,002,172 | ---- | M] () -- C:\WINDOWS\citation.ini
[2012/04/09 10:14:16 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003 (2).lnk
[2012/04/08 22:03:10 | 002,053,661 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/04/08 16:42:24 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inherit.exe
[2012/04/08 10:41:19 | 000,000,251 | RHS- | M] () -- C:\boot.ini
[2012/04/08 10:13:38 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FSS.exe
[2012/04/07 19:01:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/07 18:29:42 | 004,452,637 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/04/07 18:29:42 | 004,452,637 | ---- | M] (Swearware) -- C:\Documents and Settings\nad\Desktop\asw.exe
[2012/04/07 18:29:42 | 004,452,637 | ---- | M] (Swearware) -- C:\Documents and Settings\Eliz\Desktop\asw.exe
[2012/04/07 18:19:15 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to KINGSTON (J).lnk
[2012/04/07 18:18:10 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
[2012/04/07 18:17:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/04/07 15:28:34 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lqty1ez3.exe
[2012/04/06 20:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/04/06 20:26:34 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\Shortcut to KINGSTON (J).lnk
[2012/04/06 20:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2012/04/06 20:21:24 | 012,150,424 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Administrator.NP\Desktop\trjsetup683.exe
[2012/04/06 19:52:26 | 003,596,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/06 17:42:04 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\CKScanner.exe
[2012/04/05 16:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/04/05 13:42:02 | 007,156,360 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.NP\Desktop\HitmanPro36.exe
[2012/04/05 13:31:53 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\Shortcut to Internet.lnk
[2012/04/05 13:24:20 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\WiNlOgOn.exe
[2012/04/05 13:17:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\My Computer.lnk
[2012/04/04 18:44:07 | 000,000,526 | ---- | M] () -- C:\hpfr3320.xml
[2012/03/19 16:21:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/17 10:39:43 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/14 22:46:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 13:08:38 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/11 09:05:24 | 000,438,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 09:05:24 | 000,070,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 12:08:31 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\nad\Desktop\My Computer.lnk
[2012/04/09 12:01:15 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\nad\Start Menu\Programs\Internet Explorer.lnk
[2012/04/09 12:00:18 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\nad\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/04/09 12:00:18 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\nad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/09 12:00:18 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\nad\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/09 12:00:16 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\nad\Start Menu\Programs\Remote Assistance.lnk
[2012/04/09 12:00:16 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\nad\Start Menu\Programs\Outlook Express.lnk
[2012/04/08 22:04:16 | 002,053,661 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/04/08 16:43:01 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inherit.exe
[2012/04/08 10:26:24 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FSS.exe
[2012/04/07 18:19:26 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
[2012/04/07 18:19:15 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to KINGSTON (J).lnk
[2012/04/07 18:17:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/04/07 15:43:51 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lqty1ez3.exe
[2012/04/07 09:10:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 09:10:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 09:10:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 09:10:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 09:10:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/06 20:26:34 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\Shortcut to KINGSTON (J).lnk
[2012/04/06 20:23:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2012/04/06 20:23:43 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2012/04/06 20:23:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2012/04/06 20:23:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2012/04/06 20:23:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2012/04/06 20:22:06 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\WiNlOgOn.exe
[2012/04/06 19:53:37 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\CKScanner.exe
[2012/04/05 13:31:53 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\Shortcut to Internet.lnk
[2012/04/05 13:17:12 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\My Computer.lnk
[2012/04/05 13:14:53 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/04/05 13:14:53 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/05 13:14:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/05 13:14:51 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Internet Explorer.lnk
[2012/04/05 13:14:51 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Outlook Express.lnk
[2012/04/05 13:14:50 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Remote Assistance.lnk
[2012/03/11 13:08:38 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/02/15 06:46:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 19:06:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/11/05 18:12:04 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/08 12:09:15 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2010/10/06 18:48:33 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{42AFC48C-AA90-32D1-7D57-0000779C6322}
[2010/08/31 15:32:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2010/07/06 15:17:56 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Owner\choix
[2010/07/01 17:09:26 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Owner\logie
[2010/07/01 17:09:17 | 000,000,451 | ---- | C] () -- C:\Documents and Settings\Owner\scriptjava.html
[2010/07/01 17:09:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\tmp1.3
[2010/06/12 19:53:35 | 000,033,960 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\slot1.mm1
[2010/06/12 15:23:16 | 000,000,052 | ---- | C] () -- C:\WINDOWS\STYLEEASEAPA.INI
[2010/06/12 14:16:32 | 000,002,172 | ---- | C] () -- C:\WINDOWS\citation.ini
[2010/06/02 15:33:05 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2010/04/16 20:08:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/15 19:15:08 | 000,001,612 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\8MuP2
[2010/04/15 19:15:08 | 000,001,612 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8MuP2
[2010/04/10 11:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2010/04/10 11:37:54 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/10 11:37:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/08 19:38:05 | 000,000,065 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2010/04/08 17:44:10 | 000,008,192 | -HS- | C] () -- C:\WINDOWS\o2cLicStore.bin
[2010/01/09 16:55:46 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DIGIMA~1.INI
[2009/11/06 18:18:29 | 000,000,172 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/07/18 15:32:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/06/17 11:54:04 | 000,224,696 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_engine.dll
[2009/05/10 21:30:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/01/16 17:11:30 | 000,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2008/11/28 12:03:45 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2008/11/26 15:40:09 | 000,000,134 | ---- | C] () -- C:\WINDOWS\Antidote.ini
[2008/11/19 19:06:48 | 000,016,384 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2008/11/13 19:50:41 | 000,000,030 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/11/13 18:12:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\settings.ini
[2008/09/21 13:51:16 | 000,072,701 | ---- | C] () -- C:\Program Files\setup.cfg
[2008/09/21 13:51:16 | 000,046,592 | ---- | C] () -- C:\Program Files\KeyGen.exe
[2008/09/15 09:47:05 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2008/07/26 13:29:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2008/07/26 13:29:44 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2008/07/26 13:29:44 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2008/07/26 13:29:43 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2008/07/26 13:29:29 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2008/05/31 20:39:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/05/28 19:41:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/28 19:41:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/04 19:34:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/03/04 18:24:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/04 18:23:12 | 000,156,160 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 17:51:54 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2008/03/04 17:46:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/04 17:46:03 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/03/04 17:46:03 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/03/04 17:45:59 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/03/04 17:45:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/03/04 17:45:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/03/04 17:45:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/03/04 17:45:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/03/04 17:44:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/03/04 17:43:21 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/03/04 16:49:17 | 000,001,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 16:11:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/08/09 14:59:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\myodbc3i.exe
[2007/08/09 14:59:54 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\myodbc3m.exe
[2004/10/14 03:13:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/14 03:13:11 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2004/10/14 03:12:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/10/14 03:12:34 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/14 03:12:28 | 000,518,520 | ---- | C] () -- C:\WINDOWS\vidres.exe
[2004/08/27 13:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 12:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 21:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 21:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 19:12:43 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 19:12:43 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/26 19:12:10 | 000,438,208 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 19:12:10 | 000,070,138 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 13:54:56 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 13:54:01 | 003,596,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/24 11:05:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\NS_ProWrite_RTF.dll
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/20 16:13:44 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2001/10/28 02:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[1997/08/28 11:53:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\mapirtf.dll

