Conficker, Virut gen (probably) - Backing up

View previous topic View next topic Go down

Conficker, Virut gen (probably) - Backing up

Post by mazohysta88 on Fri Mar 23, 2012 6:12 am

Hello guys! I am new here and unsure how to post this.

I think my machine is infected with more than one virus so I'll just post the otl log here.

I want to back my files up , format + reinstall OS and I have two questions.

1. What files should I avoid backing up? (I'm interested mostly in keeping photos, documents, presentations, videos, music, maybe some WoW addons)

2. What antivirus can you recommend me for real time protection? (if I'm allowed to ask that)

Thank you very much. :smile2:

OTL logfile created on: 3/23/2012 7:39:43 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 56.81 Mb Available Physical Memory | 5.60% Memory free
2.39 Gb Paging File | 1.74 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): D:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 143.87 Gb Total Space | 15.07 Gb Free Space | 10.47% Space Free | Partition Type: NTFS
Drive D: | 5.17 Gb Total Space | 0.06 Gb Free Space | 1.25% Space Free | Partition Type: NTFS
Drive F: | 633.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.74 Gb Total Space | 3.49 Gb Free Space | 93.48% Space Free | Partition Type: FAT32

Computer Name: CIAU | User Name: Lizzeh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/23 07:38:45 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\OTL.com
PRC - [2012/03/21 18:14:08 | 001,581,056 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/06/01 09:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/27 14:12:37 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012/01/27 14:12:37 | 000,275,968 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012/01/27 14:12:37 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012/01/27 14:12:37 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012/01/27 14:12:37 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012/01/27 14:12:37 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012/01/27 14:12:37 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012/01/27 14:12:37 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012/01/27 14:12:36 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012/01/27 14:12:36 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012/01/27 14:12:36 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012/01/27 14:12:36 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012/01/27 14:12:35 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2011/12/21 08:40:33 | 008,527,008 | ---- | M] () -- D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/02/14 19:50:38 | 001,291,776 | ---- | M] () -- D:\WINDOWS\system32\quartz.dll
MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- D:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
MOD - [2006/10/12 15:28:48 | 000,757,760 | ---- | M] () -- D:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\system32\dllhost.exe /Processid:{F8BCC118-2A07-4920-AAD9-D338943C41B9} -- (SwPrv)
SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\system32\msiexec.exe /V -- (MSIServer)
SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\System32\dmadmin.exe /com -- (dmadmin)
SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} -- (COMSysApp)
SRV - File not found [Disabled | Stopped] -- D:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2012/03/21 17:48:19 | 000,000,000 | ---- | M] () [Disabled | Stopped] -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2012/02/28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avkmgr.sys -- (avkmgr)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avipbb.sys -- (avipbb)
DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa9d8s82)
DRV - [2011/11/17 22:55:36 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/02/14 20:07:00 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2011/02/14 20:07:00 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2011/02/14 20:06:59 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/30 05:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 15:46:42 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/30 18:57:00 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/23 16:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 82 CF 9C 78 6D CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: D:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/06/15 18:13:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/06/15 18:13:32 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/03/23 07:16:43 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] D:\WINDOWS\system32\WLTRAY.exe File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A2DC77-294E-4042-AE25-23F1B1E680EB}: DhcpNameServer = 89.37.120.6 89.34.72.42 194.102.93.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Lizzeh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Lizzeh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/31 17:00:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/04/30 09:57:48 | 000,001,452 | R--- | M] () - F:\Autorun.ini -- [ CDFS ]
O32 - AutoRun File - [2001/02/12 16:04:06 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/03/16 08:36:20 | 000,000,703 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AzMixerSel - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - c:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - D:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SkyTel - hkey= - key= - D:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - D:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - D:\WINDOWS\System32\dmadmin.exe /com File not found
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dmadmin - D:\WINDOWS\System32\dmadmin.exe /com File not found
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 07:09:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Lizzeh\Application Data\Malwarebytes
[2012/03/23 07:09:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/23 07:09:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/23 07:09:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2012/03/23 07:08:13 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Lizzeh\My Documents\mbam-setup-1.60.1.1000.exe
[2012/03/21 18:14:46 | 001,581,056 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\explorer.exe
[2012/03/21 18:14:41 | 001,581,056 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
[2012/03/21 18:08:58 | 000,000,000 | ---D | C] -- D:\WINDOWS\CSC
[2012/03/21 17:56:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller
[2012/03/21 17:43:55 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\NtmsData
[2012/02/29 18:58:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/23 07:16:41 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012/03/23 07:09:14 | 000,000,650 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/23 07:08:50 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Lizzeh\My Documents\mbam-setup-1.60.1.1000.exe
[2012/03/23 06:53:12 | 000,082,281 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\Flashy_Remover.zip
[2012/03/21 18:14:08 | 001,581,056 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\explorer.exe
[2012/03/21 18:14:08 | 001,581,056 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
[2012/03/21 18:11:41 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/03/21 17:56:47 | 000,000,042 | ---- | M] () -- D:\WINDOWS\System32\AK083E209605E394C.lie
[2012/03/21 17:56:36 | 000,000,533 | ---- | M] () -- D:\Documents and Settings\Lizzeh\Desktop\Perfect Uninstaller.lnk
[2012/03/21 17:56:36 | 000,000,533 | ---- | M] () -- D:\Documents and Settings\Lizzeh\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2012/03/21 17:48:09 | 000,200,704 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\ie4uinit.exe
[2012/03/21 17:47:31 | 000,064,512 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\ieudinit.exe
[2012/03/21 17:44:24 | 000,248,320 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\logon.scr
[2012/03/21 17:43:50 | 000,053,760 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\userinit.exe
[2012/03/21 17:43:40 | 000,416,768 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\cmd.exe
[2012/03/21 17:43:30 | 000,090,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\rdpclip.exe
[2012/03/21 17:42:49 | 000,039,424 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\regsvr32.exe
[2012/03/21 17:42:38 | 000,072,704 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\shmgrate.exe
[2012/03/21 00:47:12 | 002,710,915 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\Trailerhead - An Epic Age.mp3
[2012/03/20 22:41:07 | 000,011,982 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\reo_2.gif
[2012/03/20 22:13:45 | 000,034,705 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\Professionals-work-medic-attaching-rheoencephalograph.jpg
[2012/03/16 00:24:58 | 000,051,186 | ---- | M] () -- D:\Documents and Settings\Lizzeh\Application Data\room_v3.dat
[2012/02/27 20:07:02 | 002,971,721 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\DJ Fresh ft. Rita Ora - Hot Right Now (Official Video) (Out 26.02.12).mp3
[2012/02/26 22:53:57 | 004,126,961 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\Stone Sour - Through Glass.mp3
[2012/02/26 13:46:48 | 004,463,000 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\Maroon 5 - Moves Like Jagger ft. Christina Aguilera.mp3
[2012/02/25 18:27:33 | 003,412,668 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\Les Elephants Bizarres - Hello! says the Devil.mp3
[2012/02/25 16:04:44 | 003,429,805 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\Nelly Furtado - Do It.mp3
[2012/02/25 15:29:03 | 001,728,997 | ---- | M] () -- D:\Documents and Settings\Lizzeh\My Documents\i-sHiNe - I Remember [Pirate-Movie-Production Soundtrack].mp3
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/23 07:09:14 | 000,000,650 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/23 06:53:12 | 000,082,281 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\Flashy_Remover.zip
[2012/03/21 18:11:41 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/03/21 17:56:47 | 000,000,042 | ---- | C] () -- D:\WINDOWS\System32\AK083E209605E394C.lie
[2012/03/21 17:56:36 | 000,000,533 | ---- | C] () -- D:\Documents and Settings\Lizzeh\Desktop\Perfect Uninstaller.lnk
[2012/03/21 17:56:36 | 000,000,533 | ---- | C] () -- D:\Documents and Settings\Lizzeh\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2012/03/21 00:47:02 | 002,710,915 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\Trailerhead - An Epic Age.mp3
[2012/03/20 22:41:07 | 000,011,982 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\reo_2.gif
[2012/03/20 22:13:45 | 000,034,705 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\Professionals-work-medic-attaching-rheoencephalograph.jpg
[2012/03/15 01:44:28 | 000,498,175 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\Riven_Splash_0.jpg
[2012/02/27 20:06:52 | 002,971,721 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\DJ Fresh ft. Rita Ora - Hot Right Now (Official Video) (Out 26.02.12).mp3
[2012/02/26 22:53:41 | 004,126,961 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\Stone Sour - Through Glass.mp3
[2012/02/26 13:46:31 | 004,463,000 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\Maroon 5 - Moves Like Jagger ft. Christina Aguilera.mp3
[2012/02/25 18:27:22 | 003,412,668 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\Les Elephants Bizarres - Hello! says the Devil.mp3
[2012/02/25 16:04:31 | 003,429,805 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\Nelly Furtado - Do It.mp3
[2012/02/25 15:28:58 | 001,728,997 | ---- | C] () -- D:\Documents and Settings\Lizzeh\My Documents\i-sHiNe - I Remember [Pirate-Movie-Production Soundtrack].mp3
[2011/11/18 14:47:47 | 000,051,186 | ---- | C] () -- D:\Documents and Settings\Lizzeh\Application Data\room_v3.dat
[2011/11/17 23:05:07 | 000,060,887 | ---- | C] () -- D:\WINDOWS\War3Unin.dat
[2011/09/25 15:26:03 | 000,018,440 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2011/09/07 17:59:19 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\Access.dat
[2011/09/07 17:12:15 | 000,048,471 | ---- | C] () -- D:\WINDOWS\System32\ForceBindIP-Uninstaller.exe
[2011/07/28 12:37:33 | 000,021,840 | ---- | C] () -- D:\WINDOWS\System32\SIntfNT.dll
[2011/07/28 12:37:33 | 000,017,212 | ---- | C] () -- D:\WINDOWS\System32\SIntf32.dll
[2011/07/28 12:37:33 | 000,012,067 | ---- | C] () -- D:\WINDOWS\System32\SIntf16.dll
[2011/07/28 11:31:31 | 000,025,854 | ---- | C] () -- D:\WINDOWS\DIIUnin.dat
[2011/07/10 21:52:34 | 000,180,624 | ---- | C] () -- D:\WINDOWS\System32\Primomonnt.dll
[2011/06/16 10:40:15 | 000,016,384 | ---- | C] () -- D:\Documents and Settings\Lizzeh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/15 18:25:32 | 000,064,200 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/14 16:06:41 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2011/06/14 16:05:03 | 000,120,544 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/14 13:56:56 | 000,086,016 | ---- | C] () -- D:\WINDOWS\System32\preflib.dll
[2011/06/14 13:56:55 | 000,757,760 | ---- | C] () -- D:\WINDOWS\System32\bcm1xsup.dll
[2011/06/14 13:56:55 | 000,048,128 | ---- | C] () -- D:\WINDOWS\System32\WLTRYSVC.EXE
[2011/06/14 13:56:24 | 000,000,176 | ---- | C] () -- D:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2011/06/14 13:56:22 | 000,077,824 | ---- | C] () -- D:\WINDOWS\System32\ChCfg.exe
[2011/06/14 13:55:22 | 000,016,480 | ---- | C] () -- D:\WINDOWS\System32\rixdicon.dll
[2011/06/14 13:52:48 | 000,910,464 | ---- | C] () -- D:\WINDOWS\System32\igmedkrn.dll
[2011/06/14 13:52:48 | 000,204,800 | ---- | C] () -- D:\WINDOWS\System32\igfxCoIn_v4820.dll
[2011/06/14 13:18:51 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2011/06/14 13:13:03 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2012/03/23 07:08:50 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Lizzeh\My Documents\mbam-setup-1.60.1.1000.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2011/11/17 22:55:36 | 000,611,064 | ---- | M] () Unable to obtain MD5 -- D:\WINDOWS\system32\drivers\sptd.sys

< %PROGRAMFILES%\*. >
[2011/06/15 18:07:21 | 000,000,000 | ---D | M] -- D:\Program Files\Adobe
[2011/06/14 13:56:54 | 000,000,000 | ---D | M] -- D:\Program Files\Broadcom
[2011/11/22 20:30:13 | 000,000,000 | ---D | M] -- D:\Program Files\Common Files
[2011/06/14 13:12:54 | 000,000,000 | ---D | M] -- D:\Program Files\ComPlus Applications
[2012/02/09 19:03:29 | 000,000,000 | ---D | M] -- D:\Program Files\DIFX
[2011/06/15 18:13:32 | 000,000,000 | ---D | M] -- D:\Program Files\DivX
[2011/12/27 02:36:34 | 000,000,000 | -H-D | M] -- D:\Program Files\InstallShield Installation Information
[2011/06/14 13:14:28 | 000,000,000 | ---D | M] -- D:\Program Files\Internet Explorer
[2011/07/13 12:04:32 | 000,000,000 | ---D | M] -- D:\Program Files\Java
[2011/06/14 13:16:57 | 000,000,000 | ---D | M] -- D:\Program Files\microsoft frontpage
[2011/06/14 13:14:14 | 000,000,000 | ---D | M] -- D:\Program Files\Movie Maker
[2011/06/15 18:24:59 | 000,000,000 | ---D | M] -- D:\Program Files\MSBuild
[2011/06/14 13:12:29 | 000,000,000 | ---D | M] -- D:\Program Files\MSN Gaming Zone
[2011/06/14 13:14:34 | 000,000,000 | ---D | M] -- D:\Program Files\NetMeeting
[2011/06/14 13:15:11 | 000,000,000 | ---D | M] -- D:\Program Files\Online Services
[2011/06/14 13:14:30 | 000,000,000 | ---D | M] -- D:\Program Files\Outlook Express
[2011/11/17 20:54:11 | 000,000,000 | ---D | M] -- D:\Program Files\Reference Assemblies
[2011/06/14 14:00:28 | 000,000,000 | ---D | M] -- D:\Program Files\Synaptics
[2011/06/14 13:38:54 | 000,000,000 | -H-D | M] -- D:\Program Files\Uninstall Information
[2011/06/14 13:16:29 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Media Player
[2011/06/14 13:12:21 | 000,000,000 | ---D | M] -- D:\Program Files\Windows NT
[2011/06/14 13:15:15 | 000,000,000 | -H-D | M] -- D:\Program Files\WindowsUpdate
[2011/06/14 13:16:57 | 000,000,000 | ---D | M] -- D:\Program Files\xerox
[2011/06/16 13:56:53 | 000,000,000 | ---D | M] -- D:\Program Files\Yahoo!

< MD5 for: AGP440.SYS >
[2011/02/14 19:56:03 | 017,780,246 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2011/02/14 19:56:03 | 017,780,246 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2011/02/14 19:56:03 | 017,780,246 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- D:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-15 22:39:05

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "D:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/03/21 17:48:09 | 000,200,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "D:\WINDOWS\system32\ie4uinit.exe" -hide [2012/03/21 17:48:09 | 000,200,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "D:\WINDOWS\system32\ie4uinit.exe" -show [2012/03/21 17:48:09 | 000,200,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "D:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/14 19:51:20 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: D:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 19:51:20 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "D:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/03/21 17:48:09 | 000,200,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "D:\WINDOWS\system32\ie4uinit.exe" -hide [2012/03/21 17:48:09 | 000,200,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "D:\WINDOWS\system32\ie4uinit.exe" -show [2012/03/21 17:48:09 | 000,200,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "D:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/14 19:51:20 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: D:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 19:51:20 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/27 14:12:25 | 000,949,104 | ---- | M] (Opera Software)

< End of report >

mazohysta88
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2012-03-23
Gender : Female
OS : windows xp

View user profile

Back to top Go down

Re: Conficker, Virut gen (probably) - Backing up

Post by Gabethebabe on Fri Mar 23, 2012 9:54 am

Hi there mazohysta88 and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst Iīm helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. Iīm here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesnīt mean it is clean yet!

====================

1014.36 Mb Total Physical Memory | 56.81 Mb Available Physical Memory | 5.60% Memory free
You have a huge problem here - almost no memory left - your system must be slow.

If you have already made your mind up about the format & reinstall, that is fine and you should normally be OK backing up all non executable files, so that is documents, videos, music, pictures etc. All programs you will normally be able to reinstall after downloading.

There are loads of antivirus that are good. If you are looking for a free one, I recommend Avira or Panda Cloud antivirus.

Are you sure you are that badly infected. I donīt see too many things I dislike in your OTL log. Have you run a scan with MBAM already? Do you have a log of that?

What caught my eye is that "Perfect Uninstaller" - this is bad software (rogueware) and I see at least some remnants still on your system.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7

View user profile

Back to top Go down

Re: Conficker, Virut gen (probably) - Backing up

Post by mazohysta88 on Fri Mar 23, 2012 11:06 am

About the memory - I am desperate about this. I can't even install microsoft framework in drive D (windows drive) because it has only 5 gb and its almost full all the times and lots of things don't work also they can't be installed somewhere else.

Last time I installed Avira something bad happened, it deleted my explorer.exe, and the computer froze after starting windows, not even task manager could be started, just had an empty wallpaper. It also said I have Virut Gen on some files, also; I can't access websites containing antiviruses and microsoft sites so I googled it and found the Conficker virus.

Malware Bytes only found 3 infections that's why I'm concerned it isn't that good cause I am sure I also have the two mentioned above.

Perfect Uninstaller was for uninstalling avira, it was the only way I made my computer work after it deleting my system files and popping up loads of messages saying scanning computer 0.0% and freezing in that position. Whenever i cliked remove on a notification, it would pop up another "scanning computer 0.0%".

mazohysta88
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2012-03-23
Gender : Female
OS : windows xp

View user profile

Back to top Go down

Re: Conficker, Virut gen (probably) - Backing up

Post by Gabethebabe on Fri Mar 23, 2012 11:13 am

Can you run another scan with malwarebytes? It is a good program, we use it a lot here.
Post the log back here, please.

Please download aswMBR by Alwil Software from [You must be registered and logged in to see this link.] and save it to your desktop.

  • Double click aswMBR.exe to run the tool
  • Click the Scan button to start the scan
  • Donīt panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.


Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7

View user profile

Back to top Go down

Re: Conficker, Virut gen (probably) - Backing up

Post by mazohysta88 on Fri Mar 23, 2012 11:33 am

I can't download aswMBR ; as I have already told you, I can't access websites with antivirus names in them or microsoft sites. Don't know how I managed to download Malwarebytes.

Here is the log:

Malwarebytes Anti-Malware 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.03.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lizzeh :: CIAU [administrator]

3/23/2012 1:19:20 PM
mbam-log-2012-03-23 (13-19-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193809
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

mazohysta88
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2012-03-23
Gender : Female
OS : windows xp

View user profile

Back to top Go down

Re: Conficker, Virut gen (probably) - Backing up

Post by Gabethebabe on Sun Mar 25, 2012 1:40 pm

Do you have access to a clean computer with which you can download stuff and a USB drive to move it to the infected computer?

If so, please retry aswMBR and also this one:

  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).


Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum