also @ TechSpot: 'Supercapacitor' could fully charge your phone in less than 30 seconds

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Infected by rootkit zeroaccess

Discussion in 'Virus and Malware Removal' started by nbabe, Apr 7, 2012.

Post New Reply

Page 3 of 6

Broni Malware Annihilator Posts: 39,288 +175

You're able to run TDSSKiller from normal mode somehow.
Also when your internet connection came back you said:

google page came up

Came up where?

Broni, Apr 8, 2012

#41
nbabe TechSpot Member Posts: 58
Nope Tdssiller was run in safe mode like all the other software.

This morning I double checked what I could use now in normal mode.
Internet works, my burning sofware nero, microsoft word, excel, powerpoint documents and still mbam (since now it would update I updated it but did not run it). I just opened them did not use them..

NOthing from pdf, not my plan software (home plans nor can I open just the plans or any pdf documents) ai, and lots of other software such as mgi (photo edition software), winxp manager, or any antivirus (rkiller, tdsskiller, combo fix) real player windows player, aesoft dvd creator, tried 2 games etc.

Basically I went to see (example my home plans program) if it was still in programs and it was. I tried to click on the exe there to open it (in case it would have been the icon on my desktop that would be corrupted ....and it still gave me that error message I told u about 2-3 days ago.

Then in safe mode I didnt try all but I could open pdf files and other softwares of which im block in normal mode.

I attached the error message I keep getting. Hope this helps to understand the problem.

Any ideas?
Attached Files:
- error message.doc
  
  File size:
  
  143.5 KB
  
  Views:
  
  1
nbabe, Apr 9, 2012

#42
Broni Malware Annihilator Posts: 39,288 +175

OK. Create new profile with administrator rights, login to it and see if you have same problem there.

Broni, Apr 9, 2012

#43
nbabe TechSpot Member Posts: 58

I created in normal mode another log on with admin. when it opened Ireceved this error message.

Then I tried 2 sofwares I know i couldnt open and received the same error message that Icant access it. BTW im still using the laptop internets connections since I still hve problems with the other computer(just letting u know why im slow sometimes to reply)

ok heres the message
wouldnt save too big a file moret hen 200kb

nbabe, Apr 9, 2012

#44
Broni Malware Annihilator Posts: 39,288 +175

Can you re-run Combofix from normal mode?

Broni, Apr 9, 2012

#45

nbabe TechSpot Member Posts: 58

no and tried mine and new log and changed the name of combo fix

nbabe, Apr 9, 2012

#46

Broni Malware Annihilator Posts: 39,288 +175

What happens when you try to run it?

Broni, Apr 9, 2012

#47
nbabe TechSpot Member Posts: 58

I get the eternal message I attached this morning.

windows cannot access the specified deveice path or file. you may not have the appropriate permission to access the item

nbabe, Apr 9, 2012

#48
Broni Malware Annihilator Posts: 39,288 +175

Do you have Windows XP CD?

Broni, Apr 9, 2012

#49
nbabe TechSpot Member Posts: 58

this is a gateway computer. I have gateway cds but they dont givea separate cd for xp...its intalled with everything whne you load gateway

nbabe, Apr 9, 2012

#50
Broni Malware Annihilator Posts: 39,288 +175
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.
Broni, Apr 9, 2012

#51
nbabe TechSpot Member Posts: 58

didnt work in normal mode burned it in safe mode

nbabe, Apr 9, 2012

#52
nbabe TechSpot Member Posts: 58

internet works properly with this :
so here s the log

OTL logfile created on: 4/9/2012 2:56:29 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 32.89 Gb Free Space | 14.12% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (WLSetupSvc)
SRV - File not found [Auto] -- -- (atkkeyboardservice)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/06 20:27:15 | 000,090,952 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/10/28 21:18:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Documents and Settings\Owner\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu) [Auto] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu) [Auto] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Avast4 antivirus\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Avast4 antivirus\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Avast4 antivirus\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Avast4 antivirus\aswUpdSv.exe -- (aswUpdSv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/05 08:28:06 | 000,024,656 | ---- | M] (Tall Emu) [Kernel | System] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/12/05 08:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/12/05 08:27:52 | 000,223,312 | ---- | M] (Tall Emu) [File_System | System] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2004/08/26 23:12:34 | 002,241,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/18 01:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/18 01:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/18 01:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/06/16 15:14:00 | 000,180,480 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/03/18 01:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2001/08/17 14:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.NP_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
IE - HKU\Administrator.NP_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Berny_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Berny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481032
IE - HKU\Berny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Eliz_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us
IE - HKU\Eliz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\nad_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
IE - HKU\nad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP:

O1 HOSTS File: ([2012/04/07 19:01:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Administrator.NP_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Eliz_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Eliz_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Eliz_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\nad_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\Owner_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator.NP_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator.NP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator.NP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator.NP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Berny_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Berny_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Eliz_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Eliz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\nad_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\nad_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/MeetUploader_200909.cab (MeetUploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 21:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 13:32:43 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
[2012/04/09 12:32:08 | 004,452,637 | ---- | C] (Swearware) -- C:\Documents and Settings\nad\Desktop\asw.exe
[2012/04/09 12:27:23 | 004,452,637 | ---- | C] (Swearware) -- C:\Documents and Settings\Eliz\Desktop\asw.exe
[2012/04/09 12:01:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nad\Cookies
[2012/04/09 12:00:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\nad\Application Data\Microsoft
[2012/04/09 12:00:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nad\Application Data
[2012/04/09 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\My Documents\My Pictures
[2012/04/09 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\My Documents\My Music
[2012/04/09 12:00:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\Favorites
[2012/04/09 12:00:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nad\IETldCache
[2012/04/09 12:00:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nad\Local Settings
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Local Settings\Application Data\Microsoft Help
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Local Settings\Application Data\Microsoft
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Application Data\Macromedia
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Application Data\Identities
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Desktop
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\My Documents\CyberLink
[2012/04/09 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nad\Application Data\CyberLink
[2012/04/09 12:00:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nad\SendTo
[2012/04/09 12:00:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nad\Recent
[2012/04/09 12:00:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\Start Menu\Programs\Startup
[2012/04/09 12:00:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\Start Menu
[2012/04/09 12:00:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\My Documents
[2012/04/09 12:00:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nad\Start Menu\Programs\Accessories
[2012/04/09 12:00:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nad\Templates
[2012/04/09 12:00:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nad\PrintHood
[2012/04/09 12:00:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\nad\NetHood
[2012/04/08 22:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2012/04/08 16:36:02 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe
[2012/04/08 16:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Junction
[2012/04/08 16:11:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2012/04/08 16:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Winsock
[2012/04/07 19:58:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/07 19:39:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2012/04/07 19:07:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/07 18:33:00 | 004,452,637 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/04/07 18:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\bootkit_remover
[2012/04/07 09:10:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 09:10:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 09:10:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 09:10:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 09:10:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/07 09:10:09 | 000,000,000 | ---D | C] -- C:\b
[2012/04/07 09:10:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/06 20:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/04/06 20:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/04/06 20:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/04/06 20:26:45 | 007,156,360 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.NP\Desktop\HitmanPro36.exe
[2012/04/06 20:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\My Documents\Simply Super Software
[2012/04/06 20:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2012/04/06 20:23:43 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\ztv7z.dll
[2012/04/06 20:23:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2012/04/06 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012/04/06 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2012/04/06 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Simply Super Software
[2012/04/06 20:22:11 | 012,150,424 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Administrator.NP\Desktop\trjsetup683.exe
[2012/04/06 10:56:24 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/04/06 09:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\burning and dvd software
[2012/04/06 09:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\games
[2012/04/06 09:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\antivirus 3 steps
[2012/04/05 18:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2012/04/05 18:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\SUPERAntiSpyware
[2012/04/05 18:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/05 18:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/05 18:15:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/05 16:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/04/05 13:32:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.NP\PrivacIE
[2012/04/05 13:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Malwarebytes
[2012/04/05 13:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Local Settings\Application Data\Adobe
[2012/04/05 13:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Adobe
[2012/04/05 13:14:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Microsoft
[2012/04/05 13:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.NP\SendTo
[2012/04/05 13:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.NP\Recent
[2012/04/05 13:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.NP\Application Data
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Startup
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\Start Menu
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\My Documents\My Pictures
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\My Documents\My Music
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\My Documents
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\Favorites
[2012/04/05 13:14:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Accessories
[2012/04/05 13:14:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.NP\IETldCache
[2012/04/05 13:14:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.NP\Cookies
[2012/04/05 13:14:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.NP\Templates
[2012/04/05 13:14:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.NP\PrintHood
[2012/04/05 13:14:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.NP\NetHood
[2012/04/05 13:14:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.NP\Local Settings
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Local Settings\Application Data\Microsoft Help
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Local Settings\Application Data\Microsoft
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Macromedia
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\Identities
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Desktop
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\My Documents\CyberLink
[2012/04/05 13:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.NP\Application Data\CyberLink
[2012/03/27 08:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\spintopgames
[2012/03/18 18:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Jewel Quest Solitaire III
[2012/03/18 18:05:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/03/15 19:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\stpatricks
[2012/03/10 16:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Ashampoo
[2012/03/10 16:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo Burning Studio 2012
[2012/03/10 15:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

nbabe, Apr 9, 2012

#53
nbabe TechSpot Member Posts: 58

========== Files - Modified Within 30 Days ==========

[2012/04/09 13:42:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 13:30:56 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\OTLPENet.exe
[2012/04/09 12:08:31 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\nad\Desktop\My Computer.lnk
[2012/04/09 12:01:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\nad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/09 10:14:23 | 000,002,172 | ---- | M] () -- C:\WINDOWS\citation.ini
[2012/04/09 10:14:16 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003 (2).lnk
[2012/04/08 22:03:10 | 002,053,661 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/04/08 16:42:24 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inherit.exe
[2012/04/08 10:41:19 | 000,000,251 | RHS- | M] () -- C:\boot.ini
[2012/04/08 10:13:38 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FSS.exe
[2012/04/07 19:01:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/07 18:29:42 | 004,452,637 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/04/07 18:29:42 | 004,452,637 | ---- | M] (Swearware) -- C:\Documents and Settings\nad\Desktop\asw.exe
[2012/04/07 18:29:42 | 004,452,637 | ---- | M] (Swearware) -- C:\Documents and Settings\Eliz\Desktop\asw.exe
[2012/04/07 18:19:15 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to KINGSTON (J).lnk
[2012/04/07 18:18:10 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
[2012/04/07 18:17:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/04/07 15:28:34 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lqty1ez3.exe
[2012/04/06 20:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/04/06 20:26:34 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\Shortcut to KINGSTON (J).lnk
[2012/04/06 20:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2012/04/06 20:21:24 | 012,150,424 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Administrator.NP\Desktop\trjsetup683.exe
[2012/04/06 19:52:26 | 003,596,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/06 17:42:04 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\CKScanner.exe
[2012/04/05 16:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/04/05 13:42:02 | 007,156,360 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Administrator.NP\Desktop\HitmanPro36.exe
[2012/04/05 13:31:53 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\Shortcut to Internet.lnk
[2012/04/05 13:24:20 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\WiNlOgOn.exe
[2012/04/05 13:17:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.NP\Desktop\My Computer.lnk
[2012/04/04 18:44:07 | 000,000,526 | ---- | M] () -- C:\hpfr3320.xml
[2012/03/19 16:21:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/17 10:39:43 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/14 22:46:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 13:08:38 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/11 09:05:24 | 000,438,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 09:05:24 | 000,070,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 12:08:31 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\nad\Desktop\My Computer.lnk
[2012/04/09 12:01:15 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\nad\Start Menu\Programs\Internet Explorer.lnk
[2012/04/09 12:00:18 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\nad\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/04/09 12:00:18 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\nad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/09 12:00:18 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\nad\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/09 12:00:16 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\nad\Start Menu\Programs\Remote Assistance.lnk
[2012/04/09 12:00:16 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\nad\Start Menu\Programs\Outlook Express.lnk
[2012/04/08 22:04:16 | 002,053,661 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/04/08 16:43:01 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inherit.exe
[2012/04/08 10:26:24 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FSS.exe
[2012/04/07 18:19:26 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.zip
[2012/04/07 18:19:15 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to KINGSTON (J).lnk
[2012/04/07 18:17:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/04/07 15:43:51 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lqty1ez3.exe
[2012/04/07 09:10:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 09:10:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 09:10:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 09:10:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 09:10:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/06 20:26:34 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\Shortcut to KINGSTON (J).lnk
[2012/04/06 20:23:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2012/04/06 20:23:43 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2012/04/06 20:23:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2012/04/06 20:23:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2012/04/06 20:23:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2012/04/06 20:22:06 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\WiNlOgOn.exe
[2012/04/06 19:53:37 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\CKScanner.exe
[2012/04/05 13:31:53 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\Shortcut to Internet.lnk
[2012/04/05 13:17:12 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Desktop\My Computer.lnk
[2012/04/05 13:14:53 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/04/05 13:14:53 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/05 13:14:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/05 13:14:51 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Internet Explorer.lnk
[2012/04/05 13:14:51 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Outlook Express.lnk
[2012/04/05 13:14:50 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.NP\Start Menu\Programs\Remote Assistance.lnk
[2012/03/11 13:08:38 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/02/15 06:46:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 19:06:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/11/05 18:12:04 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/08 12:09:15 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2010/10/06 18:48:33 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{42AFC48C-AA90-32D1-7D57-0000779C6322}
[2010/08/31 15:32:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2010/07/06 15:17:56 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Owner\choix
[2010/07/01 17:09:26 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Owner\logie
[2010/07/01 17:09:17 | 000,000,451 | ---- | C] () -- C:\Documents and Settings\Owner\scriptjava.html
[2010/07/01 17:09:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\tmp1.3
[2010/06/12 19:53:35 | 000,033,960 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\slot1.mm1
[2010/06/12 15:23:16 | 000,000,052 | ---- | C] () -- C:\WINDOWS\STYLEEASEAPA.INI
[2010/06/12 14:16:32 | 000,002,172 | ---- | C] () -- C:\WINDOWS\citation.ini
[2010/06/02 15:33:05 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2010/04/16 20:08:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/15 19:15:08 | 000,001,612 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\8MuP2
[2010/04/15 19:15:08 | 000,001,612 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8MuP2
[2010/04/10 11:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2010/04/10 11:37:54 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/10 11:37:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/08 19:38:05 | 000,000,065 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2010/04/08 17:44:10 | 000,008,192 | -HS- | C] () -- C:\WINDOWS\o2cLicStore.bin
[2010/01/09 16:55:46 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DIGIMA~1.INI
[2009/11/06 18:18:29 | 000,000,172 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/07/18 15:32:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/06/17 11:54:04 | 000,224,696 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_engine.dll
[2009/05/10 21:30:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/01/16 17:11:30 | 000,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2008/11/28 12:03:45 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2008/11/26 15:40:09 | 000,000,134 | ---- | C] () -- C:\WINDOWS\Antidote.ini
[2008/11/19 19:06:48 | 000,016,384 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2008/11/13 19:50:41 | 000,000,030 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/11/13 18:12:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\settings.ini
[2008/09/21 13:51:16 | 000,072,701 | ---- | C] () -- C:\Program Files\setup.cfg
[2008/09/21 13:51:16 | 000,046,592 | ---- | C] () -- C:\Program Files\KeyGen.exe
[2008/09/15 09:47:05 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2008/07/26 13:29:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2008/07/26 13:29:44 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2008/07/26 13:29:44 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2008/07/26 13:29:43 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2008/07/26 13:29:29 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2008/05/31 20:39:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/05/28 19:41:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/28 19:41:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/04 19:34:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/03/04 18:24:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/04 18:23:12 | 000,156,160 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 17:51:54 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2008/03/04 17:46:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/04 17:46:03 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/03/04 17:46:03 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/03/04 17:45:59 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/03/04 17:45:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/03/04 17:45:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/03/04 17:45:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/03/04 17:45:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/03/04 17:44:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/03/04 17:43:21 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/03/04 16:49:17 | 000,001,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 16:11:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/08/09 14:59:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\myodbc3i.exe
[2007/08/09 14:59:54 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\myodbc3m.exe
[2004/10/14 03:13:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/14 03:13:11 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2004/10/14 03:12:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/10/14 03:12:34 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/14 03:12:28 | 000,518,520 | ---- | C] () -- C:\WINDOWS\vidres.exe
[2004/08/27 13:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 12:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 21:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 21:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 19:12:43 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 19:12:43 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/26 19:12:10 | 000,438,208 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 19:12:10 | 000,070,138 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 13:54:56 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 13:54:01 | 003,596,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/24 11:05:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\NS_ProWrite_RTF.dll
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/20 16:13:44 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2001/10/28 02:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[1997/08/28 11:53:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\mapirtf.dll

========== LOP Check ==========

[2012/04/06 20:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.NP\Application Data\Simply Super Software
[2012/01/16 16:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\Babylon
[2010/09/06 19:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\ESET
[2008/08/04 13:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\MGI
[2009/12/26 10:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\OnlineArmor
[2012/03/10 14:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\PriceGong
[2012/01/03 10:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berny\Application Data\Rovio
[2009/01/02 17:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\Cat's Eye Games
[2008/12/09 23:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\Flood Light Games
[2008/11/13 20:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\FloodLightGames
[2009/06/21 09:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\Games
[2008/12/30 11:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\iWin
[2009/12/26 23:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\OnlineArmor
[2008/12/19 16:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eliz\Application Data\SerpentOfIsis
[2011/10/07 20:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3 Days Zoo Mystery
[2012/02/17 18:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aiseesoft Studio
[2011/06/12 10:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/02/24 23:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2012/03/10 15:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
[2012/01/22 17:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Awem
[2011/01/23 20:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azuaz Games
[2012/01/15 15:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2010/11/11 20:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish
[2011/03/26 21:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2010/02/25 11:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2010/12/31 20:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2011/12/27 15:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brabl
[2011/05/28 20:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BrandX Games
[2011/10/29 18:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\casualArts
[2009/01/02 10:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cat's Eye Games
[2009/05/23 23:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus.media
[2009/12/15 20:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dragon Altar Games
[2011/11/26 20:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dream Farm Games
[2008/03/07 19:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Druide
[2009/12/15 17:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EditPlus 3
[2012/03/06 18:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus
[2011/07/02 21:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2012/01/14 20:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS Game Studios
[2010/09/06 19:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ESET
[2010/02/25 10:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fabulous Finds
[2010/12/14 19:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FairyTale
[2010/02/01 20:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2010/09/04 18:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Floodlight Games
[2008/11/13 19:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FloodLightGames
[2010/09/08 20:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreezeTag
[2008/03/04 18:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fretsonfire
[2010/06/12 19:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2009/05/06 21:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
[2009/04/05 19:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2011/12/05 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2009/07/18 15:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GamesCafe
[2010/09/04 18:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/08/28 16:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
[2011/12/27 13:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gogii
[2009/01/12 22:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gogii Games
[2010/11/22 20:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games
[2009/07/18 21:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IOMediaSupport6SZZ001s
[2010/06/27 20:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2009/05/30 13:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ITTNord
[2012/03/16 20:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2010/11/01 20:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jetsetter
[2009/08/10 20:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JoyBits
[2010/08/21 19:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2009/01/25 11:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2009/01/17 18:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Academy
[2011/05/16 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2011/08/09 19:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2010/12/05 21:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2008/07/26 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MGI
[2008/05/04 17:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2010/10/06 19:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mojosoft
[2012/01/27 16:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MumboJumbo
[2010/01/12 22:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mushroom Age
[2012/01/03 17:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mystery of Mortlake Mansion
[2009/01/24 21:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mysteryville2
[2009/12/25 17:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OnlineArmor
[2011/06/12 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/01 18:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\panoramik
[2012/01/18 08:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFavoriteGames
[2012/01/08 22:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2010/12/26 18:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2009/07/24 21:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2010/10/30 21:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2011/10/30 17:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Rovio
[2008/12/19 13:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2010/02/25 11:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shape games
[2011/08/23 22:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skip-Bo
[2010/10/07 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2012/02/19 21:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Software Informer
[2011/01/09 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Specialbit
[2009/07/18 21:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spinapse
[2010/02/25 11:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2010/05/24 19:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games
[2010/12/07 21:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillRichiEng
[2009/06/27 17:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SultanofPersia
[2012/02/08 20:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SulusGames
[2009/07/21 20:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Players
[2009/07/18 21:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Prefs
[2011/12/17 16:02:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Application Data\sys32w
[2011/06/04 20:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TitanicMystery
[2011/08/18 21:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Total Eclipse
[2010/11/13 22:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ubisoft
[2012/04/02 17:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/02/25 11:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\V-Games
[2011/05/20 23:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VampireSaga
[2011/08/12 06:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Prophecy
[2010/12/14 19:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vogat Interactive
[2011/11/23 19:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WhiteSmoke
[2010/04/11 15:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Live Writer
[2010/01/16 21:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\World-LooM
[2011/05/12 18:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aB01803IkKlN01803
[2010/02/24 23:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/02/16 21:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2012/03/09 20:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/04/15 21:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2012/01/16 16:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/07/25 16:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/02/25 11:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2011/04/29 07:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bNl01804gLpOg01804
[2011/12/26 20:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2009/04/05 19:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/12/26 18:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2010/01/30 21:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/09/04 18:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2008/11/13 19:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2011/05/14 15:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friday's games
[2010/02/25 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTantra
[2010/12/27 13:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/01/12 22:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2010/11/22 20:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
[2009/06/22 18:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2012/04/08 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/06/12 19:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2010/06/02 19:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/02/18 18:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/02/05 18:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/02 17:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2009/01/25 11:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/12/05 21:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2011/12/29 13:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/05/30 13:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2009/01/05 22:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/02/25 11:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2011/04/03 00:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nKoIcOl01803
[2010/03/17 20:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/08/28 16:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2008/09/21 14:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/01/08 22:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/01/07 12:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2011/07/01 22:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/12/26 17:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
[2010/02/01 20:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2010/11/18 23:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/02 22:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio
[2009/01/25 11:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/11/18 21:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2012/04/06 20:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/07/18 21:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2012/03/05 18:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/02/08 20:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2009/07/24 21:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2008/09/15 09:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/24 19:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildWestQuest2
[2009/12/09 20:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========

< End of report >

nbabe, Apr 9, 2012

#54

Broni Malware Annihilator Posts: 39,288 +175

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Administrator.NP_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Berny_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Eliz_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Eliz_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\nad_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
[2012/04/06 20:22:11 | 012,150,424 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Administrator.NP\Desktop\trjsetup683.exe


:Services

:Reg

:Files
C:\Program Files\Trojan Remover

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Remove the CD and shut down computer manually.
Attempt to reboot normally into Windows.

Broni, Apr 9, 2012

#55

nbabe TechSpot Member Posts: 58

the computer did not reboot after the fix was run it gave me the log directly right now rebooting in normal without cd
here is:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\Administrator.NP_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Berny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Berny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{124D001A-BDCB-472F-AA59-BBE7E4BC3204} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}\ not found.
Registry value HKEY_USERS\Berny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Berny_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\Eliz_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Eliz_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\nad_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner deleted successfully.
C:\Program Files\Trojan Remover\Trjscan.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\Administrator.NP_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\Berny_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\Eliz_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\nad_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Administrator.NP_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Berny_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Eliz_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\nad_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Documents and Settings\Administrator.NP\Desktop\trjsetup683.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Trojan Remover folder moved successfully.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 04092012_153042

didnt do this .....Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick) because it gave the log right off...dd I made a mistake

boot in normal mode. still no access received the same error message argggggg

nbabe, Apr 9, 2012

#56
Broni Malware Annihilator Posts: 39,288 +175

At this point I don't see anything malicious anymore.
I believe your Windows installation got corrupted by the infection.

I have no choice but to suggest backing up your data and reinstalling Windows.

Broni, Apr 9, 2012

#57
nbabe TechSpot Member Posts: 58

how would I resinstall windows? with the gateway cds? wont it erase all softwares and such? and why do I have access in safe mode but not in normal mode?

nbabe, Apr 9, 2012

#58
Broni Malware Annihilator Posts: 39,288 +175

You have to backup your data first.
Then you boot from Gateway CD and follow on screen instructions.

Broni, Apr 9, 2012

#59
nbabe TechSpot Member Posts: 58

so i wipe all the drive after I copy what I can (not much access)into my laptop...

if thats so i might need help never reformated before not sure what I would do. men that sucks

nbabe, Apr 9, 2012

#60

Page 3 of 6

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.