:OTL
DRV - [2010/12/30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
FF - prefs.js..extensions.enabledItems: {F78C6C5C-17E1-45A7-ACB0-F6760731BC67}:1.9.1
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67} [2010/10/10 13:49:12 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Ckuxicu] rundll32.exe "C:\WINDOWS\eqekekibehav.dll",Startup File not found
O4 - HKCU..\Run: [Ctefu] rundll32.exe "C:\WINDOWS\wderms.dll",Startup File not found
O36 - AppCertDlls: dmreedit - (C:\WINDOWS\system32\javaay32.dll) - File not found
O37 - HKCU\...exe [@ = 7YH] -- "C:\Documents and Settings\Administrator\Local Settings\Application Data\nxf.exe" -a "%1" %*
[2011/12/23 00:21:08 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4
[2011/12/23 00:21:07 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]