========== LOP Check ==========

[2012/04/06 20:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.NP\Application Data\Simply Super Software
[2012/01/16 16:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\Babylon
[2010/09/06 19:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\ESET
[2008/08/04 13:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\MGI
[2009/12/26 10:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\OnlineArmor
[2012/03/10 14:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\PriceGong
[2012/01/03 10:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\Rovio
[2009/01/02 17:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\Cat's Eye Games
[2008/12/09 23:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\Flood Light Games
[2008/11/13 20:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\FloodLightGames
[2009/06/21 09:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\Games
[2008/12/30 11:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\iWin
[2009/12/26 23:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\OnlineArmor
[2008/12/19 16:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\SerpentOfIsis
[2011/10/07 20:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3 Days Zoo Mystery
[2012/02/17 18:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aiseesoft Studio
[2011/06/12 10:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/02/24 23:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2012/03/10 15:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
[2012/01/22 17:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Awem
[2011/01/23 20:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azuaz Games
[2012/01/15 15:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2010/11/11 20:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish
[2011/03/26 21:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2010/02/25 11:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2010/12/31 20:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2011/12/27 15:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brabl
[2011/05/28 20:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BrandX Games
[2011/10/29 18:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\casualArts
[2009/01/02 10:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cat's Eye Games
[2009/05/23 23:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus.media
[2009/12/15 20:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dragon Altar Games
[2011/11/26 20:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dream Farm Games
[2008/03/07 19:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Druide
[2009/12/15 17:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EditPlus 3
[2012/03/06 18:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus
[2011/07/02 21:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2012/01/14 20:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS Game Studios
[2010/09/06 19:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2010/02/25 10:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fabulous Finds
[2010/12/14 19:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FairyTale
[2010/02/01 20:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2010/09/04 18:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Floodlight Games
[2008/11/13 19:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FloodLightGames
[2010/09/08 20:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreezeTag
[2008/03/04 18:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fretsonfire
[2010/06/12 19:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2009/05/06 21:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
[2009/04/05 19:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2011/12/05 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2009/07/18 15:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GamesCafe
[2010/09/04 18:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/08/28 16:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
[2011/12/27 13:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gogii
[2009/01/12 22:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gogii Games
[2010/11/22 20:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games
[2009/07/18 21:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IOMediaSupport6SZZ001s
[2010/06/27 20:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2009/05/30 13:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ITTNord
[2012/03/16 20:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2010/11/01 20:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jetsetter
[2009/08/10 20:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JoyBits
[2010/08/21 19:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2009/01/25 11:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2009/01/17 18:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Academy
[2011/05/16 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2011/08/09 19:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2010/12/05 21:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2008/07/26 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MGI
[2008/05/04 17:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2010/10/06 19:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mojosoft
[2012/01/27 16:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MumboJumbo
[2010/01/12 22:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mushroom Age
[2012/01/03 17:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mystery of Mortlake Mansion
[2009/01/24 21:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mysteryville2
[2009/12/25 17:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OnlineArmor
[2011/06/12 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/01 18:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\panoramik
[2012/01/18 08:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFavoriteGames
[2012/01/08 22:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/12/26 18:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2009/07/24 21:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2010/10/30 21:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2011/10/30 17:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Rovio
[2008/12/19 13:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2010/02/25 11:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shape games
[2011/08/23 22:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skip-Bo
[2010/10/07 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2012/02/19 21:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Software Informer
[2011/01/09 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Specialbit
[2009/07/18 21:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spinapse
[2010/02/25 11:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2010/05/24 19:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games
[2010/12/07 21:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillRichiEng
[2009/06/27 17:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SultanofPersia
[2012/02/08 20:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SulusGames
[2009/07/21 20:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Players
[2009/07/18 21:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Prefs
[2011/12/17 16:02:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Application Data\sys32w
[2011/06/04 20:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TitanicMystery
[2011/08/18 21:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Total Eclipse
[2010/11/13 22:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ubisoft
[2012/04/02 17:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/02/25 11:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\V-Games
[2011/05/20 23:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VampireSaga
[2011/08/12 06:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Prophecy
[2010/12/14 19:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vogat Interactive
[2011/11/23 19:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WhiteSmoke
[2010/04/11 15:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Live Writer
[2010/01/16 21:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\World-LooM
[2011/05/12 18:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aB01803IkKlN01803
[2010/02/24 23:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/02/16 21:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2012/03/09 20:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/04/15 21:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2012/01/16 16:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/07/25 16:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/02/25 11:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2011/04/29 07:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bNl01804gLpOg01804
[2011/12/26 20:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2009/04/05 19:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/12/26 18:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010/01/30 21:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/09/04 18:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2008/11/13 19:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2011/05/14 15:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friday's games
[2010/02/25 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTantra
[2010/12/27 13:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/01/12 22:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2010/11/22 20:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
[2009/06/22 18:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2012/04/08 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/06/12 19:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2010/06/02 19:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/02/18 18:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/02/05 18:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/02 17:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2009/01/25 11:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/12/05 21:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2011/12/29 13:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/05/30 13:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2009/01/05 22:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/02/25 11:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2011/04/03 00:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nKoIcOl01803
[2010/03/17 20:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/08/28 16:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2008/09/21 14:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/01/08 22:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/07 12:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2011/07/01 22:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/12/26 17:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
[2010/02/01 20:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2010/11/18 23:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/02 22:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio
[2009/01/25 11:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/11/18 21:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2012/04/06 20:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/07/18 21:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2012/03/05 18:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/02/08 20:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2009/07/24 21:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2008/09/15 09:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/24 19:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildWestQuest2
[2009/12/09 20:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========


< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: 
:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Administrator.NP_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Eliz_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Eliz_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\nad_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
[2012/04/06 20:22:11 | 012,150,424 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Administrator.NP\Desktop\trjsetup683.exe


:Services

:Reg

:Files
C:\Program Files\Trojan Remover

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
the computer did not reboot after the fix was run it gave me the log directly right now rebooting in normal without cd
here is:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\Administrator.NP_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Berny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Berny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{124D001A-BDCB-472F-AA59-BBE7E4BC3204} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}\ not found.
Registry value HKEY_USERS\Berny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Berny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\Eliz_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Eliz_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\nad_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner deleted successfully.
C:\Program Files\Trojan Remover\Trjscan.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\Administrator.NP_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\Berny_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\Eliz_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\nad_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Administrator.NP_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Berny_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Eliz_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\nad_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Documents and Settings\Administrator.NP\Desktop\trjsetup683.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Trojan Remover folder moved successfully.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 04092012_153042


didnt do this .....Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick) because it gave the log right off...dd I made a mistake

boot in normal mode. still no access received the same error message argggggg
 
At this point I don't see anything malicious anymore.
I believe your Windows installation got corrupted by the infection.

I have no choice but to suggest backing up your data and reinstalling Windows.
 
how would I resinstall windows? with the gateway cds? wont it erase all softwares and such? and why do I have access in safe mode but not in normal mode?
 
You have to backup your data first.
Then you boot from Gateway CD and follow on screen instructions.
 
so i wipe all the drive after I copy what I can (not much access)into my laptop...

if thats so i might need help never reformated before not sure what I would do. men that sucks
 
i do have a question is there a way we can repair? without wiping all ( there must be a reason i have no access in normal mode )

starting to back up but at this rate I will be doing this for days.
 
my son tells me he could have one (but we dunno if its legit) although we have a key for it....would it work he telles me its sp3 (which I think we are sp3 version
 
Windows XP CD with SP3 would be exactly what we need to run repair installation.
 
k have it(its on a burned cd so not sure its legit my son gave to me now).

wanted to say I appreciate the help and patience

Also if it might help I have access i normal mode to command prompt


and have gateway restore dvd
 
Yeah, that won't work because you have Home edition.
You'll need same version on the CD.
 
k I backed up most of my data and did the recovery with backup last night. (I choose backup the files in the system recovery?)

I still have a few probems dunno if u can help me. INternet sometimes opens or not. right now working but wonder why it sometimes doesnt. also is there a way we can make sure that virus isnt back also it acts up wont let me write the bar keeps on moving by itself

should I rerun or try in normal rkill and tdsskiller and combo?

ANyway wanted to reinstall mbam and it wont allow me. so obviously the virus is still there

and theres seems to be glitches so far such as my usb key (where I have the antiviruses.it jammed when I placed it in and wouldnt open or nothing. it took 5-6 minutes before it opened and Ithink that s not normal.

also when I tried to install one of my software (I wrote the password unto a notepad file) when Iopened it the notepad info started to move and got deleted. is it possible the virus is still there?

LEt met know if since this is post virus I should open another thread.

wanted to finish reinstalling today since going back to work tomorrow but right now I think Ill wait. theres obviously still problems I did finish though to move data from backup into regular c drive.

update I managed to install mabm but it wasnt obvious...and it stopped in the middle!so I restarted it.ill post the mbam file log here

Maybe I should nt have done recovery with backup files?

first mbam
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Owner :: NP [administrator]

4/10/2012 10:17:20 AM
mbam-log-2012-04-10 (10-17-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 58394
Time elapsed: 21 minute(s), 3 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\My Documents\kilisent\zSOFTWARE STORAGE\USE ALCOHOL120\zMicrosoft Office 2007 Enterprise Edition\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)


second mbabm was ok
 
First of all this:
C:\Documents and Settings\Owner\My Documents\kilisent\zSOFTWARE STORAGE\USE ALCOHOL120\zMicrosoft Office 2007 Enterprise Edition\Keygen.exe
Click to expand...
If you keep downloading/using cracked programs you'll keep getting reinfected.
If you want to keep your computer clean stop doing that.

Then...
Where did you back your up to?
Did you scan all backed up files with your AV program before putting them back?
 
no i didnt what I did was everything that was in backup I just tranferred it into regular c drive. its possible theres bogus software I didnt have time to check. Guess that was dumb.

The only software I installed are windows player, real my photo software and quick time. all regular software(mine or that came with gateway) I was trying to install another of mine (non bogus for sure) when I got the problems I mentionned.

Ill start deleting files that seems bogus (such as the one we just saw)

Im installing avast next (freeware) cause for some reason it wouldnt accept my code.

doing gmer (basically im redoing the 5 steps mentionned)
 
1. Make sure Windows is up to date, all updates, service packs etc. are isntalled.
2. Install Avast, update it, run full scan. Let me know if anything was found.

Then proceed with 5 steps.
 
here is gmer. I had started it before your reply
updates on the way and avast next

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-10 13:18:22
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD2500JD-22HBB0 rev.08.02D08
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

? rbrdui.sys The system cannot find the file specified. !
init C:\WINDOWS\System32\Drivers\sunkfilt39.sys entry point in "init" section [0xF7757360]

---- EOF - GMER 1.0.15 ----
 
all microsoft updates completed. cleaned the computer of all Icould think might be suspicious especially from backup of yesterday.

avast found nothing.
mbam found nothing
gmer even though disconnected from internet and avast off in the beg. scan if found many avast rootkit files. so not sure if Ishould proceed anyway?
 
gmer even though disconnected from internet and avast off in the beg. scan if found many avast rootkit files. so not sure if Ishould proceed anyway?
Click to expand...
I'm not sure what you're saying.
 
You must log in or register to reply here.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
388
Fastturtle
F
A
Cyber-attack cripples DP World's Australian container logistics, steals data
Replies
2
Views
250
WhoCaresAnymore
WhoCaresAnymore
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
464
eriksnyman1
E

Latest posts

Back