Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MS Removal Tools. Need additional help b/c cannot run any .exe


  • This topic is locked This topic is locked

#1
kalvin369

kalvin369

    Member

  • Member
  • PipPip
  • 18 posts
A friend asked me to help clean up some Malware from her laptop. I usually do not have much difficulty with these issues but MS Removal Tools is giving me some difficulty.

I have followed steps in multiple other threads but, as indicated in the title, the program does not allow any .exe programs to run. I attempted to rename mbam setup to explorer.exe and winlogon.exe. This does not help. I actually tried putting explorer.exe in the startup folder and restarting. This did not work and caused momentary panic as it seemed to continually crash the computer (I booted to my XP disk and discovered that the computer was not registering in hard drives...). I restarted a couple more times and, suddenly, the computer booted properly.

In brief:

Problem - my pretty Thai friend's laptop has MS Removal Tools Malware.
Problem - the other threads are not working b/c the malware is blocking all executables.
Problem - the computer will not boot into safe mode. I get that "multi (0) partition (1)..." craziness and then the computer hangs / reboots.
Problem - Often, her computer will log in and only display her wallpaper. No desktop icons at all.
Problem - When I try to repair (or reinstall) XP, the set up tells me no hard disks found. But I can execute a hard drive self test in the Bios..?

Questions:
1. How do I get executables to run?
2. What's wrong with Safe Mode?
3. Why won't the set up program see my hard drive?

Specs:
Compaq Presario
Win XP
1.8 gig processor
2 gigs RAM

Tools:
Functioning laptop
Internet connection
Flash drive

Thanks in advance for any and all advice.

Eric
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets try this little combination - if need be they can be run from a USB drive, we will repair all the other problems when the malware is dead :)

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THENDownload OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
kalvin369

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I downloaded RogueKiller and stuck it on my flash drive. Loaded it onto the infected computer's desktop and tried to run. No luck. I tried to run directly from the usb drive. I tried opening the folder -> double clicking RogueKiller and by right-clicking "Run as..."(she does not have a separate administrator account so I just ran it as her). Neither option loaded the program. A warning bubble would appear from systray stating that the file has been infected.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try to run OTL please as that is a .com file as opposed to a .exe file

Also did you rename REogueKiller to winlogon ?
  • 0

#5
kalvin369

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I also tried creating a batch file ("start regedit.exe" as a test) and transferring it to the non-infected computer. The malware would not allow a batch file to be run either.
  • 0

#6
kalvin369

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Just saw your post - will try those steps now.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Change the extension on OTL to .scr so it becomes OTL.SCR this is a screensaver function so it should pass - If not do you have a cd that we could use to burn ?
  • 0

#8
kalvin369

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The .scr was not able to run from usb drive or from desktop. Same with roguekiller -> winlogon.

Yes, I have a cd we can use.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this programme should allow internet access from the infected computer

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB


  • Download the attached scan.txt to a USB drive [attachment=50071:scan.txt]
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#10
kalvin369

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for your help. I will follow these steps and let you know results upon completion. Cheers.
  • 0

Advertisements


#11
kalvin369

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Scan complete:

OTL logfile created on: 5/15/2011 1:25:09 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041E | Country: Thailand | Language: THA | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 9.56 Gb Free Space | 32.63% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 24.16 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive E: | 61.15 Gb Total Space | 34.75 Gb Free Space | 56.83% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 4.72 Gb Free Space | 61.18% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2010/10/11 02:40:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/13 02:42:06 | 000,181,312 | ---- | M] () [Auto] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 10:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 10:23:36 | 000,727,720 | ---- | M] (ESET) [Auto] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/03/15 16:51:21 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/02/28 08:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/16 12:27:17] [Kernel | Auto] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/02/10 13:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/02/06 10:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/02/06 10:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 10:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/17 08:00:00 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\iastor78.sys -- (iastor78)
DRV - [2008/04/29 04:00:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/12 21:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2008/03/05 02:03:38 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2007/12/18 01:18:10 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 04:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 04:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 04:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/17 03:46:00 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/17 03:45:42 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/17 03:45:36 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/07/19 07:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/05/10 11:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Luktarn_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
IE - HKU\Luktarn_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Luktarn_ON_C\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
IE - HKU\Luktarn_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Luktarn_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "http://search.icq.co...b_ver=1.1.9&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 23:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 23:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/16 05:20:41 | 000,000,000 | ---D | M]

[2010/03/15 19:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Extensions
[2011/05/12 12:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions
[2011/03/10 11:53:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/10/22 03:37:12 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2010/12/13 22:23:34 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/04/21 01:06:24 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\conduit.xml
[2011/05/08 13:20:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-1.xml
[2011/03/23 12:32:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-2.xml
[2011/04/30 23:00:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-3.xml
[2011/02/20 00:21:20 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.gif
[2011/02/20 00:21:20 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.src
[2011/03/05 10:13:28 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.xml
[2011/05/12 12:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 19:23:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\LUKTARN\APPLICATION DATA\MOVE NETWORKS
[2010/03/20 21:50:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

Hosts file not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKU\Luktarn_ON_C\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\.DEFAULT..\Run: [Yahoo! Pager] File not found
O4 - HKU\Administrator_ON_C..\Run: [Yahoo! Pager] File not found
O4 - HKU\Guest_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Guest_ON_C..\Run: [Yahoo! Pager] File not found
O4 - HKU\Luktarn_ON_C..\Run: [AdVantage] C:\Documents and Settings\Luktarn\Application Data\advantage\AdVantage.exe ()
O4 - HKU\Luktarn_ON_C..\Run: [R8388QA8U8] C:\Documents and Settings\Luktarn\Local Settings\Temp\Cjo.exe (Simon Tatham)
O4 - HKU\Luktarn_ON_C..\Run: [tun70uidop.exe] C:\Documents and Settings\Luktarn\Application Data\28EBD6823E002FAF21D67D2BD7C3E97F\tun70uidop.exe ()
O4 - HKU\Luktarn_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\NetworkService_ON_C..\Run: [Yahoo! Pager] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\RunOnce: [nltide_2] File not found
O4 - HKU\Luktarn_ON_C..\RunOnce: [pF28601MaDdD28601] C:\Documents and Settings\All Users\Application Data\pF28601MaDdD28601\pF28601MaDdD28601.exe ()
O4 - HKU\NetworkService_ON_C..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ahdv.exe.lnk = C:\AHDV\ahdv.exe (PuySoft)
O4 - Startup: C:\Documents and Settings\Luktarn\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/15 16:44:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - File not found
MsConfig - StartUpReg: Device Detector - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E91B4691-FD1B-2DC8-EED6-2F555878A225} - Outlook Express
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 01:11:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Luktarn\Recent
[2011/05/15 00:40:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.cpl
[2011/05/14 21:56:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\Desktop\explorer.exe
[2011/05/14 06:40:36 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\My Documents\explorer.exe
[2011/05/13 01:09:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2011/05/13 01:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/13 00:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/13 00:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/13 00:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Application Data\advantage
[2011/05/13 00:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pF28601MaDdD28601
[2011/05/13 00:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Application Data\28EBD6823E002FAF21D67D2BD7C3E97F
[2011/05/13 00:09:37 | 000,139,776 | ---- | C] (Simon Tatham) -- C:\WINDOWS\Clojua.exe
[2011/05/12 11:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\elton john
[2011/05/07 11:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\New Folder
[2011/05/06 13:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\BB
[2011/04/25 14:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\SONGS
[2011/04/24 14:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/24 14:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/24 14:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/20 21:47:52 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\xpiinstall.exe
[2010/03/15 17:14:24 | 000,145,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\system32\config\systemprofile\ose00000.exe
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/15 01:12:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 01:12:56 | 000,000,020 | ---- | M] () -- C:\sccfg.sys
[2011/05/15 01:12:48 | 000,000,358 | -HS- | M] () -- C:\WINDOWS\tasks\RROPWOEANJ.job
[2011/05/15 01:12:48 | 000,000,346 | -HS- | M] () -- C:\WINDOWS\tasks\TPSNPZFFO.job
[2011/05/15 01:00:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 00:59:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/15 00:59:42 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 00:59:42 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/15 00:59:42 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/15 00:59:26 | 000,012,464 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/15 00:59:25 | 000,012,464 | -HS- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/15 00:47:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004UA.job
[2011/05/15 00:47:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004Core.job
[2011/05/15 00:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.cpl
[2011/05/15 00:26:24 | 000,000,021 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\roge.bat
[2011/05/15 00:25:14 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\reg.bat
[2011/05/15 00:18:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\{6522BB34-DA45-421E-9C43-1D1AAEE7DC31}
[2011/05/15 00:13:40 | 000,465,920 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\winlogon.cpl
[2011/05/14 22:36:40 | 000,444,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/14 22:36:40 | 000,072,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/14 21:42:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\{2A5A0C48-748A-4E5F-94A8-609434611A8F}
[2011/05/14 06:57:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\{9F13C51B-AB78-4104-A8D3-28950FC7DEC0}
[2011/05/14 06:43:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\{5BA4869D-EB22-46F5-9CE5-C35B7CB4AC79}
[2011/05/14 06:39:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/14 06:35:57 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/13 01:09:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 01:08:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\NetworkService\2gweorjqjutp92vjy9gake
[2011/05/13 00:22:55 | 000,228,040 | -HS- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe
[2011/05/13 00:14:51 | 000,001,152 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2011/05/13 00:09:30 | 000,139,776 | ---- | M] (Simon Tatham) -- C:\WINDOWS\Clojua.exe
[2011/05/13 00:09:28 | 000,143,360 | RHS- | M] () -- C:\WINDOWS\System32\bios1I.dll
[2011/05/12 15:01:18 | 001,062,514 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/12 12:57:44 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 04:47:00 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Luktarn.job
[2011/05/11 01:18:01 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/11 00:29:20 | 001,343,569 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 01:02:50 | 000,138,302 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/06 14:46:00 | 000,543,620 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/06 14:45:28 | 002,686,543 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/06 14:30:50 | 000,161,451 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 00:38:36 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/27 00:38:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/24 14:49:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/04/24 14:49:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/24 14:46:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/24 14:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/15 00:30:16 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\reg.bat
[2011/05/15 00:30:12 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\roge.bat
[2011/05/15 00:18:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\{6522BB34-DA45-421E-9C43-1D1AAEE7DC31}
[2011/05/14 21:47:46 | 000,465,920 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\winlogon.cpl
[2011/05/14 21:42:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\{2A5A0C48-748A-4E5F-94A8-609434611A8F}
[2011/05/14 06:57:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\{9F13C51B-AB78-4104-A8D3-28950FC7DEC0}
[2011/05/14 06:43:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\{5BA4869D-EB22-46F5-9CE5-C35B7CB4AC79}
[2011/05/13 01:08:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\NetworkService\2gweorjqjutp92vjy9gake
[2011/05/13 00:54:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 00:22:56 | 000,012,464 | -HS- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/13 00:22:56 | 000,012,464 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/13 00:22:55 | 000,228,040 | -HS- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe
[2011/05/13 00:14:51 | 000,001,152 | ---- | C] () -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2011/05/13 00:09:40 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/13 00:09:33 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/13 00:09:28 | 000,143,360 | RHS- | C] () -- C:\WINDOWS\System32\bios1I.dll
[2011/05/13 00:09:28 | 000,000,358 | -HS- | C] () -- C:\WINDOWS\tasks\RROPWOEANJ.job
[2011/05/13 00:09:28 | 000,000,346 | -HS- | C] () -- C:\WINDOWS\tasks\TPSNPZFFO.job
[2011/05/12 15:01:18 | 001,062,514 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/11 00:29:20 | 001,343,569 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 01:02:50 | 000,138,302 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/06 14:46:00 | 000,543,620 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/06 14:45:19 | 002,686,543 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/06 14:30:50 | 000,161,451 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 00:38:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/24 14:49:26 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/24 14:46:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/20 14:30:33 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/01/09 07:14:20 | 000,000,281 | ---- | C] () -- C:\Program Files\© Local Disk.lnk
[2011/01/05 04:41:56 | 000,075,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/27 11:23:44 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Luktarn\Application Data\default.pls
[2010/08/09 10:05:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/08/08 05:56:40 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/23 15:50:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/17 10:06:20 | 000,075,573 | ---- | C] () -- C:\Documents and Settings\Administrator\langs.model.xml
[2010/03/17 10:06:20 | 000,004,799 | ---- | C] () -- C:\Documents and Settings\Administrator\config.model.xml
[2010/03/17 10:06:20 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Administrator\configModel.xml
[2010/03/17 10:06:20 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Administrator\langsModel.xml
[2010/03/17 10:06:19 | 000,100,247 | ---- | C] () -- C:\Documents and Settings\Administrator\xmlUpdater.exe
[2010/03/17 10:06:19 | 000,086,228 | ---- | C] () -- C:\Documents and Settings\Administrator\stylers.model.xml
[2010/03/17 10:06:19 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Administrator\stylesGlobalModel.xml
[2010/03/17 10:06:19 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Administrator\stylesLexerModel.xml
[2010/03/17 09:52:53 | 000,075,573 | ---- | C] () -- C:\Documents and Settings\Guest\langs.model.xml
[2010/03/17 09:52:53 | 000,004,799 | ---- | C] () -- C:\Documents and Settings\Guest\config.model.xml
[2010/03/17 09:52:53 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Guest\configModel.xml
[2010/03/17 09:52:53 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Guest\langsModel.xml
[2010/03/17 09:52:52 | 000,100,247 | ---- | C] () -- C:\Documents and Settings\Guest\xmlUpdater.exe
[2010/03/17 09:52:52 | 000,086,228 | ---- | C] () -- C:\Documents and Settings\Guest\stylers.model.xml
[2010/03/17 09:52:52 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Guest\stylesGlobalModel.xml
[2010/03/17 09:52:52 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Guest\stylesLexerModel.xml
[2010/03/17 04:18:17 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2010/03/17 04:18:16 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2010/03/16 08:01:02 | 000,129,536 | ---- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 07:45:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/16 04:50:52 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Luktarn\.rnd
[2010/03/15 19:26:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/15 17:41:36 | 000,075,573 | ---- | C] () -- C:\Documents and Settings\Luktarn\langs.model.xml
[2010/03/15 17:41:36 | 000,004,799 | ---- | C] () -- C:\Documents and Settings\Luktarn\config.model.xml
[2010/03/15 17:41:36 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Luktarn\configModel.xml
[2010/03/15 17:41:36 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Luktarn\langsModel.xml
[2010/03/15 17:41:35 | 000,100,247 | ---- | C] () -- C:\Documents and Settings\Luktarn\xmlUpdater.exe
[2010/03/15 17:41:35 | 000,086,228 | ---- | C] () -- C:\Documents and Settings\Luktarn\stylers.model.xml
[2010/03/15 17:41:35 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Luktarn\stylesGlobalModel.xml
[2010/03/15 17:41:35 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Luktarn\stylesLexerModel.xml
[2010/03/15 17:14:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 17:14:25 | 000,075,573 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\langs.model.xml
[2010/03/15 17:14:25 | 000,004,799 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\config.model.xml
[2010/03/15 17:14:25 | 000,000,193 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\configModel.xml
[2010/03/15 17:14:25 | 000,000,191 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\langsModel.xml
[2010/03/15 17:14:24 | 000,100,247 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\xmlUpdater.exe
[2010/03/15 17:14:24 | 000,086,228 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\stylers.model.xml
[2010/03/15 17:14:24 | 000,000,192 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\stylesGlobalModel.xml
[2010/03/15 17:14:24 | 000,000,188 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\stylesLexerModel.xml
[2010/03/15 16:51:26 | 000,001,404 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010/03/15 16:51:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/15 16:51:02 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/15 16:51:02 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/15 16:51:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/03/15 16:50:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/15 16:47:09 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/15 16:41:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/15 16:34:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/15 16:32:03 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/03/15 16:18:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010/03/15 16:18:19 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2010/03/15 16:18:12 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2010/03/15 16:18:12 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2010/03/15 16:13:28 | 001,646,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/17 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/06/17 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/06/17 08:00:00 | 000,444,862 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/17 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/06/17 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/06/17 08:00:00 | 000,072,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/17 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/06/17 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/06/17 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/06/17 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/06/17 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/06/17 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/03/15 16:51:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Notepad++
[2010/03/15 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2010/03/15 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Notepad++
[2010/08/08 05:56:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Luktarn\Application Data\.#
[2011/05/14 06:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\28EBD6823E002FAF21D67D2BD7C3E97F
[2010/04/30 11:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\ACD Systems
[2011/05/13 00:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\advantage
[2010/08/08 06:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Ashtons. Family Resort
[2010/03/16 02:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Auslogics
[2011/02/25 11:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Babylon
[2010/08/08 05:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\GamesCafe
[2010/09/13 02:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Netscape
[2010/08/08 02:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\NevoSoft Games
[2010/07/03 11:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Notepad++
[2010/09/13 03:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Photodex
[2010/08/07 08:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\PlayFirst
[2011/05/13 00:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\PriceGong
[2010/07/03 11:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\URSoft
[2011/05/15 00:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\uTorrent
[2010/03/15 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/08/08 06:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
[2011/02/25 11:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/08/08 05:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Burger Island 2
[2010/03/15 17:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/04 05:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/03/19 23:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/05/13 00:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pF28601MaDdD28601
[2010/08/07 08:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/08/08 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/03/16 04:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2010/11/29 09:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/15 01:12:48 | 000,000,358 | -HS- | M] () -- C:\WINDOWS\Tasks\RROPWOEANJ.job
[2011/05/15 01:12:48 | 000,000,346 | -HS- | M] () -- C:\WINDOWS\Tasks\TPSNPZFFO.job
[2011/05/15 00:59:42 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/15 00:59:42 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/06/17 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/06/17 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/03/08 06:38:26 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) MD5=BD446DF730CCE5FFE5214A926AF248D5 -- C:\Documents and Settings\Luktarn\Desktop\explorer.exe
[2011/03/08 06:38:26 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) MD5=BD446DF730CCE5FFE5214A926AF248D5 -- C:\Documents and Settings\Luktarn\My Documents\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/06/17 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/06/17 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/06/17 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/06/17 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.INF >
[2008/06/17 08:00:00 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINDOWS\inf\volsnap.inf

< MD5 for: VOLSNAP.PNF >
[2010/03/15 17:18:40 | 000,004,964 | ---- | M] () MD5=657B39000C75AD9DED23DE96C0F4EE4C -- C:\WINDOWS\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2008/06/17 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/06/17 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2008/06/17 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/06/17 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/05/13 00:22:55 | 000,228,040 | -HS- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 23:00:22 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/13 00:22:55 | 000,228,040 | -HS- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 10:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/13 00:22:55 | 000,228,040 | -HS- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/05/13 00:22:55 | 000,228,040 | -HS- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 23:00:22 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/13 00:22:55 | 000,228,040 | -HS- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 10:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/13 00:22:55 | 000,228,040 | -HS- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< CREATERESTOREPOINT >



========== Files - Unicode (All) ==========
[2011/05/11 01:53:23 | 000,000,000 | ---D | M](C:\Documents and Settings\Luktarn\Desktop\????????) -- C:\Documents and Settings\Luktarn\Desktop\พร้อมส่ง
[2011/05/08 02:05:35 | 000,000,000 | ---D | M](C:\Documents and Settings\Luktarn\Desktop\??????shop) -- C:\Documents and Settings\Luktarn\Desktop\เอกสารshop
[2011/04/17 04:42:02 | 000,000,000 | ---D | C](C:\Documents and Settings\Luktarn\Desktop\????????) -- C:\Documents and Settings\Luktarn\Desktop\พร้อมส่ง
[2011/03/05 06:19:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Luktarn\My Documents\????????????????????) -- C:\Documents and Settings\Luktarn\My Documents\บันทึกการสนทนาของฉัน
[2011/02/28 05:38:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Luktarn\My Documents\???????????????????) -- C:\Documents and Settings\Luktarn\My Documents\ไฟล์ที่ได้รับของฉัน
[2011/02/21 12:47:58 | 000,000,000 | ---D | C](C:\Documents and Settings\Luktarn\My Documents\????????????????????) -- C:\Documents and Settings\Luktarn\My Documents\บันทึกการสนทนาของฉัน
[2010/11/06 00:55:02 | 000,000,000 | ---D | C](C:\Documents and Settings\Luktarn\Desktop\??????shop) -- C:\Documents and Settings\Luktarn\Desktop\เอกสารshop
[2010/03/20 09:19:59 | 000,000,000 | ---D | C](C:\Documents and Settings\Luktarn\My Documents\???????????????????) -- C:\Documents and Settings\Luktarn\My Documents\ไฟล์ที่ได้รับของฉัน

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:908A1B53
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:679ABA25
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:56F368C9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EA701346
< End of report >
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Start OTLPE as you did previously from CD (unless still running)
Copy the attached Fix.txt to a USB
[attachment=50072:fix.txt]
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#13
kalvin369

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Wow! Thanks. The malware seems to be gone. Although, it may have left some traces. Whenever I try to run an executable, it asks me to choose the program to open with (ie. I'll launch firefox and it'll open an "Open With" dialogue box). I'm tempted to just reload her programs but I'll await further instructions.

*****Log File Start****

OTL logfile created on: 15/5/2011 16:52:16 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Luktarn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041E | Country: Thailand | Language: THA | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 10.10 Gb Free Space | 34.46% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 24.16 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive E: | 61.15 Gb Total Space | 34.75 Gb Free Space | 56.83% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Luktarn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
PRC - [2010/09/13 13:42:06 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
PRC - [2009/02/06 21:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/06/17 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/06/17 19:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006/12/02 05:56:00 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/11 13:40:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/13 13:42:06 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe -- (ScsiAccess)
SRV - [2009/02/06 21:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 21:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2010/03/16 03:51:21 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/16 12:27:17] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/02/11 00:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/02/06 21:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - [2009/02/06 21:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 21:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon)
DRV - [2008/06/17 19:00:00 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iastor78.sys -- (iastor78)
DRV - [2008/04/29 15:00:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/13 08:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2008/03/05 13:03:38 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2007/12/18 12:18:10 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 15:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 15:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 15:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/17 14:46:00 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/17 14:45:42 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/17 14:45:36 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2006/07/19 18:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/05/10 22:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\windrvNT.sys -- (windrvNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "http://search.icq.co...b_ver=1.1.9&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 10:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 10:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/16 16:20:41 | 000,000,000 | ---D | M]

[2010/03/16 06:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Extensions
[2011/05/12 23:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions
[2011/03/10 22:53:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/10/22 14:37:12 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2010/12/14 09:23:34 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/04/21 12:06:24 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\conduit.xml
[2011/05/09 00:20:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-1.xml
[2011/03/23 23:32:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-2.xml
[2011/05/01 10:00:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-3.xml
[2011/02/20 11:21:20 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.gif
[2011/02/20 11:21:20 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.src
[2011/03/05 21:13:28 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.xml
[2011/05/12 23:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 06:23:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\LUKTARN\APPLICATION DATA\MOVE NETWORKS
[2010/03/21 08:50:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/05/16 03:28:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Luktarn\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Malwarebytes Corporation )
O24 - Desktop WallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/16 03:44:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 03:28:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/15 16:47:10 | 000,912,344 | ---- | C] (Mozilla Corporation) -- C:\Documents and Settings\Luktarn\Desktop\firefox.exe
[2011/05/15 12:11:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Luktarn\Recent
[2011/05/15 11:40:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
[2011/05/15 08:56:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\Desktop\explorer.exe
[2011/05/14 17:40:36 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\My Documents\explorer.exe
[2011/05/13 12:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/13 11:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/13 11:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/13 11:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Application Data\advantage
[2011/05/12 22:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\elton john
[2011/05/07 22:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\New Folder
[2011/05/07 00:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\BB
[2011/04/26 01:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\SONGS
[2011/04/25 01:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/25 01:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/25 01:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/17 15:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\พร้อมส่ง
[2010/03/21 08:47:52 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\xpiinstall.exe
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/15 16:47:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/15 16:47:15 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004UA.job
[2011/05/15 16:47:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Luktarn\Desktop\firefox.exe
[2011/05/15 16:47:01 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/15 16:45:05 | 000,444,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/15 16:45:05 | 000,072,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/15 16:40:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/15 16:40:45 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 16:40:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 12:00:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 11:47:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004Core.job
[2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
[2011/05/14 17:39:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/13 12:09:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 02:01:18 | 001,062,514 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/12 23:57:44 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 15:47:00 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Luktarn.job
[2011/05/11 11:29:20 | 001,343,569 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 12:02:50 | 000,138,302 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/07 01:46:00 | 000,543,620 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/07 01:45:28 | 002,686,543 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/07 01:30:50 | 000,161,451 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 11:38:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 01:49:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/25 01:46:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 11:54:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 02:01:18 | 001,062,514 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/11 11:29:20 | 001,343,569 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 12:02:50 | 000,138,302 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/07 01:46:00 | 000,543,620 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/07 01:45:19 | 002,686,543 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/07 01:30:50 | 000,161,451 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 11:38:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 01:49:26 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/25 01:46:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/15 21:26:53 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/02/21 01:30:33 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/01/09 18:14:20 | 000,000,281 | ---- | C] () -- C:\Program Files\© Local Disk.lnk
[2011/01/05 15:41:56 | 000,075,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/27 22:23:44 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Luktarn\Application Data\default.pls
[2010/08/09 21:05:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/08/08 16:56:40 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/24 02:50:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/17 15:18:17 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2010/03/17 15:18:16 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2010/03/16 19:01:02 | 000,129,536 | ---- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 18:45:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/16 06:26:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/16 04:14:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/16 03:51:26 | 000,001,404 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010/03/16 03:51:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/16 03:51:02 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/16 03:51:02 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/16 03:51:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/03/16 03:50:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/16 03:47:09 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/16 03:41:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/16 03:34:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/16 03:32:03 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/03/16 03:18:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010/03/16 03:18:19 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2010/03/16 03:18:12 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2010/03/16 03:18:12 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2010/03/16 03:13:28 | 001,646,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/17 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/06/17 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/06/17 19:00:00 | 000,444,862 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/17 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/06/17 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/06/17 19:00:00 | 000,072,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/17 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/06/17 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/06/17 19:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/06/17 19:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/06/17 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/06/17 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Files - Unicode (All) ==========
[2010/03/16 12:48:27 | 000,000,648 | ---- | M] ()(C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\?Torrent.lnk) -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/03/16 12:48:27 | 000,000,648 | ---- | C] ()(C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\?Torrent.lnk) -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:908A1B53
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:679ABA25
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:56F368C9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EA701346

< End of report >
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We will reset the open with problem now and then check to make sure that all is well.. On completion of these runs can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "%1" %*

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

AND FINALLY

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#15
kalvin369

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Very happy to say that functionality seems restored - I'm using her computer to paste this rather than transferring the usb drive back and forth and back and... Completed OTL Scan. Running Malwarebytes in a bit (although I have to return to work soon).

Log:

OTL logfile created on: 16/5/2011 13:36:14 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Luktarn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041E | Country: Thailand | Language: THA | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 10.07 Gb Free Space | 34.35% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 24.16 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive E: | 61.15 Gb Total Space | 34.75 Gb Free Space | 56.83% Space Free | Partition Type: NTFS
Drive H: | 7.72 Gb Total Space | 4.72 Gb Free Space | 61.15% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: Luktarn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
PRC - [2011/04/12 00:54:19 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/09/13 13:42:06 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2009/12/11 04:54:04 | 000,819,200 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2009/02/06 21:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 21:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/06/17 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
MOD - [2008/06/17 19:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/11 13:40:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/13 13:42:06 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 21:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 21:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2010/03/16 03:51:21 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/16 12:27:17] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/02/11 00:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/02/06 21:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/02/06 21:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 21:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/17 19:00:00 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iastor78.sys -- (iastor78)
DRV - [2008/04/29 15:00:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/13 08:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2008/03/05 13:03:38 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2007/12/18 12:18:10 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 15:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 15:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 15:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/17 14:46:00 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/17 14:45:42 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/17 14:45:36 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/07/19 18:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/05/10 22:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "http://search.icq.co...b_ver=1.1.9&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 10:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 10:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/16 16:20:41 | 000,000,000 | ---D | M]

[2010/03/16 06:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Extensions
[2011/05/12 23:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions
[2011/03/10 22:53:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/10/22 14:37:12 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2010/12/14 09:23:34 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/04/21 12:06:24 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\conduit.xml
[2011/05/09 00:20:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-1.xml
[2011/03/23 23:32:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-2.xml
[2011/05/01 10:00:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin-3.xml
[2011/02/20 11:21:20 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.gif
[2011/02/20 11:21:20 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.src
[2011/03/05 21:13:28 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Mozilla\Firefox\Profiles\2omsec85.default\searchplugins\icqplugin.xml
[2011/05/12 23:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 06:23:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\LUKTARN\APPLICATION DATA\MOVE NETWORKS
[2010/03/21 08:50:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

Hosts file not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Luktarn\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Malwarebytes Corporation )
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/16 03:44:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 13:32:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Luktarn\IECompatCache
[2011/05/16 03:28:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/15 12:11:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Luktarn\Recent
[2011/05/15 11:40:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
[2011/05/15 08:56:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\Desktop\explorer.exe
[2011/05/14 17:40:36 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\My Documents\explorer.exe
[2011/05/13 12:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/13 11:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/13 11:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/13 11:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Application Data\advantage
[2011/05/12 22:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\elton john
[2011/05/07 22:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\New Folder
[2011/05/07 00:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\BB
[2011/04/26 01:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\SONGS
[2011/04/25 01:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/25 01:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/25 01:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/17 15:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\พร้อมส่ง
[2010/03/21 08:47:52 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\xpiinstall.exe
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 13:32:40 | 000,444,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/16 13:32:40 | 000,072,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/16 13:31:47 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 13:30:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 13:27:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 17:00:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 16:47:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/15 16:47:15 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004UA.job
[2011/05/15 16:47:01 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/15 11:47:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004Core.job
[2011/05/15 11:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
[2011/05/14 17:39:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/13 12:09:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 02:01:18 | 001,062,514 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/12 23:57:44 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 15:47:00 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Luktarn.job
[2011/05/11 11:29:20 | 001,343,569 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 12:02:50 | 000,138,302 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/07 01:46:00 | 000,543,620 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/07 01:45:28 | 002,686,543 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/07 01:30:50 | 000,161,451 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 11:38:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 01:49:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/25 01:46:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 11:54:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 02:01:18 | 001,062,514 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/11 11:29:20 | 001,343,569 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 12:02:50 | 000,138,302 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/07 01:46:00 | 000,543,620 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/07 01:45:19 | 002,686,543 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/07 01:30:50 | 000,161,451 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 11:38:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/25 01:49:26 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/25 01:46:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/21 01:30:33 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/01/09 18:14:20 | 000,000,281 | ---- | C] () -- C:\Program Files\© Local Disk.lnk
[2011/01/05 15:41:56 | 000,075,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/27 22:23:44 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Luktarn\Application Data\default.pls
[2010/08/09 21:05:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/08/08 16:56:40 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/24 02:50:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/17 15:18:17 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2010/03/17 15:18:16 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2010/03/16 19:01:02 | 000,129,536 | ---- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 18:45:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/16 06:26:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/16 04:14:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/16 03:51:26 | 000,001,404 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010/03/16 03:51:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/16 03:51:02 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/16 03:51:02 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/16 03:51:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/03/16 03:50:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/16 03:47:09 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/16 03:41:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/16 03:34:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/16 03:32:03 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/03/16 03:18:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010/03/16 03:18:19 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2010/03/16 03:18:12 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2010/03/16 03:18:12 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2010/03/16 03:13:28 | 001,646,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/17 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/06/17 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/06/17 19:00:00 | 000,444,862 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/17 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/06/17 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/06/17 19:00:00 | 000,072,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/17 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/06/17 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/06/17 19:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/06/17 19:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/06/17 19:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/06/17 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/03/16 03:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/08/08 17:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
[2011/02/25 22:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/08/08 16:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Burger Island 2
[2010/03/16 04:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/04 16:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/03/20 10:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/07 19:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/05/15 17:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/03/16 15:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2010/11/29 20:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/08 16:56:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Luktarn\Application Data\.#
[2010/04/30 22:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\ACD Systems
[2011/05/16 03:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\advantage
[2010/08/08 17:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Ashtons. Family Resort
[2010/03/16 13:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Auslogics
[2011/02/25 22:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Babylon
[2010/08/08 16:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\GamesCafe
[2010/09/13 13:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Netscape
[2010/08/08 13:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\NevoSoft Games
[2010/07/03 22:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Notepad++
[2010/09/13 14:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Photodex
[2010/08/07 19:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\PlayFirst
[2011/05/16 13:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\PriceGong
[2010/07/03 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\URSoft
[2011/05/16 13:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\uTorrent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/03/16 12:48:27 | 000,000,648 | ---- | M] ()(C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\?Torrent.lnk) -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/03/16 12:48:27 | 000,000,648 | ---- | C] ()(C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\?Torrent.lnk) -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:908A1B53
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:679ABA25
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:56F368C9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EA701346

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP