Inactive Can someone help me remove viruses from Windows XP?

Status
Not open for further replies.
HERE YOU GO .

All processes killed
========== OTL ==========
Service NetFxUpdate_v1.1.4322 stopped successfully!
Service NetFxUpdate_v1.1.4322 deleted successfully!
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
Service ACDaemon stopped successfully!
Service ACDaemon deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Starting removal of ActiveX control {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
C:\WINDOWS\Downloaded Program Files\RhapX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SETB3.tmp deleted successfully.
C:\WINDOWS\System32\SETB5.tmp deleted successfully.
C:\WINDOWS\System32\SETC1.tmp deleted successfully.
C:\WINDOWS\002928_.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\1nsO3pTQCOnL moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\xiNN54TR6Jl5 moved successfully.
C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5 moved successfully.
C:\Documents and Settings\All Users\Application Data\VHx0W moved successfully.
C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Wv7V1mEL4UH moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\5lRk1 moved successfully.
C:\Documents and Settings\All Users\Application Data\5lRk1 moved successfully.
C:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4 moved successfully.
C:\Documents and Settings\All Users\Application Data\avG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 20048020 bytes
->Flash cache emptied: 2454 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 52929 bytes

User: INES AURORA BADILLO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 2245903 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 10352 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1008 bytes
->Flash cache emptied: 34977 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7902 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3032974 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: INES AURORA BADILLO

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05142011_111522

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
IM SORRY I COPIED THE WRONG LOG. HERE YOU GO

OTL logfile created on: 5/14/2011 11:24:22 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 7.62 Gb Free Space | 13.64% Space Free | Partition Type: NTFS

Computer Name: ALEJANDRO | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 10:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 10:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 06:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)
SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 06:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 06:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 06:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 06:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 05:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 05:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 05:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/11 12:13:54 | 000,816,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/26 12:16:25 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/26 12:16:24 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/01/15 17:17:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2005/04/24 19:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2005/03/06 17:52:20 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\639599.sys -- (USBCM)
DRV - [2004/11/29 18:51:52 | 000,122,928 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561)
DRV - [2004/08/24 20:19:00 | 001,268,204 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 12:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/02 02:29:00 | 000,151,808 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (nuvvid2)
DRV - [2004/08/02 02:29:00 | 000,027,872 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)
DRV - [2004/04/26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/15 02:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/25 16:54:24 | 000,680,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/24 00:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 21:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/08/08 18:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/07/16 23:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/04/29 05:38:08 | 000,010,940 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/04/23 09:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/02/18 18:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/09/20 11:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/07/21 04:47:28 | 000,175,042 | R--- | M] (Sunplus Technology Co. LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CA506AV.SYS -- (AVC1200)
DRV - [2002/07/21 04:47:28 | 000,014,273 | R--- | M] (Sunplus Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ca506aaf.sys -- (ca506aaf) Adaptec USB Audio Filter Driver (WDM)
DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/11 23:12:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 18:42:55 | 000,000,000 | ---D | M]

[2011/05/09 22:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/04 18:44:00 | 000,000,000 | ---D | M] (Kwanzy) -- C:\Program Files\Mozilla Firefox\extensions\{4E551550-1870-479D-BF66-DF77900E100E}(2)

O1 HOSTS File: ([2011/05/13 19:46:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Amber Migration.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 11:15:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 10:32:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/14 01:19:15 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/13 20:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller
[2011/05/13 20:06:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/13 19:52:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/13 19:39:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/13 18:30:59 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Administrator\Desktop\remover.exe
[2011/05/13 18:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/05/13 18:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/13 02:36:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/13 02:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 02:36:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/13 02:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/13 02:35:32 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/12 17:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/05/12 14:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/05/11 23:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/11 23:12:58 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/11 23:12:58 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/11 23:12:54 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/11 23:12:53 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/11 23:12:53 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/11 23:12:52 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/11 23:12:52 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/11 23:12:50 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/11 23:12:35 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/11 23:12:33 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/11 00:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/11 00:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/11 00:28:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/05/11 00:27:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/05/08 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\GetMiro Toolbar
[2011/05/08 21:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Miro
[2011/05/08 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2011/04/30 03:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 My MP3 3.1
[2011/04/26 23:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/04/26 23:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/04/17 20:21:07 | 000,816,672 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\AE1000XP.sys
[2011/04/17 20:21:07 | 000,226,592 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2011/04/14 22:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2006/08/09 17:10:41 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\639599.sys

========== Files - Modified Within 30 Days ==========

[2011/05/14 11:24:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/14 11:18:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/14 11:17:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/14 10:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/13 20:42:40 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/05/13 19:46:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/13 19:39:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/13 18:59:49 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2011/05/13 18:58:04 | 004,347,800 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/05/13 18:27:30 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bootkit_remover.rar
[2011/05/13 18:23:59 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\7z920.exe
[2011/05/13 18:00:01 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/05/13 17:10:46 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wx3cv4m1.exe
[2011/05/13 03:09:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 02:36:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 02:35:41 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/11 23:12:59 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/11 23:12:53 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/11 23:11:59 | 056,923,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
[2011/05/10 06:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 06:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 06:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 06:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 06:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 06:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 06:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 05:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 05:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 05:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/08 21:22:20 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2011/05/05 23:25:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/26 23:14:52 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/04/17 20:22:48 | 000,433,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/17 20:22:48 | 000,067,858 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\viyinibi
[2011/05/13 20:42:28 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/05/13 18:57:44 | 004,347,800 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/05/13 18:27:27 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bootkit_remover.rar
[2011/05/13 18:23:47 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\7z920.exe
[2011/05/13 17:59:46 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/05/13 16:43:13 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wx3cv4m1.exe
[2011/05/13 02:36:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 23:12:59 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/11 23:11:44 | 056,923,744 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
[2011/05/08 21:22:20 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2011/04/26 23:14:52 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/04/17 20:21:07 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/03/14 18:25:49 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/03/14 18:25:49 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/06/15 14:40:30 | 000,102,364 | ---- | C] () -- C:\WINDOWS\hpqins13.dat.temp
[2010/03/23 17:09:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/14 04:27:30 | 000,003,748 | ---- | C] () -- C:\WINDOWS\System32\jegiwgi.dat
[2010/01/18 23:09:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/15 13:06:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/11/25 21:48:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/07/21 14:58:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/02/15 00:22:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/02/15 00:22:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/02/15 00:22:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/18 15:19:45 | 000,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/12/22 18:26:44 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\za.dat
[2008/07/27 15:59:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2008/07/21 13:27:47 | 000,046,468 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/04/10 13:15:11 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2007/12/25 01:46:05 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2007/11/06 01:19:15 | 000,078,918 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2007/11/06 01:19:14 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2007/11/06 01:18:16 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2007/11/06 01:18:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/04/24 20:21:58 | 000,001,134 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/02/22 22:31:01 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/02/22 22:31:01 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/02/22 22:31:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/02/22 22:29:03 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/02/22 22:29:03 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/10/07 13:26:08 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/09 21:26:58 | 000,008,976 | ---- | C] () -- C:\WINDOWS\deldirs.EXE
[2006/08/09 21:26:58 | 000,000,104 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/09 17:10:44 | 000,053,693 | R--- | C] () -- C:\WINDOWS\639601.sys
[2006/08/09 17:10:42 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2006/04/29 11:36:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2006/04/29 11:20:52 | 000,040,610 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/29 11:20:16 | 000,699,112 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2006/02/22 13:35:13 | 000,000,191 | ---- | C] () -- C:\WINDOWS\hpfaxset.ini
[2006/02/22 13:13:05 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\RunSetup.dll
[2006/01/31 18:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/01/27 11:57:33 | 000,033,533 | ---- | C] () -- C:\WINDOWS\System32\CoreVorbis-uninstall.exe
[2005/10/05 22:08:26 | 000,003,718 | ---- | C] () -- C:\WINDOWS\extend.dat
[2005/06/03 20:27:02 | 000,014,379 | R--- | C] () -- C:\WINDOWS\TW5A.INI
[2005/04/30 06:23:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/04/30 04:04:48 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/04/29 13:27:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/29 13:27:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/29 13:27:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/29 13:27:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/29 13:27:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/29 13:27:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/11/19 07:19:08 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/19 07:09:09 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/19 06:58:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/07 07:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 07:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 07:10:30 | 000,433,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 07:10:30 | 000,067,858 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 07:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 07:02:54 | 000,253,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 06:57:54 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 06:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/25 16:53:04 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/03/16 01:28:00 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
[2004/02/25 20:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/02/19 18:00:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/10/20 09:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/11 23:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/01 21:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2007/04/28 21:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gramerrorstorechic
[2009/02/11 00:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/03/14 18:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/06/28 14:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Move Bash Eq Plan
[2004/11/19 07:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/02/03 18:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/06/22 22:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2011/01/20 00:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2010/02/18 18:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/14 11:24:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
 
Let's reset your MBR...

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y".)

exit

Reboot computer.

Post fresh Bootkit Remover log.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.
 
ok wen i reboot my pc, and i click on the recovery console , it takes me to a black screen that says


NTLDR is compressed,
press Ctrl+ Alt+ Del to restart.


i cant type anithing in that box.
 
If you have Windows XP CD...

  • Insert the Windows XP CD into the CD-ROM drive, then restart your computer.
  • If prompted, click any options that are required to start the computer from the CD-ROM drive.
  • When the Welcome to Setup screen appears, press R to start the Recovery Console.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to.
    • If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press Enter.
  • It will then prompt you for the Administrator's password. If there is no password, simply press enter.
  • You will now be presented with a C:\Windows> prompt

Proceed with fixmbr command.

If you don't have Windows CD...
Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD.
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.


I'll be gone for couple of hours...
 
ok this will take a while to do, because i dont have any cds right now to burn, i might reply in a couple of day ok, i understand that if i take more then 5 days to reply, this post will be closed, i will not take that long, just i need to go to the store, to buy some.
 
hi i finaly got my cds, but my computer its not able to read the blank cds to burn them, can i download Windows Recovery Console and Imgburn on my other desktop, burn them , and then run it on my laptop,(the one were are fixing)?
 
ok what i did now was puting the file of recovery console into a flashdrive, and from another cd burner that i have i burned all the files from recovery console into the cd. wen i open the cd, still on my desktop it shows me alot of files, i hope this works on my laptop, i just want to know if this will work before i do it on my laptop.
 
If you followed my instructions and you burned .iso file using ImgBurn, it should work.
There was just one file rc.iso.
 
ok i tried it but my cd reader is not working, not even to read it , im gonna borrow a external cd drive, and try to run the cd. so i might not reply till tomorow. unless we have other options.
 
alright i finaly got an external cd drive, i runed it, did all the steps, wen im in the recovery console and i type 1 and then fixmbr, it told me:

writing new master boot record on physical drive
\Device\harddisk0\Partition0

the new master boot record has been succesfully written.

i went into my normal mode and still dont work, do we have more steps to do?
 
YEA I TRIED TO RUN IT, BUT A BLACK SCREEN DIDNT POPED OUT, BUT I FOUND THIS, ON ANOTHER BLACK SCREEN THAT WAS ON A FILE CALLED BOOTKIT_REMOVER ON MY DESKTOP


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Yea i did but still not good, it freezes, im starting to think that probably is a registri erros, i ordered the recovery discs from hp, and im gonna run them, and do a full recovery and re install windows, hopefully that will fix it.
 
By the way i really apreciate, all the efort you putted in my situation, by the way i should of told you this is probably is too late, but, before i asked for help , i runed hijack this, and deleted some files, and right after that my normal mode, stoped working , so tecnicly i deleted some important files that screwed my normal mode. Thanks again, i really apreciate all the help you putted in my situation.
 
Status
Not open for further replies.

Similar threads

AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
276
Nelson28
N
S
Dell Latitude E5470 Video Issues
Replies
1
Views
695
Mark Fuller
M
Dood123
Help login in Instagram account, says use 2FA code but have not set up 2FA for insta
Replies
0
Views
708
Dood123
Dood123

Latest posts

Back