EDIT
I know this probably wasn't the best idea ever, but since nothing in the cleaning guide was working, I decided to run ComboFix and LopSD. I had seen it on another post, and I'm not sure if I did more harm than good. The worm message and rouge security systems are gone and the desktop no longer has the warning, but I believe things are still infected. MBAM still won't start. It's telling me the same thing. As well as RootRepeal and OTL. I'm going to post the logs I got from ComboFix and LopSD, hopfully this will be some help. Thanks!
ComboFix
ComboFix 09-11-29.06 - Colleen 11/30/2009 6:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.510.222 [GMT -5:00]
Running from: c:\documents and settings\Colleen\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Colleen\Application Data\02000000bd87e325573C.manifest
c:\documents and settings\Colleen\Application Data\02000000bd87e325573O.manifest
c:\documents and settings\Colleen\Application Data\02000000bd87e325573P.manifest
c:\documents and settings\Colleen\Application Data\02000000bd87e325573S.manifest
c:\documents and settings\Colleen\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Colleen\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\Colleen\Local Settings\Application Data\{95A94777-F5F8-4C78-A0B5-08E7D1969146}
c:\documents and settings\Colleen\Local Settings\Application Data\{95A94777-F5F8-4C78-A0B5-08E7D1969146}\chrome.manifest
c:\documents and settings\Colleen\Local Settings\Application Data\{95A94777-F5F8-4C78-A0B5-08E7D1969146}\chrome\content\_cfg.js
c:\documents and settings\Colleen\Local Settings\Application Data\{95A94777-F5F8-4C78-A0B5-08E7D1969146}\chrome\content\c.js
c:\documents and settings\Colleen\Local Settings\Application Data\{95A94777-F5F8-4C78-A0B5-08E7D1969146}\chrome\content\overlay.xul
c:\documents and settings\Colleen\Local Settings\Application Data\{95A94777-F5F8-4C78-A0B5-08E7D1969146}\install.rdf
c:\documents and settings\Colleen\Start Menu\Advanced Virus Remover.lnk
c:\documents and settings\Marty\Favorites\Online Security Test.url
c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\program files\AskSearch\bin\DeFAultsearch.dll
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\fbstoolbar.manifest
c:\program files\Fast Browser Search\icons.bmp
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Fast Browser Search\info.txt
c:\program files\Fast Browser Search\local.xml
c:\program files\Fast Browser Search\logobg.bmp
c:\program files\Fast Browser Search\MTWBtoolbar.html
c:\program files\Fast Browser Search\search.bmp
c:\program files\Fast Browser Search\search_br.bmp
c:\program files\Fast Browser Search\search_de.bmp
c:\program files\Fast Browser Search\search_es.bmp
c:\program files\Fast Browser Search\search_fr.bmp
c:\program files\Fast Browser Search\search_it.bmp
c:\program files\Fast Browser Search\search_pt.bmp
c:\program files\Fast Browser Search\search_ru.bmp
c:\program files\Fast Browser Search\SearchGuardPlus.ico
c:\program files\Fast Browser Search\SGPU.ico
c:\program files\INSTALL.LOG
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\00126104
c:\program files\Need2Find\bar\Cache\00176C66
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\ezurudafiq.vbs
c:\windows\fanajoxata.dll
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\GnuHashes.ini
c:\windows\ivysy.reg
c:\windows\juwahur.inf
c:\windows\msa.exe
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
c:\windows\system32\11478.exe
c:\windows\system32\116411297.dat
c:\windows\System32\12520850y.exe
c:\windows\system32\14502.exe
c:\windows\system32\14938.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17347.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\19181.exe
c:\windows\system32\19486.exe
c:\windows\system32\21091.exe
c:\windows\system32\21101.exe
c:\windows\system32\215651
c:\windows\system32\21687.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26846.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\31981.exe
c:\windows\system32\32009.exe
c:\windows\system32\32719.exe
c:\windows\system32\3858.exe
c:\windows\system32\407.exe
c:\windows\system32\41.exe
c:\windows\system32\4186.exe
c:\windows\system32\5287.exe
c:\windows\system32\5520.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\certstore.dat
c:\windows\system32\critical_warning.html
c:\windows\system32\Data
c:\windows\system32\dewukobe.dll
c:\windows\system32\fawuruvo.dll
c:\windows\system32\ganafihe.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\icekafi.reg
c:\windows\system32\jeribejo.dll
c:\windows\system32\kabifoti.dll
c:\windows\system32\kilatape.dll
c:\windows\system32\kisafigu.dll
c:\windows\system32\labesina.dll
c:\windows\system32\ludotoja.dll
c:\windows\system32\mikasova.dll
c:\windows\system32\pagifali.dll
c:\windows\system32\polelure.dll
c:\windows\system32\vopeside.dll
c:\windows\system32\wavemile.dll
c:\windows\system32\wibotelo.dll
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\winupdate86.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\Tasks\wlqsipev.job
C:\xcrashdump.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete
----- BITS: Possible infected sites -----
hxxp://82.98.231.102
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_HIDSERVNLA
-------\Service_6to4
-------\Service_HidServNla
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.
2009-11-30 11:22 . 2009-11-30 11:22 -------- d-sha-r- \cmdcons
2009-11-30 11:19 . 2009-11-30 11:41 -------- d-----w- \ComboFix
2009-11-30 11:19 . 2009-11-30 11:40 -------- d-----w- \Qoobox
2009-11-30 09:18 . 2009-11-30 09:18 -------- d-----w- c:\documents and settings\Colleen\Application Data\Malwarebytes
2009-11-30 09:17 . 2009-11-30 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-27 20:33 . 2009-11-27 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-27 01:21 . 2009-11-27 01:21 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2009-11-25 20:55 . 2009-11-25 20:55 -------- d-----w- c:\program files\Common Files\AlphaAntUninstall
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 10:50 . 2006-01-18 22:26 -------- d-----w- c:\documents and settings\Colleen\Application Data\Plaxo
2009-11-27 16:04 . 2009-04-09 00:46 164 -c--a-w- c:\windows\install.dat
2009-11-10 07:39 . 2005-12-31 21:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-06 20:19 . 2007-07-26 01:12 1563008 ----a-w- c:\windows\WRSetup.dll
2009-10-19 03:44 . 2009-10-19 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2008-09-07 05:58 . 2008-09-07 05:58 19822 ----a-w- c:\program files\Common Files\decekiku.sys
2009-08-28 22:00 . 2009-08-28 22:00 3 --sha-w- c:\windows\system32\berikeki.dll
2009-08-28 22:00 . 2009-08-28 22:00 54272 --sha-w- c:\windows\system32\defisebe.dll
2009-08-29 22:00 . 2009-08-29 22:00 61440 --sha-w- c:\windows\system32\denekilo.dll
2007-04-03 02:23 . 2007-04-03 02:23 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-28 22:00 . 2009-08-28 22:00 3 --sha-w- c:\windows\system32\ronigofu.dll
2009-08-29 10:03 . 2009-08-29 10:03 53760 --sha-w- c:\windows\system32\vopereso.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{417a9748-a6b2-490c-bd3e-6f7ada97c3b3}]
2009-08-29 10:03 53760 --sha-w- c:\windows\system32\vopereso.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 17:26 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-11-15 1670144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2004-06-10 60928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2/13/2009 12:25 AM 1201640]
S2 Zwangi Service;Zwangi Service;"c:\documents and settings\All Users\Application Data\Zwangi\zwangi110.exe" "c:\program files\Zwangi\zwangi.dll" Service --> c:\documents and settings\All Users\Application Data\Zwangi\zwangi110.exe [?]
S3 daqdrv;daqdrv;\??\c:\windows\System32\daqdrv.sys --> c:\windows\System32\daqdrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\System32\GameMon.des -service --> c:\windows\System32\GameMon.des -service [?]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [7/26/2005 1:13 PM 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [7/26/2005 1:15 PM 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [7/26/2005 1:15 PM 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [7/26/2005 1:16 PM 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [7/26/2005 1:18 PM 82864]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\System32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://kl.bar.need2f...earch.html?p=KL
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Colleen\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {C8DF9384-CA62-4D74-8BDD-FAAAFD370066} = 83.149.115.182
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1011E032-5CF3-4795-B751-3AA5E008CCA6} - hxxp://download.verizon.net/sfp/Cabs/max_update/VOLUpdate_1-0-0.cab
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.nowcdn.co.kr/bin/DownStarter.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\Colleen\Application Data\Mozilla\Firefox\Profiles\g8gxms79.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe
HKCU-Run-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-RunServices-Windows Security Service - pgyoe.exe
HKLM-Run-ydvpnemv - c:\documents and settings\Owner\Local Settings\Application Data\feesdc\fogxsysguard.exe
HKLM-Run-iysiywdr - c:\documents and settings\Owner\Local Settings\Application Data\wgbfyw\ysgssysguard.exe
HKLM-Run-vugiguges - c:\windows\system32\ludotoja.dll
HKLM-Run-nolemahalo - wavemile.dll
HKU-Default-Run-Windows Security Service - pgyoe.exe
HKU-Default-RunServices-Windows Security Service - pgyoe.exe
SharedTaskScheduler-{d112306e-5ddd-48d0-8aa4-b350b23c241a} - c:\windows\system32\tepidike.dll
SharedTaskScheduler-{7cbe72d6-3dcd-4bbc-994b-fda8b95dd4fe} - c:\windows\system32\ludotoja.dll
SSODL-mizemabey-{d112306e-5ddd-48d0-8aa4-b350b23c241a} - c:\windows\system32\tepidike.dll
SSODL-gowalonuz-{7cbe72d6-3dcd-4bbc-994b-fda8b95dd4fe} - c:\windows\system32\ludotoja.dll
Notify-90cbf6d5573 - c:\windows\System32\iasnap32.dll
Notify-__c00F9104 - c:\windows\System32\__c00F9104.dat
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 06:40
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82339618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85acaac
\Driver\ACPI -> ACPI.sys @ 0xf84f1740
\Driver\atapi -> atapi.sys @ 0xf846603c
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8058e444
ParseProcedure -> ntoskrnl.exe @ 0x8055a85b
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8058e444
ParseProcedure -> ntoskrnl.exe @ 0x8055a85b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\System32\GameMon.des -service"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\smss.exe
c:\windows\system32\csrss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\System32\svchost.exe
c:\windows\System32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\spoolsv.exe
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\alg.exe
c:\windows\System32\CTsvcCDA.EXE
c:\windows\System32\svchost.exe
c:\windows\System32\wdfmgr.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
.
**************************************************************************
.
Completion time: 2009-11-30 06:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 11:51
Pre-Run: 7,934,992,384 bytes free
Post-Run: 7,925,940,224 bytes free
winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
- - End Of File - - 3F7E109BC74E99669A5187861B4F310C
LopSD
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 1
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A10
USER : Colleen ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 11/30/2009| 6:58 )
--------------------\\ Listing folders in APPLIC~1
[03/29/2007|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[02/22/2008|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[06/19/2009|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[02/24/2007|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[09/27/2007|05:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[07/05/2007|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[04/18/2008|06:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BearShare Applications
[03/02/2006|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Broderbund Software
[12/31/2005|04:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[06/23/2009|02:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[10/13/2007|08:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HipSoft
[01/19/2006|11:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[11/27/2009|03:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[10/09/2007|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/12/2007|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[07/05/2007|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mozilla
[01/01/2006|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[09/28/2008|03:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NeoEdge Networks
[03/02/2006|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Riverdeep Interactive Learning Limited
[12/24/2006|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SpinTop Games
[04/11/2008|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/07/2006|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[08/29/2009|05:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[02/13/2009|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Webroot
[08/18/2006|06:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[10/18/2009|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[04/08/2009|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[06/01/2008|04:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> YoYoGames
[03/10/2007|12:14] C:\DOCUME~1\APPLIC~1\APPLIC~1\<DIR> Microsoft
[01/17/2006|11:41] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> acccore
[02/04/2006|03:32] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Adobe
[05/01/2006|02:33] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> AdobeUM
[07/25/2006|12:59] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> AOL
[08/11/2006|11:17] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Apple Computer
[12/24/2006|04:40] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> ArcSoft
[09/14/2008|05:41] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> BearShare
[10/04/2006|11:20] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Corel
[05/01/2006|04:33] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Creative
[01/06/2007|11:52] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> DivX
[07/16/2009|02:24] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> FrostWire
[10/20/2006|02:10] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> FUJIFILM
[06/19/2009|06:29] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Google
[01/15/2006|07:40] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Identities
[06/19/2007|01:29] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> IMVU
[01/15/2006|07:54] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Macromedia
[11/30/2009|04:18] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Malwarebytes
[12/21/2006|02:11] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Microsoft
[08/12/2008|09:07] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Mozilla
[07/17/2007|05:55] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> MSN6
[03/10/2007|09:28] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> MySpace
[11/30/2009|05:50] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Plaxo
[03/03/2007|08:25] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Real
[01/16/2006|05:38] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Sun
[01/12/2007|05:51] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Viewpoint
[03/07/2006|06:27] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Webroot
[06/25/2007|12:31] C:\DOCUME~1\Colleen\APPLIC~1\<DIR> Yahoo!
[12/31/2005|02:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[01/24/2007|01:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[12/31/2005|02:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[08/10/2006|11:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Webroot
[09/11/2008|05:10] C:\DOCUME~1\Marty\APPLIC~1\<DIR> acccore
[03/30/2008|08:04] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Adobe
[04/04/2006|03:10] C:\DOCUME~1\Marty\APPLIC~1\<DIR> AdobeUM
[07/25/2006|12:59] C:\DOCUME~1\Marty\APPLIC~1\<DIR> AOL
[01/17/2006|04:52] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Apple Computer
[12/24/2006|01:59] C:\DOCUME~1\Marty\APPLIC~1\<DIR> ArcSoft
[09/12/2006|05:52] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Corel
[03/30/2006|05:57] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Creative
[12/28/2006|02:27] C:\DOCUME~1\Marty\APPLIC~1\<DIR> DivX
[04/01/2008|12:10] C:\DOCUME~1\Marty\APPLIC~1\<DIR> funkitron
[09/25/2006|03:11] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Google
[02/02/2006|05:12] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Help
[01/15/2006|07:52] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Identities
[07/10/2008|12:39] C:\DOCUME~1\Marty\APPLIC~1\<DIR> LimeWire
[10/19/2009|08:00] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Macromedia
[09/28/2008|03:50] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Microsoft
[09/17/2008|07:30] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Mozilla
[11/16/2008|12:33] C:\DOCUME~1\Marty\APPLIC~1\<DIR> MSN6
[03/10/2007|04:32] C:\DOCUME~1\Marty\APPLIC~1\<DIR> MySpace
[10/18/2007|12:28] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Real
[02/14/2006|03:58] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Sun
[06/05/2008|03:44] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Viewpoint
[08/11/2006|05:39] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Webroot
[10/18/2007|12:24] C:\DOCUME~1\Marty\APPLIC~1\<DIR> Yahoo!
[12/31/2005|02:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[11/17/2009 10:31 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/30/2009 06:39 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/16/2003 03:36 PM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[12/31/2005|04:42] C:\Program Files\<DIR> ABBYY FineReader 6.0
[01/17/2006|12:46] C:\Program Files\<DIR> Adobe
[09/27/2009|08:01] C:\Program Files\<DIR> AIM Search
[02/24/2007|01:20] C:\Program Files\<DIR> AOL
[12/06/2006|11:05] C:\Program Files\<DIR> AOL Games
[09/27/2007|05:54] C:\Program Files\<DIR> Apple Software Update
[05/18/2009|12:06] C:\Program Files\<DIR> AskSearch
[03/28/2006|12:40] C:\Program Files\<DIR> City Interactive
[11/30/2009|06:31] C:\Program Files\<DIR> Common Files
[12/31/2005|02:03] C:\Program Files\<DIR> ComPlus Applications
[09/07/2008|01:03] C:\Program Files\<DIR> Coupons
[12/31/2005|05:30] C:\Program Files\<DIR> Creative
[12/31/2005|04:41] C:\Program Files\<DIR> Dell A920
[07/04/2009|03:48] C:\Program Files\<DIR> Dell AIO Printer A920
[07/05/2007|03:33] C:\Program Files\<DIR> Disc2Phone
[10/18/2007|12:24] C:\Program Files\<DIR> DivX
[11/14/2006|02:38] C:\Program Files\<DIR> Elecard
[09/27/2008|08:58] C:\Program Files\<DIR> FamilySearch
[12/31/2005|04:41] C:\Program Files\<DIR> FaxTools
[02/24/2008|12:08] C:\Program Files\<DIR> FinePixViewer
[01/24/2008|10:55] C:\Program Files\<DIR> GameData
[07/25/2008|10:00] C:\Program Files\<DIR> Global Star Software
[11/10/2009|02:39] C:\Program Files\<DIR> InstallShield Installation Information
[12/31/2005|05:14] C:\Program Files\<DIR> Intel
[01/28/2008|08:25] C:\Program Files\<DIR> Internet Explorer
[01/31/2006|12:56] C:\Program Files\<DIR> ItsDeductible2005
[10/15/2007|09:28] C:\Program Files\<DIR> Java
[05/05/2008|03:56] C:\Program Files\<DIR> Kazaa
[08/17/2009|02:26] C:\Program Files\<DIR> LimeWire
[11/30/2009|06:01] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/06/2008|05:38] C:\Program Files\<DIR> Maxis
[02/14/2008|10:15] C:\Program Files\<DIR> Messenger
[12/31/2005|02:09] C:\Program Files\<DIR> microsoft frontpage
[03/24/2006|10:45] C:\Program Files\<DIR> Microsoft Office
[12/31/2005|02:04] C:\Program Files\<DIR> Movie Maker
[11/30/2009|06:55] C:\Program Files\<DIR> Mozilla Firefox
[01/08/2006|02:20] C:\Program Files\<DIR> MSN
[12/31/2005|02:02] C:\Program Files\<DIR> MSN Gaming Zone
[07/05/2007|09:59] C:\Program Files\<DIR> MTV Networks
[10/23/2006|07:32] C:\Program Files\<DIR> MySecretCodes Toolbar
[10/15/2007|09:26] C:\Program Files\<DIR> MySpace
[07/25/2007|04:27] C:\Program Files\<DIR> NetBattle
[01/10/2006|06:21] C:\Program Files\<DIR> NetMeeting
[04/01/2008|08:25] C:\Program Files\<DIR> Oberon Media
[12/31/2005|02:04] C:\Program Files\<DIR> Online Services
[04/15/2006|05:00] C:\Program Files\<DIR> Outlook Express
[04/08/2009|01:19] C:\Program Files\<DIR> Plaxo
[07/14/2009|01:12] C:\Program Files\<DIR> PokerStars.NET
[08/17/2009|02:28] C:\Program Files\<DIR> PopCap Games
[03/13/2006|09:12] C:\Program Files\<DIR> PrintMaster 16
[07/28/2007|07:12] C:\Program Files\<DIR> QuickTime
[02/20/2008|11:29] C:\Program Files\<DIR> Real
[03/19/2006|12:21] C:\Program Files\<DIR> REGSHAVE
[02/20/2008|11:28] C:\Program Files\<DIR> Rhapsody
[12/24/2006|01:28] C:\Program Files\<DIR> SanDisk
[10/08/2006|07:18] C:\Program Files\<DIR> Strategy First
[07/03/2007|11:21] C:\Program Files\<DIR> The Weather Channel FW
[04/04/2006|02:20] C:\Program Files\<DIR> TryMedia
[01/28/2008|08:23] C:\Program Files\<DIR> TurboTax
[12/31/2005|03:33] C:\Program Files\<DIR> Uninstall Information
[08/29/2009|05:47] C:\Program Files\<DIR> Viewpoint
[02/02/2008|08:13] C:\Program Files\<DIR> Walgreens
[01/31/2007|07:39] C:\Program Files\<DIR> Web Publish
[01/01/2006|03:48] C:\Program Files\<DIR> Webroot
[12/24/2006|02:09] C:\Program Files\<DIR> Windows Media Player
[12/31/2005|02:02] C:\Program Files\<DIR> Windows NT
[01/08/2006|03:47] C:\Program Files\<DIR> WindowsUpdate
[04/19/2006|02:00] C:\Program Files\<DIR> WordPerfect Office 12
[12/31/2005|02:09] C:\Program Files\<DIR> xerox
[08/29/2009|05:46] C:\Program Files\<DIR> Zwangi
--------------------\\ Listing Folders in C:\Program Files\Common Files
[09/15/2007|10:59] C:\Program Files\Common Files\<DIR> Adobe
[11/25/2009|03:55] C:\Program Files\Common Files\<DIR> AlphaAntUninstall
[01/28/2008|08:32] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[04/03/2009|04:09] C:\Program Files\Common Files\<DIR> AOL
[11/01/2007|06:43] C:\Program Files\Common Files\<DIR> AOLSHARE
[12/24/2006|01:28] C:\Program Files\Common Files\<DIR> ArcSoft
[04/19/2006|02:01] C:\Program Files\Common Files\<DIR> Borland Shared
[03/02/2006|10:47] C:\Program Files\Common Files\<DIR> Broderbund
[04/19/2006|02:00] C:\Program Files\Common Files\<DIR> Corel
[08/09/2006|01:07] C:\Program Files\Common Files\<DIR> DirectX
[11/14/2006|02:38] C:\Program Files\Common Files\<DIR> Elecard
[07/02/2009|04:53] C:\Program Files\Common Files\<DIR> INCA Shared
[04/19/2006|02:00] C:\Program Files\Common Files\<DIR> InstallShield
[01/19/2006|11:20] C:\Program Files\Common Files\<DIR> Intuit
[10/15/2007|09:26] C:\Program Files\Common Files\<DIR> Java
[01/01/2009|10:21] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/12/2007|07:04] C:\Program Files\Common Files\<DIR> Motive
[12/31/2005|02:03] C:\Program Files\Common Files\<DIR> MSSoap
[06/25/2006|04:01] C:\Program Files\Common Files\<DIR> NSV
[01/13/2006|03:43] C:\Program Files\Common Files\<DIR> Nullsoft
[12/30/2005|10:51] C:\Program Files\Common Files\<DIR> ODBC
[11/27/2007|11:33] C:\Program Files\Common Files\<DIR> Real
[12/31/2005|02:04] C:\Program Files\Common Files\<DIR> Services
[02/02/2008|08:13] C:\Program Files\Common Files\<DIR> Simple Star Shared
[12/30/2005|10:50] C:\Program Files\Common Files\<DIR> SpeechEngines
[04/15/2006|05:00] C:\Program Files\Common Files\<DIR> System
[12/31/2005|02:40] C:\Program Files\Common Files\<DIR> Verizon Online
[09/25/2006|01:46] C:\Program Files\Common Files\<DIR> Viewpoint
--------------------\\ Process
( 31 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\Colleen\Cookies\[email protected][1].txt
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 07:02:19
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Colleen\crack
C:\DOCUME~1\Colleen\crack\Dynomite v1.2 Full Crack.exe
C:\DOCUME~1\Colleen\crack\WinDynomite_setup.exe
[F:1][D:0]-> C:\DOCUME~1\Colleen\LOCALS~1\Temp
[F:257][D:0]-> C:\DOCUME~1\Colleen\Cookies
[F:2][D:0]-> C:\DOCUME~1\Colleen\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Mon 11/30/2009| 7:04 - Option : [1]
--------------------\\ Scan completed at 7:04:14
Edited by hixyousuck, 30 November 2009 - 11:35 AM.