i did a OTS scan and this is what i got look at attachment. Also seems to be a Rootkit somewhere
What are your problems at the moment ?
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-515967899-1383384898-1177238915-500\] > ->
YN -> HKEY_USERS\S-1-5-21-515967899-1383384898-1177238915-500\: "ProxyOverride" -> 127.0.0.1
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls
YN -> \\"drivycfg" -> [C:\WINDOWS\system32\caclpgds.dll]
< File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>\
YN -> .exe [@ = exefile] -> "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qww.exe" -a "%1" %*
YN -> .exe [@ = exefile] -> "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qww.exe" -a "%1" %*
[Files/Folders - Modified Within 30 Days]
NY -> 2242886962 -> C:\Documents and Settings\All Users\Application Data\2242886962
NY -> 2242886962 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\2242886962
NY -> 1229513342 -> C:\Documents and Settings\All Users\Application Data\1229513342
NY -> 1229513342 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\1229513342
NY -> networks -> C:\WINDOWS\System32\drivers\etc\networks
NY -> 2640598924.dat -> C:\WINDOWS\System32\2640598924.dat
[Files - No Company Name]
NY -> 2242886962 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\2242886962
NY -> 2242886962 -> C:\Documents and Settings\All Users\Application Data\2242886962
NY -> 1229513342 -> C:\Documents and Settings\All Users\Application Data\1229513342
NY -> 1229513342 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\1229513342
NY -> 1on5be8ifx603y82858rob76c7162j7ul1 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\1on5be8ifx603y82858rob76c7162j7ul1
NY -> 1on5be8ifx603y82858rob76c7162j7ul1 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\1on5be8ifx603y82858rob76c7162j7ul1
NY -> 1on5be8ifx603y82858rob76c7162j7ul1 -> C:\Documents and Settings\All Users\Application Data\1on5be8ifx603y82858rob76c7162j7ul1
NY -> 2640598924.dat -> C:\WINDOWS\System32\2640598924.dat
NY -> Sqagisetac.dat -> C:\WINDOWS\Sqagisetac.dat
NY -> Aqedip.bin -> C:\WINDOWS\Aqedip.bin
NY -> 12520437m.dat -> C:\WINDOWS\System32\12520437m.dat
[Custom Items]
:files
attrib -H c:\*.* /s /d /c
ipconfig /flushdns /c
C:\Documents and Settings\NetworkService\Local Settings\Application Data\qww.exe
:end
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
THEN
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply