Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MS Removal Tools. Need additional help b/c cannot run any .exe

Started by kalvin369 , May 15 2011 10:49 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 16 May 2011 - 01:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem on the time - the final two scans are just to confirm my thoughts that you are OK
  • 0

Advertisements

#17
kalvin369
Posted 16 May 2011 - 01:51 PM

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6592

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/5/2554 13:50:30
mbam-log-2554-05-16 (13-50-25).txt

Scan type: Quick scan
Objects scanned: 174424
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Luktarn\application data\Adobe\plugs\kb3304296.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Luktarn\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.



***************************************************************************************


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-16 13:53:31
-----------------------------
13:53:31.312 OS Version: Windows 5.1.2600 Service Pack 3
13:53:31.312 Number of processors: 2 586 0xF0D
13:53:31.312 ComputerName: HOME UserName:
13:53:31.750 Initialize success
13:53:34.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:53:34.000 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
13:53:34.000 Disk 0 MBR read successfully
13:53:34.015 Disk 0 MBR scan
13:53:34.015 Disk 0 TDL4@MBR code has been found
13:53:34.015 Disk 0 Windows XP default MBR code found via API
13:53:34.031 Disk 0 MBR hidden
13:53:34.031 Disk 0 MBR [TDL4] **ROOTKIT**
13:53:34.046 Disk 0 trace - called modules:
13:53:34.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89f166f0]<<
13:53:34.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a93f748]
13:53:34.062 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a8d0910]
13:53:34.078 5 ACPI.sys[b9e7f620] -> nt!IofCallDriver -> [0x8a37c030]
13:53:34.078 \Driver\iaStor[0x8a93c6a0] -> IRP_MJ_CREATE -> 0x89f166f0
13:53:34.093 Scan finished successfully
13:53:43.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Luktarn\Desktop\MBR.dat"
13:53:43.406 The log file has been saved successfully to "C:\Documents and Settings\Luktarn\Desktop\aswMBR.txt"
  • 0

#18
Essexboy
Posted 16 May 2011 - 01:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK an MBR infection - lets kill it

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button

Posted Image

Save the log as before and post in your next reply
  • 0

#19
kalvin369
Posted 18 May 2011 - 06:33 PM

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I'm afraid I spoke too soon. The malware seems gone...but her computer will not boot. It prompts me to choose Start Windows Normally or Last Known Good Configuration. Either option displays the XP logo for 2 seconds, then millisecond blue screen, and restart.

I tried to repair it but, when I boot from my XP CD, it does not recognize any hard-drives. Further, if I try to get to safe mode, I get "multi(0)partition(1)...etc" repeated repeated, then the computer restarts.

Obviously, I don't want to give the computer back broken :) Any ideas?
  • 0

#20
Essexboy
Posted 19 May 2011 - 10:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep lets see if I can figure out what is blocking the start

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download this scan.txt to a USB [attachment=50161:scan.txt]
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#21
kalvin369
Posted 19 May 2011 - 10:41 AM

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Can I use the same Reatogo OS disk that I burned in a previous step?
  • 0

#22
Essexboy
Posted 19 May 2011 - 11:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Duh colour me stupid ----- Yes that would be perfect :)
  • 0

#23
kalvin369
Posted 19 May 2011 - 02:49 PM

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It doesn't seem to want to boot from the CD either. It will either go to a dos style flashing cursor or it will begin to load Reatogo OS but the progress bar will not advance. Appearing like

Reatogo OS
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

and the bars will not fill. It looked like this for about 10 minutes before I had to return to work. When I get home, I may leave it for longer. Any other suggestions?
  • 0

#24
Essexboy
Posted 19 May 2011 - 02:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It sounds like a coincidental Hard drive failure, but lets confirm that

We will use an mobile operating system called xPUD, and a script called rst.sh to restore your computer.

On the clean computer.

Creating a bootable USB using xPUD
  • Please download the following files and save it to the desktop
  • Insert the USB device to make bootable to the computer. (Make sure that no other USB's are inserted)
  • Double-click on unetbootin.exe to run
  • Select Disk Image, ISO and in the space provided, enter the path location of xpud-0.9.2.iso (ex. C:\Documents and Settings\yourusername\Desktop\xpud-0.9.2.iso)
  • Select USB Drive type and the drive letter assigned to your USB stick.
  • Click "OK" and wait until the program finishes. You now have a bootable xPUD.
  • Download the following tool and save it inside the bootable USB

Please note: if you prefer to create a bootable CD using xPUD, you may download the ISO image found here and burn it to a CD.



On the infected computer.
  • Reboot your system using the xPUD bootable USB you just created.
    Note : If you do not know how to set your computer to boot from USB follow the steps here
  • Your system should now display a xPUD desktop.
  • Select on the File icon; on the right pane click on the "mnt" folder and highlight "sdb1" - this is your USB device.

    sda1,2...usually corresponds to your HDD
    sdb1 is likely your USB

  • Click on the "Tool" menu and select Open Terminal
    Posted Image
  • In the open terminal window, type in the following:

    bash rst.sh
  • Press "Enter" and let it run uninterrupted.
    (The program lists available Restore Points and will save a report enum.log located in the USB drive.)
  • The program is finished when it say's "Done".
  • Type "Exit" to close the terminal window.
  • Please attached the enum.log file in your reply. (You may remove your USB drive when transferring log to a clean computer).

Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.
  • 0

#25
kalvin369
Posted 21 May 2011 - 12:34 AM

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I had some people over tonight...including my friend. As people were leaving, I prepared her to meet her dead laptop. Aaaaaaaand...the comp decided to boot from the reatogo cd. Time to crack another beer and get to work :)

I'll post the results of the scan soon.
  • 0

Advertisements

#26
kalvin369
Posted 21 May 2011 - 12:56 AM

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Okay, here is the scan. I followed the instructions from the post from 5/19 at 10:31. After I got this info, I tried starting the computer as a regular boot. Same blue screen and crash. Hopefully, you can use this data well.


****Begin Paste*****

OTL logfile created on: 5/21/2011 1:45:27 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 10.11 Gb Free Space | 34.52% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 24.16 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive E: | 61.15 Gb Total Space | 34.75 Gb Free Space | 56.83% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 4.70 Gb Free Space | 60.92% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2010/10/11 02:40:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/13 02:42:06 | 000,181,312 | ---- | M] () [Auto] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 10:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 10:23:36 | 000,727,720 | ---- | M] (ESET) [Auto] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/03/15 16:51:21 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/02/28 08:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/16 12:27:17] [Kernel | Auto] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/02/10 13:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/02/06 10:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/02/06 10:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 10:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/17 08:00:00 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\iastor78.sys -- (iastor78)
DRV - [2008/04/29 04:00:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/12 21:25:36 | 002,530,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2008/03/05 02:03:38 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2007/12/18 01:18:10 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 04:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 04:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 04:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/17 03:46:00 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/17 03:45:42 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/17 03:45:36 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/07/19 07:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/05/10 11:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Luktarn_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
IE - HKU\Luktarn_ON_C\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
IE - HKU\Luktarn_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Luktarn_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 23:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 23:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/16 05:20:41 | 000,000,000 | ---D | M]

[2011/05/12 12:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O3 - HKU\Luktarn_ON_C\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\.DEFAULT..\Run: [Yahoo! Pager] File not found
O4 - HKU\Administrator_ON_C..\Run: [Yahoo! Pager] File not found
O4 - HKU\Guest_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Guest_ON_C..\Run: [Yahoo! Pager] File not found
O4 - HKU\Luktarn_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\NetworkService_ON_C..\Run: [Yahoo! Pager] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\RunOnce: [nltide_2] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Luktarn\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\Luktarn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/15 16:44:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - File not found
MsConfig - StartUpReg: Device Detector - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E91B4691-FD1B-2DC8-EED6-2F555878A225} - Outlook Express
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 02:55:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Luktarn\Recent
[2011/05/16 02:51:34 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Luktarn\Desktop\aswMBR.exe
[2011/05/16 02:32:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Luktarn\IECompatCache
[2011/05/15 16:28:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/15 05:47:10 | 000,912,344 | ---- | C] (Mozilla Corporation) -- C:\Documents and Settings\Luktarn\Desktop\firefox.exe
[2011/05/15 00:40:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
[2011/05/14 21:56:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\Desktop\explorer.exe
[2011/05/14 06:40:36 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luktarn\My Documents\explorer.exe
[2011/05/13 01:09:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2011/05/13 01:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/13 00:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/13 00:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/13 00:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Application Data\advantage
[2011/05/12 11:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\elton john
[2011/05/07 11:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\New Folder
[2011/05/06 13:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\BB
[2011/04/25 14:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luktarn\Desktop\SONGS
[2011/04/24 14:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/24 14:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/24 14:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/20 21:47:52 | 000,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\xpiinstall.exe
[2010/03/15 17:14:24 | 000,145,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\system32\config\systemprofile\ose00000.exe
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 06:31:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 02:53:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\MBR.dat
[2011/05/16 02:51:41 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Luktarn\Desktop\aswMBR.exe
[2011/05/16 02:47:14 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004UA.job
[2011/05/16 02:45:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 02:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/16 02:32:40 | 000,444,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/16 02:32:40 | 000,072,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/16 02:31:47 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 02:30:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 02:28:11 | 000,000,020 | ---- | M] () -- C:\sccfg.sys
[2011/05/15 16:28:41 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/05/15 06:00:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 05:47:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/15 05:47:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Luktarn\Desktop\firefox.exe
[2011/05/15 05:47:01 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/05/15 00:47:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2111687655-1177238915-1004Core.job
[2011/05/15 00:35:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luktarn\Desktop\OTL.com
[2011/05/14 06:39:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/13 01:09:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/12 15:01:18 | 001,062,514 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/12 12:57:44 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 04:47:00 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Luktarn.job
[2011/05/11 00:29:20 | 001,343,569 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 01:02:50 | 000,138,302 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/06 14:46:00 | 000,543,620 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/06 14:45:28 | 002,686,543 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/06 14:30:50 | 000,161,451 | ---- | M] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 00:38:36 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/27 00:38:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/24 14:49:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/04/24 14:49:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Luktarn\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/24 14:46:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/24 14:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[4 C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Luktarn\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 02:53:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\MBR.dat
[2011/05/16 02:45:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/15 05:37:11 | 000,000,020 | ---- | C] () -- C:\sccfg.sys
[2011/05/13 00:54:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/12 15:01:18 | 001,062,514 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\School.PDF
[2011/05/11 00:29:20 | 001,343,569 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SomO.3gp
[2011/05/09 01:02:50 | 000,138,302 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\ProducerDocuments.pdf
[2011/05/06 14:46:00 | 000,543,620 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\fax-menus-no-prices-3-11.pdf
[2011/05/06 14:45:19 | 002,686,543 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\menu.pdf
[2011/05/06 14:30:50 | 000,161,451 | ---- | C] () -- C:\Documents and Settings\Luktarn\Desktop\SantaAna.pdf
[2011/04/27 00:38:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/24 14:49:26 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/24 14:46:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/20 14:30:33 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/01/09 07:14:20 | 000,000,281 | ---- | C] () -- C:\Program Files\© Local Disk.lnk
[2011/01/05 04:41:56 | 000,075,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/27 11:23:44 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Luktarn\Application Data\default.pls
[2010/08/09 10:05:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/08/08 05:56:40 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/23 15:50:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/17 10:06:20 | 000,075,573 | ---- | C] () -- C:\Documents and Settings\Administrator\langs.model.xml
[2010/03/17 10:06:20 | 000,004,799 | ---- | C] () -- C:\Documents and Settings\Administrator\config.model.xml
[2010/03/17 10:06:20 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Administrator\configModel.xml
[2010/03/17 10:06:20 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Administrator\langsModel.xml
[2010/03/17 10:06:19 | 000,100,247 | ---- | C] () -- C:\Documents and Settings\Administrator\xmlUpdater.exe
[2010/03/17 10:06:19 | 000,086,228 | ---- | C] () -- C:\Documents and Settings\Administrator\stylers.model.xml
[2010/03/17 10:06:19 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Administrator\stylesGlobalModel.xml
[2010/03/17 10:06:19 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Administrator\stylesLexerModel.xml
[2010/03/17 09:52:53 | 000,075,573 | ---- | C] () -- C:\Documents and Settings\Guest\langs.model.xml
[2010/03/17 09:52:53 | 000,004,799 | ---- | C] () -- C:\Documents and Settings\Guest\config.model.xml
[2010/03/17 09:52:53 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Guest\configModel.xml
[2010/03/17 09:52:53 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Guest\langsModel.xml
[2010/03/17 09:52:52 | 000,100,247 | ---- | C] () -- C:\Documents and Settings\Guest\xmlUpdater.exe
[2010/03/17 09:52:52 | 000,086,228 | ---- | C] () -- C:\Documents and Settings\Guest\stylers.model.xml
[2010/03/17 09:52:52 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Guest\stylesGlobalModel.xml
[2010/03/17 09:52:52 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Guest\stylesLexerModel.xml
[2010/03/17 04:18:17 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2010/03/17 04:18:16 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2010/03/16 08:01:02 | 000,129,536 | ---- | C] () -- C:\Documents and Settings\Luktarn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 07:45:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/16 04:50:52 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Luktarn\.rnd
[2010/03/15 19:26:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/15 17:41:36 | 000,075,573 | ---- | C] () -- C:\Documents and Settings\Luktarn\langs.model.xml
[2010/03/15 17:41:36 | 000,004,799 | ---- | C] () -- C:\Documents and Settings\Luktarn\config.model.xml
[2010/03/15 17:41:36 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Luktarn\configModel.xml
[2010/03/15 17:41:36 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Luktarn\langsModel.xml
[2010/03/15 17:41:35 | 000,100,247 | ---- | C] () -- C:\Documents and Settings\Luktarn\xmlUpdater.exe
[2010/03/15 17:41:35 | 000,086,228 | ---- | C] () -- C:\Documents and Settings\Luktarn\stylers.model.xml
[2010/03/15 17:41:35 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Luktarn\stylesGlobalModel.xml
[2010/03/15 17:41:35 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Luktarn\stylesLexerModel.xml
[2010/03/15 17:14:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 17:14:25 | 000,075,573 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\langs.model.xml
[2010/03/15 17:14:25 | 000,004,799 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\config.model.xml
[2010/03/15 17:14:25 | 000,000,193 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\configModel.xml
[2010/03/15 17:14:25 | 000,000,191 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\langsModel.xml
[2010/03/15 17:14:24 | 000,100,247 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\xmlUpdater.exe
[2010/03/15 17:14:24 | 000,086,228 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\stylers.model.xml
[2010/03/15 17:14:24 | 000,000,192 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\stylesGlobalModel.xml
[2010/03/15 17:14:24 | 000,000,188 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\stylesLexerModel.xml
[2010/03/15 16:51:26 | 000,001,404 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010/03/15 16:51:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/15 16:51:02 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/15 16:51:02 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/15 16:51:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/03/15 16:50:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/15 16:47:09 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/15 16:41:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/15 16:34:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/15 16:32:03 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/03/15 16:18:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010/03/15 16:18:19 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2010/03/15 16:18:12 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2010/03/15 16:18:12 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2010/03/15 16:13:28 | 001,646,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/17 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/06/17 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/06/17 08:00:00 | 000,444,862 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/17 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/06/17 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/06/17 08:00:00 | 000,072,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/17 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/06/17 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/06/17 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/06/17 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/06/17 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/06/17 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/03/15 16:51:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Notepad++
[2010/03/15 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2010/03/15 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Notepad++
[2010/08/08 05:56:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Luktarn\Application Data\.#
[2010/04/30 11:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\ACD Systems
[2011/05/15 16:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\advantage
[2010/08/08 06:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Ashtons. Family Resort
[2010/03/16 02:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Auslogics
[2011/02/25 11:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Babylon
[2010/08/08 05:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\GamesCafe
[2010/09/13 02:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Netscape
[2010/08/08 02:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\NevoSoft Games
[2010/07/03 11:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Notepad++
[2010/09/13 03:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\Photodex
[2010/08/07 08:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\PlayFirst
[2011/05/16 02:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\PriceGong
[2010/07/03 11:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\URSoft
[2011/05/16 02:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luktarn\Application Data\uTorrent
[2010/03/15 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/08/08 06:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
[2011/02/25 11:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/08/08 05:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Burger Island 2
[2010/03/15 17:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/04 05:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/03/19 23:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/08/07 08:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/05/15 06:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/03/16 04:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2010/11/29 09:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/06/17 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/06/17 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/03/08 06:38:26 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) MD5=BD446DF730CCE5FFE5214A926AF248D5 -- C:\Documents and Settings\Luktarn\Desktop\explorer.exe
[2011/03/08 06:38:26 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) MD5=BD446DF730CCE5FFE5214A926AF248D5 -- C:\Documents and Settings\Luktarn\My Documents\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/06/17 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/06/17 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/06/17 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/06/17 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.INF >
[2008/06/17 08:00:00 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINDOWS\inf\volsnap.inf

< MD5 for: VOLSNAP.PNF >
[2010/03/15 17:18:40 | 000,004,964 | ---- | M] () MD5=657B39000C75AD9DED23DE96C0F4EE4C -- C:\WINDOWS\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2008/06/17 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/06/17 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2008/06/17 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/06/17 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 23:00:22 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 10:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 23:00:23 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 23:00:22 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 00:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 10:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Luktarn\Local Settings\Application Data\cnk.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 09:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< CREATERESTOREPOINT >



========== Files - Unicode (All) ==========
[2011/05/11 01:53:23 | 000,000,000 | ---D | M](C:\Documents and Settings\Luktarn\Desktop\????????) -- C:\Documents and Settings\Luktarn\Desktop\พร้อมส่ง
[2011/05/08 02:05:35 | 000,000,000 | ---D | M](C:\Documents and Settings\Luktarn\Desktop\??????shop) -- C:\Documents and Settings\Luktarn\Desktop\เอกสารshop
[2011/04/17 04:42:02 | 000,000,000 | ---D | C](C:\Documents and Settings\Luktarn\Desktop\????????) -- C:\Documents and Settings\Luktarn\Desktop\พร้อมส่ง
[2011/03/05 06:19:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Luktarn\My Documents\????????????????????) -- C:\Documents and Settings\Luktarn\My Documents\บันทึกการสนทนาของฉัน
[2011/02/28 05:38:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Luktarn\My Documents\???????????????????) -- C:\Documents and Settings\Luktarn\My Documents\ไฟล์ที่ได้รับของฉัน
[2011/02/21 12:47:58 | 000,000,000 | ---D | C](C:\Documents and Settings\Luktarn\My Documents\????????????????????) -- C:\Documents and Settings\Luktarn\My Documents\บันทึกการสนทนาของฉัน
[2010/11/06 00:55:02 | 000,000,000 | ---D | C](C:\Documents and Settings\Luktarn\Desktop\??????shop) -- C:\Documents and Settings\Luktarn\Desktop\เอกสารshop
[2010/03/20 09:19:59 | 000,000,000 | ---D | C](C:\Documents and Settings\Luktarn\My Documents\???????????????????) -- C:\Documents and Settings\Luktarn\My Documents\ไฟล์ที่ได้รับของฉัน

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:908A1B53
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:679ABA25
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:56F368C9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EA701346
< End of report >
  • 0

#27
Essexboy
Posted 21 May 2011 - 07:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you bear with me a bit - I need to check out OTLPE on my system for a specific procedure
  • 0

#28
Essexboy
Posted 21 May 2011 - 08:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please start OTLPE
Double-click on the MBRFix icon, a command window will open
Posted Image

In the command window type in the following lines and press enter after each (please be sure you type it right) :

MbrFix  /drive  0  savembr  C:\Backup_MBR_0.bin
MbrFix  /drive  0  fixmbr  /yes

Try and reboot normally into your computer.
  • 0

#29
kalvin369
Posted 22 May 2011 - 09:32 AM

kalvin369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Incredible. Thank you!!! It is up-and-running again. Anything else I can do to verify system integrity? Should I follow these steps from earlier? Do I run this from Reatogo or regular XP desktop?

"OK an MBR infection - lets kill it

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button"
  • 0

#30
Essexboy
Posted 22 May 2011 - 09:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we will now just do the following scans to confirm all is clear :)

Just scans as I feel it may now be fixed - from normal mode please - Plus I may now know why the system failed to boot, once confirmed I will let you know

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Then could I have a fresh OTL quick scan and an update on how the computer is behaving now
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP