Infected by Windows XP Recovery

View previous topic View next topic Go down

Infected by Windows XP Recovery

Post by audinrodin on Fri 03 Jun 2011, 7:54 pm

Hello, my computer is infected by Windows XP Recovery, which looks like fake security thing.

My desktop is now all black and everything I saved or used to be all disappeared.
Error message keep coming up, such as "windows was unable to save all the data for the file //System32//496A8300. The data has been lost. This error may be caused by a failure of your computer hardware."

I usually use firefox but now its gone and swap with ie. internet website jumping other webpage and not able to be used.

Could you help me please..



OTL logfile created on: 3/06/2011 6:02:20 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\VIP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.94 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 70.94% Memory free
3.19 Gb Paging File | 2.83 Gb Available in Paging File | 88.52% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 116.85 Gb Free Space | 78.40% Space Free | Partition Type: NTFS

Computer Name: VIP-PC | User Name: VIP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/03 18:01:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.com
PRC - [2011/06/03 08:04:44 | 000,410,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20045604.exe
PRC - [2011/06/03 07:55:35 | 000,465,408 | ---- | M] (eSafe) -- C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe
PRC - [2008/04/14 21:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/28 14:04:08 | 002,049,320 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
PRC - [2008/02/28 14:04:08 | 001,440,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
PRC - [2008/02/28 14:04:08 | 000,053,032 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
PRC - [2008/02/28 14:03:48 | 001,083,176 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCD.exe


========== Modules (SafeList) ==========

MOD - [2011/06/03 18:01:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.com
MOD - [2010/08/24 01:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2008/02/28 14:04:08 | 001,440,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/02/28 14:04:08 | 000,053,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)


========== Driver Services (SafeList) ==========

DRV - [2009/03/16 11:00:52 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/12/11 18:54:20 | 004,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/28 14:03:58 | 000,040,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/28 14:03:58 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/28 14:03:48 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/11/27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 07:03:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 20:49:25 | 000,000,000 | ---D | M]

[2009/06/28 03:06:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\VIP\Application Data\Mozilla\Extensions
[2009/06/28 03:06:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\VIP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/03 07:51:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\VIP\Application Data\Mozilla\Firefox\Profiles\7i0fknmx.default\extensions
[2009/09/03 11:42:28 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\VIP\Application Data\Mozilla\Firefox\Profiles\7i0fknmx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/03 07:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/22 20:27:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/22 20:27:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/22 20:27:06 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/09 08:47:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe (Nero AG)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [kqAIrvwyxLeS] C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe (eSafe)
O4 - Startup: C:\Documents and Settings\VIP\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\VIP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\VIP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/16 10:31:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55464181163360256)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 18:02:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\VIP\Recent
[2011/06/03 17:39:30 | 000,589,632 | -H-- | C] (AVAST Software) -- C:\Documents and Settings\VIP\My Documents\aswMBR.exe
[2011/06/03 17:38:57 | 000,580,096 | -H-- | C] (OldTimer Tools) -- C:\Documents and Settings\VIP\My Documents\OTL.com
[2011/06/03 17:38:10 | 000,589,632 | -H-- | C] (AVAST Software) -- C:\Documents and Settings\VIP\Desktop\aswMBR.exe
[2011/06/03 17:36:59 | 000,580,096 | -H-- | C] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.com
[2011/06/03 08:04:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\VIP\Start Menu\Programs\Windows XP Recovery
[2011/06/03 07:55:35 | 000,465,408 | ---- | C] (eSafe) -- C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe
[2011/05/29 15:04:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spin Palace Casino
[2011/05/21 11:32:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\VIP\My Documents\dav uni
[5 C:\Documents and Settings\VIP\Desktop\*.tmp files -> C:\Documents and Settings\VIP\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/03 18:01:37 | 000,580,096 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.com
[2011/06/03 17:58:50 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20045604
[2011/06/03 17:58:49 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20045604r
[2011/06/03 17:56:27 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/03 17:56:18 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 17:56:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/03 17:40:38 | 000,580,096 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\My Documents\OTL.com
[2011/06/03 17:39:38 | 000,589,632 | -H-- | M] (AVAST Software) -- C:\Documents and Settings\VIP\My Documents\aswMBR.exe
[2011/06/03 17:38:16 | 000,589,632 | -H-- | M] (AVAST Software) -- C:\Documents and Settings\VIP\Desktop\aswMBR.exe
[2011/06/03 16:51:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/03 08:04:47 | 000,000,819 | -H-- | M] () -- C:\Documents and Settings\VIP\Desktop\Windows XP Recovery.lnk
[2011/06/03 08:04:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20045604
[2011/06/03 08:04:44 | 000,410,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20045604.exe
[2011/06/03 07:55:35 | 000,465,408 | ---- | M] (eSafe) -- C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe
[2011/05/30 17:51:41 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/29 14:45:17 | 000,501,320 | -H-- | M] () -- C:\Documents and Settings\VIP\Desktop\SpinPalace.exe
[2011/05/27 07:14:58 | 000,016,586 | -H-- | M] () -- C:\Documents and Settings\VIP\Desktop\997129_vb.jpg
[2011/05/26 23:46:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/26 23:46:24 | 000,006,656 | -H-- | M] () -- C:\Documents and Settings\VIP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 21:20:25 | 000,116,345 | -H-- | M] () -- C:\Documents and Settings\VIP\Desktop\graduation.JPG
[5 C:\Documents and Settings\VIP\Desktop\*.tmp files -> C:\Documents and Settings\VIP\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/03 08:05:06 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20045604r
[2011/06/03 08:05:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20045604
[2011/06/03 08:04:47 | 000,000,819 | -H-- | C] () -- C:\Documents and Settings\VIP\Desktop\Windows XP Recovery.lnk
[2011/06/03 08:04:45 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20045604
[2011/06/03 08:04:44 | 000,410,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20045604.exe
[2011/05/29 14:45:08 | 000,501,320 | -H-- | C] () -- C:\Documents and Settings\VIP\Desktop\SpinPalace.exe
[2011/05/27 07:14:58 | 000,016,586 | -H-- | C] () -- C:\Documents and Settings\VIP\Desktop\997129_vb.jpg
[2011/05/26 21:20:24 | 000,116,345 | -H-- | C] () -- C:\Documents and Settings\VIP\Desktop\graduation.JPG
[2010/07/24 14:23:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/24 14:23:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/24 14:23:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/24 14:23:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/24 14:23:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/04 10:25:47 | 000,006,656 | -H-- | C] () -- C:\Documents and Settings\VIP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 21:55:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/02 10:37:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/24 09:00:27 | 000,157,454 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2009/07/24 09:00:27 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2009/07/15 16:09:57 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/12 09:04:30 | 000,000,071 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/30 17:45:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/03 21:25:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/02 19:32:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/16 09:49:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/16 18:21:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/16 18:19:21 | 000,171,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/16 10:57:04 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/03/16 10:32:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/16 10:29:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/04/14 21:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 21:30:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 21:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 21:30:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 21:30:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 21:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 21:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 21:30:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 21:30:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 21:30:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/14 21:30:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 21:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 21:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 21:30:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 21:30:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 21:30:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 21:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/10/31 16:05:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 16:05:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 16:05:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 16:05:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 16:05:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 16:05:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 16:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 16:05:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 16:05:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 16:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 16:05:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/09/16 18:01:04 | 000,315,392 | -H-- | M] () -- C:\Documents and Settings\VIP\Desktop\access.exe
[2011/06/03 17:38:16 | 000,589,632 | -H-- | M] (AVAST Software) -- C:\Documents and Settings\VIP\Desktop\aswMBR.exe
[2010/08/09 08:43:06 | 003,817,265 | RH-- | M] () -- C:\Documents and Settings\VIP\Desktop\ComboFix.exe
[2010/07/23 08:39:53 | 000,574,976 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.exe
[2010/06/21 17:33:30 | 001,704,744 | -H-- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\VIP\Desktop\SkypeSetup.exe
[2011/05/29 14:45:17 | 000,501,320 | -H-- | M] () -- C:\Documents and Settings\VIP\Desktop\SpinPalace.exe
[2009/05/03 20:50:26 | 001,144,168 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\VIP\Desktop\wlsetup-custom.exe
[5 C:\Documents and Settings\VIP\Desktop\*.tmp files -> C:\Documents and Settings\VIP\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2011/06/03 17:39:38 | 000,589,632 | -H-- | M] (AVAST Software) -- C:\Documents and Settings\VIP\My Documents\aswMBR.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/30 20:49:19 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/30 20:49:22 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/02/18 04:30:27 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2011/02/18 04:30:27 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/14 21:30:00 | 000,127,213 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ega.cpi
[2009/03/16 18:26:20 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\h323log.txt
[2011/02/18 04:30:28 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2007/08/13 17:50:08 | 001,383,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mshtml.tlb
[2010/12/09 22:37:07 | 002,027,008 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntkrnlpa.exe
[2008/04/14 21:30:00 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/05/03 13:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/11/25 22:39:26 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/05/03 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/08/09 08:47:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/16 10:29:11 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/12/27 13:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Cyanide
[2009/03/16 10:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/08/08 19:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\etax2010
[2010/12/27 13:09:57 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2010/12/27 13:35:52 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/26 13:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2009/07/24 09:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/07/24 09:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/01/02 13:08:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/04/16 08:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/23 08:38:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/16 12:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/08/29 21:23:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/06/28 03:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/05/26 20:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/21 10:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/12/11 07:54:56 | 000,000,000 | ---D | M] -- C:\Program Files\Micro Application
[2010/06/21 17:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/03/16 10:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/05/05 13:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/21 22:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/05/03 21:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/21 17:15:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/12/01 20:35:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/05/05 13:31:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 22:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/03 07:53:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/21 10:33:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/05/30 17:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/03/16 10:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/04/21 10:10:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/03/16 12:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/03/16 12:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\NeroInstall.bak
[2009/03/16 10:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/16 10:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/03/16 12:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/15 18:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/01/04 17:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming
[2010/01/26 13:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2009/10/24 19:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/06/02 23:28:04 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/04/21 10:33:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/21 17:37:00 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/05/03 19:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\Starters Orders 3
[2009/08/30 20:25:07 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/06/12 11:14:07 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/03/16 10:37:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/02/03 21:53:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/05/03 21:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/01/28 20:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/01/28 20:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/16 10:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/16 10:30:18 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/06/12 10:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\X-Cleaner
[2009/03/16 10:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\recover\I386\sp3.cab:AGP440.sys
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\recover\I386\sp3.cab:atapi.sys
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 21:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 21:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 21:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\recover\I386\sp3.cab:disk.sys
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 21:30:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 21:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 21:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 21:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 22:08:11

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/02/14 21:47:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/02/14 21:47:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< >

========== Files - Unicode (All) ==========
[2010/05/02 11:38:54 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\VIP\Desktop\~$?5?.docx) -- C:\Documents and Settings\VIP\Desktop\~$第5章.docx
[2010/05/02 11:38:54 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\VIP\Desktop\~$?5?.docx) -- C:\Documents and Settings\VIP\Desktop\~$第5章.docx

< End of report >



aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-03 18:10:33
-----------------------------
18:10:33.171 OS Version: Windows 5.1.2600 Service Pack 3
18:10:33.171 Number of processors: 2 586 0x203
18:10:33.171 ComputerName: VIP-PC UserName: VIP
18:10:33.484 Initialize success
18:10:35.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
18:10:35.593 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-19 Size: 152626MB BusType: 3
18:10:37.609 Disk 0 MBR read successfully
18:10:37.609 Disk 0 MBR scan
18:10:37.609 Disk 0 Windows XP default MBR code
18:10:39.609 Disk 0 scanning sectors +312576705
18:10:39.625 Disk 0 scanning C:\WINDOWS\system32\drivers
18:10:43.125 Service scanning
18:10:43.906 Disk 0 trace - called modules:
18:10:43.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a42e1ed]<<
18:10:43.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4ccab8]
18:10:43.921 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000056[0x8a490f18]
18:10:43.921 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000054[0x8a47b030]
18:10:43.921 \Driver\nvata[0x8a54df38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a42e1ed
18:10:43.921 Scan finished successfully
18:12:35.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\VIP\Desktop\MBR.dat"
18:12:35.734 The log file has been saved successfully to "C:\Documents and Settings\VIP\Desktop\aswMBR.txt"

audinrodin

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-06-03
Operating System : Windows XP

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by audinrodin on Sat 04 Jun 2011, 4:44 am

i just tried to run Malwarebytes' Anti-Malware & Unhide.exe.
The fake security software 'Windows XP recovery' seems to be gone and also my file are back.
but still there is one more problem that website i am going to redirects me to other website.

I post OTL.txt and aswMBR.txt below.
Could you have a look at them and give me some advice please.

thank you very much.

--------------------
OTL logfile created on: 4/06/2011 3:01:16 AM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\VIP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 116.76 Gb Free Space | 78.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VIP-PC
Current User Name: VIP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/23 08:39:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/16 19:55:32 | 000,223,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/09 20:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 19:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/14 21:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/28 14:04:08 | 002,049,320 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
PRC - [2008/02/28 14:04:08 | 001,440,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
PRC - [2008/02/28 14:04:08 | 000,053,032 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
PRC - [2008/02/28 14:03:48 | 001,083,176 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCD.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 01:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/23 08:39:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.exe
MOD - [2008/04/14 21:30:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/02/28 14:04:08 | 001,440,552 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/02/28 14:04:08 | 000,053,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VIP\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/03/16 11:00:52 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/12/11 18:54:20 | 004,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 21:30:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/28 14:03:58 | 000,040,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/28 14:03:58 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/28 14:03:48 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/11/27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/31 16:05:00 | 003,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/10/18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 07:03:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 20:49:25 | 000,000,000 | ---D | M]

[2009/06/28 03:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VIP\Application Data\Mozilla\Extensions
[2009/06/28 03:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VIP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/03 07:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VIP\Application Data\Mozilla\Firefox\Profiles\7i0fknmx.default\extensions
[2009/09/03 11:42:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\VIP\Application Data\Mozilla\Firefox\Profiles\7i0fknmx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/03 07:51:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/22 20:27:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/22 20:27:06 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/09 08:47:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe (Nero AG)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [kqAIrvwyxLeS] C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe File not found
O4 - Startup: C:\Documents and Settings\VIP\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\VIP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\VIP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/16 10:31:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 01:05:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\VIP\Recent
[2011/06/03 17:39:30 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\VIP\My Documents\aswMBR.exe
[2011/06/03 17:38:57 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\VIP\My Documents\OTL.com
[2011/06/03 17:38:10 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\VIP\Desktop\aswMBR.exe
[2011/06/03 17:36:59 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.com
[2011/05/21 11:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VIP\My Documents\dav uni
[5 C:\Documents and Settings\VIP\Desktop\*.tmp files -> C:\Documents and Settings\VIP\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 02:51:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 02:20:54 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/04 02:20:52 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 02:20:51 | 000,000,006 | ---- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/06/04 02:20:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 02:19:36 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\VIP\NTUSER.DAT
[2011/06/04 02:19:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\VIP\ntuser.ini
[2011/06/04 02:07:31 | 002,670,792 | ---- | M] () -- C:\Documents and Settings\VIP\Local Settings\Application Data\IconCache.db
[2011/06/04 01:59:29 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\unhide.exe
[2011/06/04 01:27:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 00:53:17 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20045604r
[2011/06/04 00:53:17 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20045604
[2011/06/03 18:12:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\MBR.dat
[2011/06/03 18:10:30 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\VIP\Desktop\aswMBR.exe
[2011/06/03 18:01:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.com
[2011/06/03 17:40:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\My Documents\OTL.com
[2011/06/03 17:39:38 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\VIP\My Documents\aswMBR.exe
[2011/06/03 08:04:47 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\Windows XP Recovery.lnk
[2011/06/03 08:04:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20045604
[2011/05/30 17:51:41 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/29 15:04:37 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spin Palace Casino.lnk
[2011/05/29 14:45:17 | 000,501,320 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\SpinPalace.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/27 07:14:58 | 000,016,586 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\997129_vb.jpg
[2011/05/26 23:46:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/26 23:46:24 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\VIP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 21:20:25 | 000,116,345 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\graduation.JPG
[2011/05/23 17:23:17 | 000,041,986 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\task1c---.docx
[2011/05/18 18:28:08 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Quatro Casino.lnk
[2011/05/18 18:20:30 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Casino Share.lnk
[2011/05/11 17:47:54 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Casino Action.lnk
[2011/05/11 16:54:09 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Captain Cooks Casino.lnk
[2011/05/05 17:40:59 | 000,039,400 | ---- | M] () -- C:\Documents and Settings\VIP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[5 C:\Documents and Settings\VIP\Desktop\*.tmp files -> C:\Documents and Settings\VIP\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/04 02:03:33 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/06/04 02:03:30 | 000,002,370 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/06/04 02:03:30 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk
[2011/06/04 02:03:30 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Players Palace.lnk
[2011/06/04 02:03:30 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Quatro Casino.lnk
[2011/06/04 02:03:30 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Casino Action.lnk
[2011/06/04 02:03:30 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Casino Share.lnk
[2011/06/04 02:03:30 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Royal Vegas Online Casino.lnk
[2011/06/04 02:03:30 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Casino.lnk
[2011/06/04 02:03:30 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/04 02:03:30 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/04 02:03:30 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/04 02:03:30 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/06/04 02:03:30 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/04 02:03:29 | 000,002,352 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2011/06/04 02:03:29 | 000,002,254 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home Essentials SE.lnk
[2011/06/04 02:03:29 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\Captain Cooks Casino.lnk
[2011/06/04 02:03:29 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\VIP\Application Data\Microsoft\Internet Explorer\Quick Launch\All Slots Casino.lnk
[2011/06/04 02:03:29 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/04 02:03:29 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/06/04 02:03:29 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spin Palace Casino.lnk
[2011/06/04 02:03:29 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2011/06/04 01:57:06 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\VIP\Desktop\unhide.exe
[2011/06/04 01:27:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 18:12:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\VIP\Desktop\MBR.dat
[2011/06/03 08:05:06 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20045604r
[2011/06/03 08:05:05 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20045604
[2011/06/03 08:04:47 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\VIP\Desktop\Windows XP Recovery.lnk
[2011/06/03 08:04:45 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20045604
[2011/05/29 14:45:08 | 000,501,320 | ---- | C] () -- C:\Documents and Settings\VIP\Desktop\SpinPalace.exe
[2011/05/27 07:14:58 | 000,016,586 | ---- | C] () -- C:\Documents and Settings\VIP\Desktop\997129_vb.jpg
[2011/05/26 21:20:24 | 000,116,345 | ---- | C] () -- C:\Documents and Settings\VIP\Desktop\graduation.JPG
[2011/05/23 16:48:14 | 000,041,986 | ---- | C] () -- C:\Documents and Settings\VIP\Desktop\task1c---.docx
[2009/07/15 16:09:57 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/12 09:04:30 | 000,000,071 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/02 19:32:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/16 09:49:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2006/10/31 16:05:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 16:05:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 16:05:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 16:05:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 16:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 16:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 16:05:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/09/16 18:01:04 | 000,315,392 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\access.exe
[2011/06/03 18:10:30 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\VIP\Desktop\aswMBR.exe
[2010/08/09 08:43:06 | 003,817,265 | R--- | M] () -- C:\Documents and Settings\VIP\Desktop\ComboFix.exe
[2010/07/23 08:39:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VIP\Desktop\OTL.exe
[2010/06/21 17:33:30 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\VIP\Desktop\SkypeSetup.exe
[2011/05/29 14:45:17 | 000,501,320 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\SpinPalace.exe
[2011/06/04 01:59:29 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\VIP\Desktop\unhide.exe
[2009/05/03 20:50:26 | 001,144,168 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\VIP\Desktop\wlsetup-custom.exe
[5 C:\Documents and Settings\VIP\Desktop\*.tmp files -> C:\Documents and Settings\VIP\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2011/06/03 17:39:38 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\VIP\My Documents\aswMBR.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/30 20:49:19 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/30 20:49:22 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2008/04/14 21:30:00 | 000,127,213 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ega.cpi
[2009/03/16 18:26:20 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\h323log.txt
[2011/02/18 04:30:28 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2007/08/13 17:50:08 | 001,383,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mshtml.tlb
[2010/12/09 22:37:07 | 002,027,008 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntkrnlpa.exe
[2008/04/14 21:30:00 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/05/03 13:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/11/25 22:39:26 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/05/03 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/08/09 08:47:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/16 10:29:11 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/12/27 13:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Cyanide
[2009/03/16 10:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/08/08 19:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\etax2010
[2010/12/27 13:09:57 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2010/12/27 13:35:52 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/26 13:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2009/07/24 09:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/07/24 09:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/01/02 13:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2011/04/16 08:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/23 08:38:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/16 12:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/08/29 21:23:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/06/28 03:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2011/06/04 01:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/21 10:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/12/11 07:54:56 | 000,000,000 | ---D | M] -- C:\Program Files\Micro Application
[2010/06/21 17:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/03/16 10:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/05/05 13:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/21 22:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/05/03 21:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/21 17:15:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/12/01 20:35:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/05/05 13:31:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 22:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/04 02:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/21 10:33:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/05/30 17:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/03/16 10:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/04/21 10:10:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/03/16 12:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/03/16 12:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\NeroInstall.bak
[2009/03/16 10:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/16 10:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/03/16 12:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/15 18:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/01/04 17:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming
[2010/01/26 13:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2009/10/24 19:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/06/02 23:28:04 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/04/21 10:33:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/21 17:37:00 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/05/03 19:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\Starters Orders 3
[2009/08/30 20:25:07 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/06/12 11:14:07 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/03/16 10:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2011/02/03 21:53:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/05/03 21:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/01/28 20:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/01/28 20:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/16 10:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/16 10:30:18 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2009/06/12 10:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\X-Cleaner
[2009/03/16 10:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\recover\I386\sp3.cab:AGP440.sys
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\recover\I386\sp3.cab:atapi.sys
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 21:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 21:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 21:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\recover\I386\sp3.cab:disk.sys
[2008/04/14 21:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 21:30:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 21:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 21:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 21:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 22:08:11

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/02/14 21:47:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 20:49:22 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 20:49:20 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 21:13:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/02/14 21:47:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2010/05/02 11:38:54 | 000,000,162 | ---- | M] ()(C:\Documents and Settings\VIP\Desktop\~$?5?.docx) -- C:\Documents and Settings\VIP\Desktop\~$第5章.docx
[2010/05/02 11:38:54 | 000,000,162 | ---- | C] ()(C:\Documents and Settings\VIP\Desktop\~$?5?.docx) -- C:\Documents and Settings\VIP\Desktop\~$第5章.docx
< End of report >



aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-03 18:10:33
-----------------------------
18:10:33.171 OS Version: Windows 5.1.2600 Service Pack 3
18:10:33.171 Number of processors: 2 586 0x203
18:10:33.171 ComputerName: VIP-PC UserName: VIP
18:10:33.484 Initialize success
18:10:35.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
18:10:35.593 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-19 Size: 152626MB BusType: 3
18:10:37.609 Disk 0 MBR read successfully
18:10:37.609 Disk 0 MBR scan
18:10:37.609 Disk 0 Windows XP default MBR code
18:10:39.609 Disk 0 scanning sectors +312576705
18:10:39.625 Disk 0 scanning C:\WINDOWS\system32\drivers
18:10:43.125 Service scanning
18:10:43.906 Disk 0 trace - called modules:
18:10:43.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a42e1ed]<<
18:10:43.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4ccab8]
18:10:43.921 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000056[0x8a490f18]
18:10:43.921 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000054[0x8a47b030]
18:10:43.921 \Driver\nvata[0x8a54df38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a42e1ed
18:10:43.921 Scan finished successfully
18:12:35.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\VIP\Desktop\MBR.dat"
18:12:35.734 The log file has been saved successfully to "C:\Documents and Settings\VIP\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-04 03:03:56
-----------------------------
03:03:56.906 OS Version: Windows 5.1.2600 Service Pack 3
03:03:56.906 Number of processors: 2 586 0x203
03:03:56.906 ComputerName: VIP-PC UserName: VIP
03:03:57.218 Initialize success
03:04:02.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
03:04:02.718 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-19 Size: 152626MB BusType: 3
03:04:04.734 Disk 0 MBR read successfully
03:04:04.734 Disk 0 MBR scan
03:04:04.734 Disk 0 Windows XP default MBR code
03:04:06.734 Disk 0 scanning sectors +312576705
03:04:06.750 Disk 0 scanning C:\WINDOWS\system32\drivers
03:04:10.265 Service scanning
03:04:11.046 Disk 0 trace - called modules:
03:04:11.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a4a31ed]<<
03:04:11.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4f4ab8]
03:04:11.046 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000056[0x8a49f988]
03:04:11.046 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000054[0x8a54b030]
03:04:11.062 \Driver\nvata[0x8a50ba08] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a4a31ed
03:04:11.062 Scan finished successfully
03:04:22.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\VIP\Desktop\MBR.dat"
03:04:22.000 The log file has been saved successfully to "C:\Documents and Settings\VIP\Desktop\aswMBR.txt"



audinrodin

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-06-03
Operating System : Windows XP

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by Pancake on Sat 04 Jun 2011, 10:57 am

Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper













Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by audinrodin on Sat 04 Jun 2011, 12:47 pm

here is malwarebytes log.

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6767

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/06/2011 10:43:15 AM
mbam-log-2011-06-04 (10-43-15).txt

Scan type: Quick scan
Objects scanned: 176739
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kqAIrvwyxLeS (Rogue.Agent.SA) -> Value: kqAIrvwyxLeS -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


audinrodin

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-06-03
Operating System : Windows XP

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by audinrodin on Sat 04 Jun 2011, 12:55 pm

here is combofix log. i could not send at once, so i attached the text file.

my computer seems running already normal. thank you!

audinrodin

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-06-03
Operating System : Windows XP

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by Pancake on Sat 04 Jun 2011, 1:00 pm

Just one more fix to do and we are done.....


WARNING these fixes are designed for this user only and may cause damage if run on any other machine.


Please download the OTM.exe by OldTimer.

Save it to your Desktop.
Please double-click OTM.exe to run it.
Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


Code:

:Processes
explorer.exe
:otl
:files
C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe
:reg
:services
:Commands
ipconfig /flushdns /c
c:\recycler\
f:\recycler\
g:\recycler\
[clearallrestorepoints]
[createrestorepoint]
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Return to OTM.exe, right click in the "Paste Instructions for Items to be Moved" window (under the light yellow bar) and choose Paste.
Click the red Moveit! button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by audinrodin on Sat 04 Jun 2011, 1:23 pm

here is a log.
thank you so much.


All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
Error: Unable to interpret <:otl> in the current context!
========== FILES ==========
File/Folder C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe not found.
========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========

Restore points cleared and new OTM Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

audinrodin

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-06-03
Operating System : Windows XP

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by Pancake on Sat 04 Jun 2011, 1:48 pm

Ok.All done.I see no more malware.Log looks good! . Congratulations, well done.


Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.


ComboFix /uninstall






Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================








Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by audinrodin on Sat 04 Jun 2011, 3:37 pm

Thank you thank you thank you so much!!!

I will follow the tips you gave me to protect my computer.
thanks again.

regards

audinrodin

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-06-03
Operating System : Windows XP

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by Pancake on Sat 04 Jun 2011, 3:48 pm

Your welcome.Glad to help.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by audinrodin on Sat 04 Jun 2011, 5:43 pm

sorry, i got a quick question. ( If this post is not appropriate for here, please let me know i will post this on different forum.)

i read the tips and downloaded some scanner and firewalls.

i downloaded
Comodo, Avast, MalwareByte's Anti-Malware, and Lavasoft's Ad-Aware.

I just would like to know if these soft can exist same time or I downloaded too many same things.

regards

audinrodin

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-06-03
Operating System : Windows XP

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by Pancake on Sun 05 Jun 2011, 9:39 am

They will all be fine to work together.I dont think there is any need for A-Aware because Malwarebytes will do the job better.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by audinrodin on Sun 05 Jun 2011, 11:05 am

thank you!

audinrodin

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2011-06-03
Operating System : Windows XP

View user profile

Back to top Go down

Re: Infected by Windows XP Recovery

Post by Sponsored content Today at 9:31 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum