dodgey99

Ahh sorry - Still here :-) - thanks a million for your help - I ended up going with the new install as I was spending more time trying to fix the old one than it would take to complete the new one. Again, many thanks

Tried that and copied ok but no change. I'm in the process of completing the secondary install to use instead :-)

I get this log: ========== RESTORE POINT ========== Unable to replace file: C:\Windows\System32\config\SAM with C:\_REGISTRY_MACHINE_SAM without a reboot. Unable to replace file: C:\Windows\System32\config\SECURITY with C:\_REGISTRY_MACHINE_SECURITY without a reboot. Unable to replace file: C:\Windows\System32\config\SOFTWARE with C:\_REGISTRY_MACHINE_SOFTWARE without a reboot. Unable to replace file: C:\Windows\System32\config\SYSTEM with C:\_REGISTRY_MACHINE_SYSTEM without a reboot. OTLPE by OldTimer - Version 3.1.30.3 log created on 03072010_194704 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

No message, so I tried applying the fix again - it does say that at the end, as it did before "you need to reboot to finish" etc - "click ok to reboot". I click ok, it doesn't reboot, so I force it. This time I'm letting it reboot into OTPLE before trying a win boot. If this doesn't work, I think it's best I let you concentrate your time on other people as I'm able to backup all the user data and just reformat and do a totally clean install. I think it may be the best bet :-)

It doesn't seem to try to restore. I did the fix, then enabled boot.ini, then rebooted into the broken c:\windows install and it just does the same thing and halts before the logon screen doing nothing. The other install of XP boots fine as usual

incidentally the GUID starting 67 is the one for the \Windows installation

Will do although I fear there are not many. When I was trying to initially remove the virus I went into system restore and there was only the current day available, from where I'd installed Malwarebytes... OTL logfile created on: 3/7/2010 4:30:20 PM - Run OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy 255.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 32.00% Memory free 215.00 Mb Paging File | 92.00 Mb Available in Paging File | 43.00% Paging File free Paging file location(s): C:\pagefile.sys 192 192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 9.77 Gb Total Space | 3.33 Gb Free Space | 34.14% Space Free | Partition Type: NTFS Drive D: | 6.43 Gb Total Space | 1.70 Gb Free Space | 26.49% Space Free | Partition Type: FAT32 Drive E: | 2.93 Gb Total Space | 2.91 Gb Free Space | 99.41% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (RSVP) SRV - [2009/06/22 06:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqtgsvc.exe -- (MSMQTriggers) SRV - [2009/06/22 06:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqsvc.exe -- (MSMQ) SRV - [2007/01/19 06:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\snmp.exe -- (SNMP) SRV - [2004/08/04 03:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc) SRV - [2004/08/04 03:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\system32\irmon.dll -- (Irmon) SRV - [2000/11/30 09:30:40 | 000,057,344 | ---- | M] () [Disabled] -- C:\Windows\system32\ati2evxx.exe -- (Ati HotKey Poller) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc) DRV - [2010/02/17 04:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/02/17 04:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 04:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC) DRV - [2008/06/20 04:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2006/03/16 05:39:10 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wg111v2.sys -- (RTLWUSB) DRV - [2005/04/01 05:43:02 | 000,066,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\Windows\system32\drivers\EAPPkt.sys -- (EAPPkt) DRV - [2004/08/04 02:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mpe.sys -- (MPE) DRV - [2004/08/04 02:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mf.sys -- (mf) DRV - [2004/08/04 02:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2004/08/04 02:00:52 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ramdisk.sys -- (Ramdisk) DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nmnt.sys -- (nm) DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gameenum.sys -- (gameenum) DRV - [2002/10/02 02:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\system32\drivers\SjyPkt.sys -- (SjyPkt) DRV - [2002/07/15 21:58:12 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2001/09/26 18:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ati2mtaa.sys -- (ati2mtaa) DRV - [2001/08/18 00:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdspx.sys -- (TDSPX) DRV - [2001/08/18 00:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdipx.sys -- (TDIPX) DRV - [2001/08/18 00:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdasync.sys -- (TDASYNC) DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\modemcsa.sys -- (MODEMCSA) DRV - [2001/08/17 15:53:26 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\scsiscan.sys -- (scsiscan) DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irsir.sys -- (irsir) DRV - [2001/08/17 15:49:58 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001/08/17 15:49:40 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\system32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2001/08/17 15:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstusb.sys -- (STIrUsb) DRV - [2001/08/17 15:49:04 | 000,024,576 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viairda.sys -- (VIAIRDA) DRV - [2001/08/17 15:49:04 | 000,023,552 | ---- | M] (MKNet Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irmk7.sys -- (SIERRA) MKNet MK7100-based VFIR (16Mbps) DRV - [2001/08/17 15:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\alifir.sys -- (ALiIRDA) DRV - [2001/08/17 15:36:48 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\system32\winsock.dll -- (Winsock) DRV - [2001/08/17 14:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wbfirdma.sys -- (WBFIRDMA) DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (NECIRDA) DRV - [2001/08/17 14:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tos4mo.sys -- (OBOE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/ IE - HKU\Computer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\Computer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 06:16:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 06:16:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/08 13:27:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/04 08:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/12/03 16:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007/06/11 07:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll [2009/07/16 05:25:53 | 000,001,412 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\demauro.xml [2009/07/16 05:25:53 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml [2009/07/16 05:25:53 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml [2009/07/16 05:25:53 | 000,000,649 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\Computer_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKU\Computer_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2007/12/03 15:15:03 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2007/12/03 15:15:05 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2007/12/03 15:15:18 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2007/12/03 15:15:15 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini () O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Recent [2007/12/03 15:15:15 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2007/12/03 15:15:03 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\All Users\Application Data [2010/03/04 07:41:27 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\All Users\Desktop [2010/03/04 09:21:58 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users\Documents [2007/12/03 16:11:55 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users\DRM [2007/12/03 15:00:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\All Users\Favorites [2008/02/20 14:31:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat () O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2007/12/03 15:51:46 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Application Data [2010/03/04 21:30:43 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Desktop [2010/03/04 21:30:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Documents [2010/03/04 20:53:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\DRM [2010/03/04 20:57:51 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Start Menu [2010/03/04 21:04:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Templates [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\.gimp-2.4 [2009/06/25 16:15:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\.gtk-bookmarks () O4 - Startup: C:\Documents and Settings\Computer\.recently-used.xbel () O4 - Startup: C:\Documents and Settings\Computer\.thumbnails [2007/12/20 15:48:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Application Data [2010/03/06 17:18:49 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\Contacts [2008/03/01 05:46:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Cookies [2010/03/04 08:58:50 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\Computer\Desktop [2010/03/04 09:25:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Favorites [2008/11/03 09:16:41 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Computer\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\NetHood [2008/01/23 05:13:42 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Computer\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Computer\ntuser.ini () O4 - Startup: C:\Documents and Settings\Computer\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\Recent [2010/03/04 07:19:45 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\SendTo [2007/12/03 16:50:45 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Computer\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\UserData [2007/12/03 15:58:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\Default User\Application Data [2007/12/03 14:53:06 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\Cookies [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\Favorites [2007/12/03 14:53:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2007/12/03 14:53:06 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\My Documents [2007/12/03 14:53:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Default User\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\Recent [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\SendTo [2007/12/03 15:00:01 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Default User\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Application Data [2010/03/04 12:27:19 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Local Settings [2010/03/04 12:27:19 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\My Documents [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Default User.WINREC\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Recent [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\SendTo [2010/03/04 20:55:55 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2007/12/03 15:44:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2007/12/03 15:04:30 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data [2010/03/04 21:06:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies [2010/03/04 21:06:29 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings [2010/03/04 21:06:27 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Recent [2010/03/05 18:09:01 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2007/12/03 15:45:00 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2007/12/03 15:04:29 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data [2010/03/04 21:05:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings [2010/03/04 21:05:48 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Recent [2010/03/05 18:33:25 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Application Data [2010/03/04 21:30:55 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\roger\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\roger\Favorites [2010/03/04 21:10:49 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\Local Settings [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\My Documents [2010/03/04 21:10:47 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\roger\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\roger\ntuser.ini () O4 - Startup: C:\Documents and Settings\roger\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\Recent [2010/03/05 18:44:09 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\SendTo [2010/03/04 21:10:33 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\rsvpsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\rsvpsp.dll File not found O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/03/07 16:28:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft [2010/03/07 16:26:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp [2010/03/07 16:26:15 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies [2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent [2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures [2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music [2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents [2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop [2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data [2010/03/06 17:18:48 | 000,000,000 | ---D | C] -- C:\_OTL [2010/03/05 18:23:19 | 000,000,000 | ---D | C] -- C:\ps [2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2010/03/04 20:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2010/03/04 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2010/03/04 20:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2010/03/04 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2010/03/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2010/03/04 20:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN [2010/03/04 18:10:43 | 000,000,000 | -HSD | C] -- D:\System Volume Information [2010/03/04 12:14:07 | 000,000,000 | ---D | C] -- C:\WINREC [2010/03/04 09:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/03/04 08:48:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe [2010/03/04 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\Malwarebytes [2010/03/04 07:41:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/04 07:41:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/04 07:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/04 07:25:59 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE [2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\SUPERAntiSpyware.com [2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/03/04 06:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/03/04 06:33:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/03/04 06:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/03/04 06:26:25 | 000,000,000 | ---D | C] -- C:\SDFix [2010/03/04 05:58:46 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2010/03/04 05:58:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hid.dll [2010/03/04 05:58:31 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2010/02/27 17:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [1 D:\*.tmp files -> D:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/07 16:29:01 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/03/07 15:37:31 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys [2010/03/07 12:54:39 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/03/04 20:49:17 | 000,000,304 | -HS- | M] () -- C:\boot.bak [2010/03/04 09:37:55 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/03/04 09:37:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Computer\ntuser.ini [2010/03/04 09:37:48 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Computer\NTUSER.DAT [2010/03/04 09:37:45 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\IconCache.db [2010/03/04 09:25:32 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk [2010/03/04 09:12:33 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/03/04 09:11:52 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini [2010/03/04 09:11:52 | 000,000,012 | ---- | M] () -- C:\Windows\system.ini [2010/03/04 08:55:49 | 004,119,394 | R--- | M] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe [2010/03/04 08:50:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe [2010/03/04 08:33:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/04 07:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE [2010/03/04 05:55:20 | 000,002,184 | ---- | M] () -- C:\Windows\System32\wpa.dbl [2010/03/01 23:47:36 | 000,131,072 | ---- | M] () -- D:\doc1.doc [2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/02/22 14:38:53 | 000,051,867 | -H-- | M] () -- C:\Documents and Settings\Computer\Desktop\ZbThumbnail.info [1 D:\*.tmp files -> D:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/03/07 16:26:16 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/03/07 16:26:16 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/03/07 16:26:16 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/03/07 16:26:16 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/03/07 16:26:16 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/03/07 16:26:16 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/03/07 16:26:16 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/03/07 16:26:16 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/03/07 16:26:16 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/03/07 16:26:16 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/03/07 16:26:16 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/03/07 16:26:16 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/03/07 16:26:16 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/03/07 16:26:16 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/03/07 16:26:16 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/03/07 16:26:16 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/03/07 16:26:16 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/03/04 21:10:23 | 267,968,512 | -HS- | C] () -- C:\hiberfil.sys [2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2010/03/04 09:25:31 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk [2010/03/04 08:55:49 | 004,119,394 | R--- | C] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe [2010/03/01 23:47:33 | 000,131,072 | ---- | C] () -- D:\doc1.doc [2008/12/10 17:49:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008/01/29 12:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008/01/26 06:04:47 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini [2008/01/26 05:49:17 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI [2008/01/26 05:49:16 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI [2007/12/16 10:23:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll [2007/12/03 16:06:50 | 000,558,592 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2007/12/03 16:06:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007/12/03 16:06:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007/12/03 16:06:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007/12/03 16:06:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007/12/03 16:06:43 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007/12/03 15:54:04 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI [2007/12/03 15:48:42 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL [2007/12/03 15:32:49 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2007/12/03 15:32:49 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2006/04/29 00:25:15 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll [2001/09/26 17:23:00 | 000,032,592 | ---- | C] () -- C:\Windows\System32\drivers\atinxsxx.sys [2001/09/26 17:22:48 | 000,020,960 | ---- | C] () -- C:\Windows\System32\drivers\atinttxx.sys [2001/09/26 17:22:40 | 000,011,760 | ---- | C] () -- C:\Windows\System32\drivers\atinpdxx.sys [2001/09/26 17:22:34 | 000,011,280 | ---- | C] () -- C:\Windows\System32\drivers\atinmdxx.sys [2001/09/26 17:22:28 | 000,032,848 | ---- | C] () -- C:\Windows\System32\drivers\atinraxx.sys [2001/09/26 17:22:04 | 000,060,464 | ---- | C] () -- C:\Windows\System32\drivers\atinbtxx.sys [2001/09/26 17:21:00 | 000,065,104 | ---- | C] () -- C:\Windows\System32\drivers\atinrvxx.sys [2001/09/26 17:20:06 | 000,032,336 | ---- | C] () -- C:\Windows\System32\drivers\atintuxx.sys ========== LOP Check ========== [2008/02/03 11:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\gtk-2.0 [2007/12/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Thunderbird [2009/08/21 05:18:29 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\WGASetup.job ========== Purity Check ========== ========== Custom Scans ========== ========== Restore Points Found ========== [2010/03/04 21:27:19 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{2A639955-6513-40E1-BCEF-6F9B8DAE4E44}\RP4\snapshot [2010/03/04 21:26:20 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{2A639955-6513-40E1-BCEF-6F9B8DAE4E44}\RP3\snapshot [2010/03/04 21:16:42 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{2A639955-6513-40E1-BCEF-6F9B8DAE4E44}\RP2\snapshot [2010/03/04 21:10:59 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{2A639955-6513-40E1-BCEF-6F9B8DAE4E44}\RP1\snapshot [2010/03/04 07:25:31 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{67C5AD4E-1724-45A1-8D88-323119CBC85D}\RP4\snapshot [2010/03/04 07:21:13 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{67C5AD4E-1724-45A1-8D88-323119CBC85D}\RP3\snapshot [2010/03/04 07:04:39 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{67C5AD4E-1724-45A1-8D88-323119CBC85D}\RP2\snapshot [2010/03/04 07:02:42 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{67C5AD4E-1724-45A1-8D88-323119CBC85D}\RP1\snapshot < End of report >

OTL logfile created on: 3/7/2010 12:50:22 PM - Run OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy 255.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 31.00% Memory free 215.00 Mb Paging File | 91.00 Mb Available in Paging File | 42.00% Paging File free Paging file location(s): C:\pagefile.sys 192 192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 9.77 Gb Total Space | 3.33 Gb Free Space | 34.13% Space Free | Partition Type: NTFS Drive D: | 1005.98 Mb Total Space | 878.50 Mb Free Space | 87.33% Space Free | Partition Type: FAT32 Drive E: | 6.43 Gb Total Space | 1.70 Gb Free Space | 26.49% Space Free | Partition Type: FAT32 Drive F: | 2.93 Gb Total Space | 2.91 Gb Free Space | 99.41% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (RSVP) SRV - [2009/06/22 06:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqtgsvc.exe -- (MSMQTriggers) SRV - [2009/06/22 06:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqsvc.exe -- (MSMQ) SRV - [2007/01/19 06:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\snmp.exe -- (SNMP) SRV - [2004/08/04 03:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc) SRV - [2004/08/04 03:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\system32\irmon.dll -- (Irmon) SRV - [2000/11/30 09:30:40 | 000,057,344 | ---- | M] () [Disabled] -- C:\Windows\system32\ati2evxx.exe -- (Ati HotKey Poller) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc) DRV - [2010/02/17 04:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/02/17 04:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 04:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC) DRV - [2008/06/20 04:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2006/03/16 05:39:10 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wg111v2.sys -- (RTLWUSB) DRV - [2005/04/01 05:43:02 | 000,066,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\Windows\system32\drivers\EAPPkt.sys -- (EAPPkt) DRV - [2004/08/04 02:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mpe.sys -- (MPE) DRV - [2004/08/04 02:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mf.sys -- (mf) DRV - [2004/08/04 02:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2004/08/04 02:00:52 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ramdisk.sys -- (Ramdisk) DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nmnt.sys -- (nm) DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gameenum.sys -- (gameenum) DRV - [2002/10/02 02:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\system32\drivers\SjyPkt.sys -- (SjyPkt) DRV - [2002/07/15 21:58:12 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2001/09/26 18:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ati2mtaa.sys -- (ati2mtaa) DRV - [2001/08/18 00:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdspx.sys -- (TDSPX) DRV - [2001/08/18 00:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdipx.sys -- (TDIPX) DRV - [2001/08/18 00:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdasync.sys -- (TDASYNC) DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\modemcsa.sys -- (MODEMCSA) DRV - [2001/08/17 15:53:26 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\scsiscan.sys -- (scsiscan) DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irsir.sys -- (irsir) DRV - [2001/08/17 15:49:58 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001/08/17 15:49:40 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\system32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2001/08/17 15:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstusb.sys -- (STIrUsb) DRV - [2001/08/17 15:49:04 | 000,024,576 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viairda.sys -- (VIAIRDA) DRV - [2001/08/17 15:49:04 | 000,023,552 | ---- | M] (MKNet Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irmk7.sys -- (SIERRA) MKNet MK7100-based VFIR (16Mbps) DRV - [2001/08/17 15:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\alifir.sys -- (ALiIRDA) DRV - [2001/08/17 15:36:48 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\system32\winsock.dll -- (Winsock) DRV - [2001/08/17 14:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wbfirdma.sys -- (WBFIRDMA) DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (NECIRDA) DRV - [2001/08/17 14:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tos4mo.sys -- (OBOE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/ IE - HKU\Computer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\Computer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 06:16:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 06:16:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/08 13:27:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/04 08:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/12/03 16:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007/06/11 07:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll [2009/07/16 05:25:53 | 000,001,412 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\demauro.xml [2009/07/16 05:25:53 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml [2009/07/16 05:25:53 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml [2009/07/16 05:25:53 | 000,000,649 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\Computer_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKU\Computer_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2007/12/03 15:15:03 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2007/12/03 15:15:05 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2007/12/03 15:15:18 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2007/12/03 15:15:15 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini () O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Recent [2007/12/03 15:15:15 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2007/12/03 15:15:03 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\All Users\Application Data [2010/03/04 07:41:27 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\All Users\Desktop [2010/03/04 09:21:58 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users\Documents [2007/12/03 16:11:55 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users\DRM [2007/12/03 15:00:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\All Users\Favorites [2008/02/20 14:31:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat () O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2007/12/03 15:51:46 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Application Data [2010/03/04 21:30:43 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Desktop [2010/03/04 21:30:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Documents [2010/03/04 20:53:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\DRM [2010/03/04 20:57:51 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Start Menu [2010/03/04 21:04:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Templates [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\.gimp-2.4 [2009/06/25 16:15:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\.gtk-bookmarks () O4 - Startup: C:\Documents and Settings\Computer\.recently-used.xbel () O4 - Startup: C:\Documents and Settings\Computer\.thumbnails [2007/12/20 15:48:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Application Data [2010/03/06 17:18:49 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\Contacts [2008/03/01 05:46:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Cookies [2010/03/04 08:58:50 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\Computer\Desktop [2010/03/04 09:25:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Favorites [2008/11/03 09:16:41 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Computer\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\NetHood [2008/01/23 05:13:42 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Computer\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Computer\ntuser.ini () O4 - Startup: C:\Documents and Settings\Computer\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\Recent [2010/03/04 07:19:45 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\SendTo [2007/12/03 16:50:45 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Computer\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\UserData [2007/12/03 15:58:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\Default User\Application Data [2007/12/03 14:53:06 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\Cookies [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\Favorites [2007/12/03 14:53:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2007/12/03 14:53:06 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\My Documents [2007/12/03 14:53:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Default User\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\Recent [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\SendTo [2007/12/03 15:00:01 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Default User\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Application Data [2010/03/04 12:27:19 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Local Settings [2010/03/04 12:27:19 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\My Documents [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Default User.WINREC\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Recent [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\SendTo [2010/03/04 20:55:55 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2007/12/03 15:44:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2007/12/03 15:04:30 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data [2010/03/04 21:06:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies [2010/03/04 21:06:29 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings [2010/03/04 21:06:27 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Recent [2010/03/05 18:09:01 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2007/12/03 15:45:00 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2007/12/03 15:04:29 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data [2010/03/04 21:05:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings [2010/03/04 21:05:48 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Recent [2010/03/05 18:33:25 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Application Data [2010/03/04 21:30:55 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\roger\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\roger\Favorites [2010/03/04 21:10:49 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\Local Settings [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\My Documents [2010/03/04 21:10:47 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\roger\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\roger\ntuser.ini () O4 - Startup: C:\Documents and Settings\roger\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\Recent [2010/03/05 18:44:09 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\SendTo [2010/03/04 21:10:33 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\rsvpsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\rsvpsp.dll File not found O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/03/07 12:48:23 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft [2010/03/07 12:46:21 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies [2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent [2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures [2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music [2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents [2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop [2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data [2010/03/06 17:18:48 | 000,000,000 | ---D | C] -- C:\_OTL [2010/03/05 18:23:19 | 000,000,000 | ---D | C] -- C:\ps [2010/03/05 15:22:28 | 000,000,000 | ---D | C] -- D:\ps [2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2010/03/04 20:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2010/03/04 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2010/03/04 20:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2010/03/04 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2010/03/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2010/03/04 20:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN [2010/03/04 18:15:42 | 007,071,296 | ---- | C] (Macrovision Corporation) -- D:\Setup.exe [2010/03/04 15:35:30 | 000,000,000 | ---D | C] -- D:\lspfix [2010/03/04 13:37:48 | 004,492,328 | ---- | C] (Malwarebytes Corporation ) -- D:\mbam-rules.exe [2010/03/04 13:37:46 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- D:\mbam-setup.exe [2010/03/04 13:25:41 | 000,000,000 | RHSD | C] -- D:\RECYCLER [2010/03/04 13:24:36 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\SASDEFINITIONS.EXE [2010/03/04 12:14:07 | 000,000,000 | ---D | C] -- C:\WINREC [2010/03/04 09:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/03/04 08:48:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe [2010/03/04 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\Malwarebytes [2010/03/04 07:41:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/04 07:41:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/04 07:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/04 07:25:59 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE [2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\SUPERAntiSpyware.com [2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/03/04 06:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/03/04 06:33:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/03/04 06:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/03/04 06:26:25 | 000,000,000 | ---D | C] -- C:\SDFix [2010/03/04 05:58:46 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2010/03/04 05:58:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hid.dll [2010/03/04 05:58:31 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2010/02/27 17:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump ========== Files - Modified Within 30 Days ========== [2010/03/07 15:37:31 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys [2010/03/07 12:49:23 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/03/07 01:43:59 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/03/04 20:49:17 | 000,000,304 | -HS- | M] () -- C:\boot.bak [2010/03/04 15:19:58 | 031,424,312 | ---- | M] () -- D:\vpsupd.exe [2010/03/04 15:15:20 | 044,696,968 | ---- | M] () -- D:\setup_av_free.exe [2010/03/04 13:37:34 | 004,492,328 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-rules.exe [2010/03/04 13:37:06 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-setup.exe [2010/03/04 13:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\SASDEFINITIONS.EXE [2010/03/04 12:54:26 | 003,327,000 | ---- | M] () -- D:\WindowsXP-KB942288-v3-x86.exe [2010/03/04 12:22:10 | 007,757,856 | ---- | M] () -- D:\SUPERAntiSpyware.exe [2010/03/04 12:20:24 | 001,529,241 | ---- | M] () -- D:\SDFix.exe [2010/03/04 12:20:02 | 004,119,394 | ---- | M] () -- D:\ComboFix.exe [2010/03/04 09:37:55 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/03/04 09:37:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Computer\ntuser.ini [2010/03/04 09:37:48 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Computer\NTUSER.DAT [2010/03/04 09:37:45 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\IconCache.db [2010/03/04 09:25:32 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk [2010/03/04 09:12:33 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/03/04 09:11:52 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini [2010/03/04 09:11:52 | 000,000,012 | ---- | M] () -- C:\Windows\system.ini [2010/03/04 08:55:49 | 004,119,394 | R--- | M] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe [2010/03/04 08:50:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe [2010/03/04 08:33:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/04 07:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE [2010/03/04 05:55:20 | 000,002,184 | ---- | M] () -- C:\Windows\System32\wpa.dbl [2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/02/22 14:38:53 | 000,051,867 | -H-- | M] () -- C:\Documents and Settings\Computer\Desktop\ZbThumbnail.info ========== Files Created - No Company Name ========== [2010/03/07 12:46:22 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/03/07 12:46:22 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/03/07 12:46:22 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/03/07 12:46:22 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/03/07 12:46:22 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/03/07 12:46:22 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/03/07 12:46:22 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/03/07 12:46:22 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/03/07 12:46:22 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/03/07 12:46:22 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/03/07 12:46:22 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/03/07 12:46:21 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/03/07 12:46:21 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/03/07 12:46:21 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/03/07 12:46:21 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/03/07 12:46:21 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/03/07 12:46:21 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/03/04 21:10:23 | 267,968,512 | -HS- | C] () -- C:\hiberfil.sys [2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2010/03/04 15:19:08 | 044,696,968 | ---- | C] () -- D:\setup_av_free.exe [2010/03/04 12:54:58 | 003,327,000 | ---- | C] () -- D:\WindowsXP-KB942288-v3-x86.exe [2010/03/04 12:23:42 | 001,529,241 | ---- | C] () -- D:\SDFix.exe [2010/03/04 12:23:41 | 004,119,394 | ---- | C] () -- D:\ComboFix.exe [2010/03/04 09:25:31 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk [2010/03/04 08:55:49 | 004,119,394 | R--- | C] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe [2008/12/10 17:49:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008/01/29 12:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008/01/26 06:04:47 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini [2008/01/26 05:49:17 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI [2008/01/26 05:49:16 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI [2007/12/16 10:23:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll [2007/12/03 16:06:50 | 000,558,592 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2007/12/03 16:06:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007/12/03 16:06:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007/12/03 16:06:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007/12/03 16:06:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007/12/03 16:06:43 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007/12/03 15:54:04 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI [2007/12/03 15:48:42 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL [2007/12/03 15:32:49 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2007/12/03 15:32:49 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2006/04/29 00:25:15 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll [2001/09/26 17:23:00 | 000,032,592 | ---- | C] () -- C:\Windows\System32\drivers\atinxsxx.sys [2001/09/26 17:22:48 | 000,020,960 | ---- | C] () -- C:\Windows\System32\drivers\atinttxx.sys [2001/09/26 17:22:40 | 000,011,760 | ---- | C] () -- C:\Windows\System32\drivers\atinpdxx.sys [2001/09/26 17:22:34 | 000,011,280 | ---- | C] () -- C:\Windows\System32\drivers\atinmdxx.sys [2001/09/26 17:22:28 | 000,032,848 | ---- | C] () -- C:\Windows\System32\drivers\atinraxx.sys [2001/09/26 17:22:04 | 000,060,464 | ---- | C] () -- C:\Windows\System32\drivers\atinbtxx.sys [2001/09/26 17:21:00 | 000,065,104 | ---- | C] () -- C:\Windows\System32\drivers\atinrvxx.sys [2001/09/26 17:20:06 | 000,032,336 | ---- | C] () -- C:\Windows\System32\drivers\atintuxx.sys ========== LOP Check ========== [2008/02/03 11:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\gtk-2.0 [2007/12/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Thunderbird [2009/08/21 05:18:29 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\WGASetup.job ========== Purity Check ========== < End of report >

Successfully copied but no change. (ps. thank you so much for your help - really appreciate it)

OTL logfile created on: 3/6/2010 7:56:25 PM - Run OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy 255.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 31.00% Memory free 215.00 Mb Paging File | 91.00 Mb Available in Paging File | 42.00% Paging File free Paging file location(s): C:\pagefile.sys 192 192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 9.77 Gb Total Space | 3.52 Gb Free Space | 36.04% Space Free | Partition Type: NTFS Drive D: | 1005.98 Mb Total Space | 878.50 Mb Free Space | 87.33% Space Free | Partition Type: FAT32 Drive E: | 6.43 Gb Total Space | 1.70 Gb Free Space | 26.49% Space Free | Partition Type: FAT32 Drive F: | 2.93 Gb Total Space | 2.91 Gb Free Space | 99.41% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (RSVP) SRV - [2009/06/22 06:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqtgsvc.exe -- (MSMQTriggers) SRV - [2009/06/22 06:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqsvc.exe -- (MSMQ) SRV - [2007/01/19 06:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\snmp.exe -- (SNMP) SRV - [2004/08/04 03:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc) SRV - [2004/08/04 03:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\system32\irmon.dll -- (Irmon) SRV - [2000/11/30 09:30:40 | 000,057,344 | ---- | M] () [Disabled] -- C:\Windows\system32\ati2evxx.exe -- (Ati HotKey Poller) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc) DRV - [2010/02/17 04:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/02/17 04:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 04:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC) DRV - [2008/06/20 04:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2006/03/16 05:39:10 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wg111v2.sys -- (RTLWUSB) DRV - [2005/04/01 05:43:02 | 000,066,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\Windows\system32\drivers\EAPPkt.sys -- (EAPPkt) DRV - [2004/08/04 02:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mpe.sys -- (MPE) DRV - [2004/08/04 02:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mf.sys -- (mf) DRV - [2004/08/04 02:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2004/08/04 02:00:52 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ramdisk.sys -- (Ramdisk) DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nmnt.sys -- (nm) DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gameenum.sys -- (gameenum) DRV - [2002/10/02 02:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\system32\drivers\SjyPkt.sys -- (SjyPkt) DRV - [2002/07/15 21:58:12 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2001/09/26 18:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ati2mtaa.sys -- (ati2mtaa) DRV - [2001/08/18 00:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdspx.sys -- (TDSPX) DRV - [2001/08/18 00:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdipx.sys -- (TDIPX) DRV - [2001/08/18 00:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdasync.sys -- (TDASYNC) DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\modemcsa.sys -- (MODEMCSA) DRV - [2001/08/17 15:53:26 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\scsiscan.sys -- (scsiscan) DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irsir.sys -- (irsir) DRV - [2001/08/17 15:49:58 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001/08/17 15:49:40 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\system32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2001/08/17 15:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstusb.sys -- (STIrUsb) DRV - [2001/08/17 15:49:04 | 000,024,576 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viairda.sys -- (VIAIRDA) DRV - [2001/08/17 15:49:04 | 000,023,552 | ---- | M] (MKNet Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irmk7.sys -- (SIERRA) MKNet MK7100-based VFIR (16Mbps) DRV - [2001/08/17 15:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\alifir.sys -- (ALiIRDA) DRV - [2001/08/17 15:36:48 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\system32\winsock.dll -- (Winsock) DRV - [2001/08/17 14:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wbfirdma.sys -- (WBFIRDMA) DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (NECIRDA) DRV - [2001/08/17 14:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tos4mo.sys -- (OBOE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/ IE - HKU\Computer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\Computer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 06:16:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 06:16:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/08 13:27:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/04 08:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/12/03 16:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007/06/11 07:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll [2009/07/16 05:25:53 | 000,001,412 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\demauro.xml [2009/07/16 05:25:53 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml [2009/07/16 05:25:53 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml [2009/07/16 05:25:53 | 000,000,649 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\Computer_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKU\Computer_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2007/12/03 15:15:03 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2007/12/03 15:15:05 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2007/12/03 15:15:18 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2007/12/03 15:15:15 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini () O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Recent [2007/12/03 15:15:15 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2007/12/03 15:15:03 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\All Users\Application Data [2010/03/04 07:41:27 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\All Users\Desktop [2010/03/04 09:21:58 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users\Documents [2007/12/03 16:11:55 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users\DRM [2007/12/03 15:00:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\All Users\Favorites [2008/02/20 14:31:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat () O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2007/12/03 15:51:46 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Application Data [2010/03/04 21:30:43 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Desktop [2010/03/04 21:30:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Documents [2010/03/04 20:53:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\DRM [2010/03/04 20:57:51 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Start Menu [2010/03/04 21:04:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Templates [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\.gimp-2.4 [2009/06/25 16:15:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\.gtk-bookmarks () O4 - Startup: C:\Documents and Settings\Computer\.recently-used.xbel () O4 - Startup: C:\Documents and Settings\Computer\.thumbnails [2007/12/20 15:48:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Application Data [2010/03/06 17:18:49 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\Contacts [2008/03/01 05:46:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Cookies [2010/03/04 08:58:50 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\Computer\Desktop [2010/03/04 09:25:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Favorites [2008/11/03 09:16:41 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Computer\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\NetHood [2008/01/23 05:13:42 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Computer\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Computer\ntuser.ini () O4 - Startup: C:\Documents and Settings\Computer\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\Recent [2010/03/04 07:19:45 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\SendTo [2007/12/03 16:50:45 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Computer\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\UserData [2007/12/03 15:58:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\Default User\Application Data [2007/12/03 14:53:06 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\Cookies [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\Favorites [2007/12/03 14:53:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2007/12/03 14:53:06 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\My Documents [2007/12/03 14:53:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Default User\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\Recent [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\SendTo [2007/12/03 15:00:01 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Default User\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Application Data [2010/03/04 12:27:19 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Local Settings [2010/03/04 12:27:19 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\My Documents [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Default User.WINREC\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Recent [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\SendTo [2010/03/04 20:55:55 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2007/12/03 15:44:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2007/12/03 15:04:30 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data [2010/03/04 21:06:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies [2010/03/04 21:06:29 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings [2010/03/04 21:06:27 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Recent [2010/03/05 18:09:01 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2007/12/03 15:45:00 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2007/12/03 15:04:29 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data [2010/03/04 21:05:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings [2010/03/04 21:05:48 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Recent [2010/03/05 18:33:25 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Application Data [2010/03/04 21:30:55 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\roger\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\roger\Favorites [2010/03/04 21:10:49 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\Local Settings [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\My Documents [2010/03/04 21:10:47 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\roger\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\roger\ntuser.ini () O4 - Startup: C:\Documents and Settings\roger\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\Recent [2010/03/05 18:44:09 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\SendTo [2010/03/04 21:10:33 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\rsvpsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\rsvpsp.dll File not found O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/03/06 19:52:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft [2010/03/06 19:51:04 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp [2010/03/06 19:51:03 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies [2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent [2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures [2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music [2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents [2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop [2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data [2010/03/06 17:18:48 | 000,000,000 | ---D | C] -- C:\_OTL [2010/03/05 18:23:19 | 000,000,000 | ---D | C] -- C:\ps [2010/03/05 15:22:28 | 000,000,000 | ---D | C] -- D:\ps [2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2010/03/04 20:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2010/03/04 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2010/03/04 20:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2010/03/04 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2010/03/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2010/03/04 20:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN [2010/03/04 18:15:42 | 007,071,296 | ---- | C] (Macrovision Corporation) -- D:\Setup.exe [2010/03/04 15:35:30 | 000,000,000 | ---D | C] -- D:\lspfix [2010/03/04 13:37:48 | 004,492,328 | ---- | C] (Malwarebytes Corporation ) -- D:\mbam-rules.exe [2010/03/04 13:37:46 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- D:\mbam-setup.exe [2010/03/04 13:25:41 | 000,000,000 | RHSD | C] -- D:\RECYCLER [2010/03/04 13:24:36 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\SASDEFINITIONS.EXE [2010/03/04 12:14:07 | 000,000,000 | ---D | C] -- C:\WINREC [2010/03/04 09:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/03/04 08:48:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe [2010/03/04 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\Malwarebytes [2010/03/04 07:41:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/04 07:41:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/04 07:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/04 07:25:59 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE [2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\SUPERAntiSpyware.com [2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/03/04 06:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/03/04 06:33:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/03/04 06:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/03/04 06:26:25 | 000,000,000 | ---D | C] -- C:\SDFix [2010/03/04 05:58:46 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2010/03/04 05:58:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hid.dll [2010/03/04 05:58:31 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2010/02/27 17:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump ========== Files - Modified Within 30 Days ========== [2010/03/06 19:54:45 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/03/06 17:19:22 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/03/06 16:05:37 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/03/04 20:49:17 | 000,000,304 | -HS- | M] () -- C:\boot.bak [2010/03/04 15:19:58 | 031,424,312 | ---- | M] () -- D:\vpsupd.exe [2010/03/04 15:15:20 | 044,696,968 | ---- | M] () -- D:\setup_av_free.exe [2010/03/04 13:37:34 | 004,492,328 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-rules.exe [2010/03/04 13:37:06 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-setup.exe [2010/03/04 13:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\SASDEFINITIONS.EXE [2010/03/04 12:54:26 | 003,327,000 | ---- | M] () -- D:\WindowsXP-KB942288-v3-x86.exe [2010/03/04 12:22:10 | 007,757,856 | ---- | M] () -- D:\SUPERAntiSpyware.exe [2010/03/04 12:20:24 | 001,529,241 | ---- | M] () -- D:\SDFix.exe [2010/03/04 12:20:02 | 004,119,394 | ---- | M] () -- D:\ComboFix.exe [2010/03/04 09:37:55 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/03/04 09:37:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Computer\ntuser.ini [2010/03/04 09:37:48 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Computer\NTUSER.DAT [2010/03/04 09:37:45 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\IconCache.db [2010/03/04 09:25:32 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk [2010/03/04 09:12:33 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/03/04 09:11:52 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini [2010/03/04 09:11:52 | 000,000,012 | ---- | M] () -- C:\Windows\system.ini [2010/03/04 08:55:49 | 004,119,394 | R--- | M] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe [2010/03/04 08:50:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe [2010/03/04 08:33:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/04 07:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE [2010/03/04 05:55:20 | 000,002,184 | ---- | M] () -- C:\Windows\System32\wpa.dbl [2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/02/22 14:38:53 | 000,051,867 | -H-- | M] () -- C:\Documents and Settings\Computer\Desktop\ZbThumbnail.info ========== Files Created - No Company Name ========== [2010/03/06 19:51:04 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/03/06 19:51:04 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/03/06 19:51:04 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/03/06 19:51:04 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/03/06 19:51:04 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/03/06 19:51:04 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/03/06 19:51:04 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/03/06 19:51:04 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/03/06 19:51:04 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/03/06 19:51:04 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/03/06 19:51:04 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/03/06 19:51:04 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/03/06 19:51:04 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/03/06 19:51:04 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/03/06 19:51:04 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/03/06 19:51:04 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/03/06 19:51:04 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/03/04 21:10:23 | 267,968,512 | -HS- | C] () -- C:\hiberfil.sys [2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2010/03/04 15:19:08 | 044,696,968 | ---- | C] () -- D:\setup_av_free.exe [2010/03/04 12:54:58 | 003,327,000 | ---- | C] () -- D:\WindowsXP-KB942288-v3-x86.exe [2010/03/04 12:23:42 | 001,529,241 | ---- | C] () -- D:\SDFix.exe [2010/03/04 12:23:41 | 004,119,394 | ---- | C] () -- D:\ComboFix.exe [2010/03/04 09:25:31 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk [2010/03/04 08:55:49 | 004,119,394 | R--- | C] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe [2008/12/10 17:49:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008/01/29 12:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008/01/26 06:04:47 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini [2008/01/26 05:49:17 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI [2008/01/26 05:49:16 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI [2007/12/16 10:23:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll [2007/12/03 16:06:50 | 000,558,592 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2007/12/03 16:06:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007/12/03 16:06:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007/12/03 16:06:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007/12/03 16:06:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007/12/03 16:06:43 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007/12/03 15:54:04 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI [2007/12/03 15:48:42 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL [2007/12/03 15:32:49 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2007/12/03 15:32:49 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2006/04/29 00:25:15 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll [2001/09/26 17:23:00 | 000,032,592 | ---- | C] () -- C:\Windows\System32\drivers\atinxsxx.sys [2001/09/26 17:22:48 | 000,020,960 | ---- | C] () -- C:\Windows\System32\drivers\atinttxx.sys [2001/09/26 17:22:40 | 000,011,760 | ---- | C] () -- C:\Windows\System32\drivers\atinpdxx.sys [2001/09/26 17:22:34 | 000,011,280 | ---- | C] () -- C:\Windows\System32\drivers\atinmdxx.sys [2001/09/26 17:22:28 | 000,032,848 | ---- | C] () -- C:\Windows\System32\drivers\atinraxx.sys [2001/09/26 17:22:04 | 000,060,464 | ---- | C] () -- C:\Windows\System32\drivers\atinbtxx.sys [2001/09/26 17:21:00 | 000,065,104 | ---- | C] () -- C:\Windows\System32\drivers\atinrvxx.sys [2001/09/26 17:20:06 | 000,032,336 | ---- | C] () -- C:\Windows\System32\drivers\atintuxx.sys ========== LOP Check ========== [2008/02/03 11:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\gtk-2.0 [2007/12/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Thunderbird [2009/08/21 05:18:29 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\WGASetup.job ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: MSAPSSPC.DLL > [2004/08/04 07:00:00 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=E484F006380A89A52CCC7828ECE5DCA0 -- C:\WINREC\system32\dllcache\msapsspc.dll [2004/08/04 07:00:00 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=E484F006380A89A52CCC7828ECE5DCA0 -- C:\WINREC\system32\msapsspc.dll < End of report >

I assume I should rename boot.ini again? I'll assume yes...

Thanks - done that - no change though - I still get (in regular and safe mode) to where the logon screen should be - but it isn't . Your scripts ran fine and the log showed all successful deletions/moves

Should be ok - I was actually following the advice here for anther case :-) (he emailed his system file from system32\config and the agent at your end "fixed" it and emailed it back). Scan looks much more productive - with the correct user accounts too. Here you go! OTL logfile created on: 3/6/2010 1:19:04 PM - Run OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy 255.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 31.00% Memory free 215.00 Mb Paging File | 91.00 Mb Available in Paging File | 42.00% Paging File free Paging file location(s): C:\pagefile.sys 192 192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 9.77 Gb Total Space | 3.33 Gb Free Space | 34.12% Space Free | Partition Type: NTFS Drive D: | 6.43 Gb Total Space | 1.70 Gb Free Space | 26.49% Space Free | Partition Type: FAT32 Drive E: | 2.93 Gb Total Space | 2.91 Gb Free Space | 99.41% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (RSVP) SRV - [2009/06/22 06:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqtgsvc.exe -- (MSMQTriggers) SRV - [2009/06/22 06:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqsvc.exe -- (MSMQ) SRV - [2009/06/05 22:59:46 | 000,164,228 | RHS- | M] () [Auto] -- C:\Documents and Settings\Computer\Application Data\zwyuhhm.dll -- (eaiwi) SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (warpkohdj) SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (vladlag) SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (rtrrfpfpu) SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (nruwksyie) SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (hljkfmr) SRV - [2009/05/20 11:00:44 | 000,164,228 | RHS- | M] () [Auto] -- C:\Program Files\Movie Maker\zwyuhhm.dll -- (anhul) SRV - [2007/01/19 06:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\snmp.exe -- (SNMP) SRV - [2004/08/04 03:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc) SRV - [2004/08/04 03:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\system32\irmon.dll -- (Irmon) SRV - [2000/11/30 09:30:40 | 000,057,344 | ---- | M] () [Disabled] -- C:\Windows\system32\ati2evxx.exe -- (Ati HotKey Poller) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | Boot] -- -- (jpvetuc) DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc) DRV - [2010/02/17 04:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/02/17 04:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 04:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC) DRV - [2008/06/20 04:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2006/03/16 05:39:10 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wg111v2.sys -- (RTLWUSB) DRV - [2005/04/01 05:43:02 | 000,066,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\Windows\system32\drivers\EAPPkt.sys -- (EAPPkt) DRV - [2004/08/04 02:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mpe.sys -- (MPE) DRV - [2004/08/04 02:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mf.sys -- (mf) DRV - [2004/08/04 02:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2004/08/04 02:00:52 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ramdisk.sys -- (Ramdisk) DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nmnt.sys -- (nm) DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gameenum.sys -- (gameenum) DRV - [2002/10/02 02:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\system32\drivers\SjyPkt.sys -- (SjyPkt) DRV - [2002/07/15 21:58:12 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2001/09/26 18:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ati2mtaa.sys -- (ati2mtaa) DRV - [2001/08/18 00:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdspx.sys -- (TDSPX) DRV - [2001/08/18 00:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdipx.sys -- (TDIPX) DRV - [2001/08/18 00:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdasync.sys -- (TDASYNC) DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\modemcsa.sys -- (MODEMCSA) DRV - [2001/08/17 15:53:26 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\scsiscan.sys -- (scsiscan) DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irsir.sys -- (irsir) DRV - [2001/08/17 15:49:58 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001/08/17 15:49:40 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\system32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2001/08/17 15:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstusb.sys -- (STIrUsb) DRV - [2001/08/17 15:49:04 | 000,024,576 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viairda.sys -- (VIAIRDA) DRV - [2001/08/17 15:49:04 | 000,023,552 | ---- | M] (MKNet Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irmk7.sys -- (SIERRA) MKNet MK7100-based VFIR (16Mbps) DRV - [2001/08/17 15:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\alifir.sys -- (ALiIRDA) DRV - [2001/08/17 15:36:48 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\system32\winsock.dll -- (Winsock) DRV - [2001/08/17 14:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wbfirdma.sys -- (WBFIRDMA) DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (NECIRDA) DRV - [2001/08/17 14:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tos4mo.sys -- (OBOE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/ IE - HKU\Computer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\Computer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 06:16:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 06:16:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/08 13:27:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/04 08:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/12/03 16:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007/06/11 07:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll [2009/07/16 05:25:53 | 000,001,412 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\demauro.xml [2009/07/16 05:25:53 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml [2009/07/16 05:25:53 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml [2009/07/16 05:25:53 | 000,000,649 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\Computer_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKU\Computer_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2007/12/03 15:15:03 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2007/12/03 15:15:05 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2007/12/03 15:15:18 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2007/12/03 15:15:15 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini () O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Recent [2007/12/03 15:15:15 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2007/12/03 15:15:03 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Administrator\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\All Users\Application Data [2010/03/04 07:41:27 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\All Users\Desktop [2010/03/04 09:21:58 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users\Documents [2007/12/03 16:11:55 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users\DRM [2007/12/03 15:00:16 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\All Users\Favorites [2008/02/20 14:31:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat () O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2007/12/03 15:51:46 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Application Data [2010/03/04 21:30:43 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Desktop [2010/03/04 21:30:52 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Documents [2010/03/04 20:53:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\DRM [2010/03/04 20:57:51 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Start Menu [2010/03/04 21:04:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\All Users.WINREC\Templates [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\.gimp-2.4 [2009/06/25 16:15:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\.gtk-bookmarks () O4 - Startup: C:\Documents and Settings\Computer\.recently-used.xbel () O4 - Startup: C:\Documents and Settings\Computer\.thumbnails [2007/12/20 15:48:15 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Application Data [2010/03/04 07:41:39 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\Contacts [2008/03/01 05:46:41 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Cookies [2010/03/04 08:58:50 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\Computer\Desktop [2010/03/04 09:25:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Computer\Favorites [2008/11/03 09:16:41 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Computer\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\NetHood [2008/01/23 05:13:42 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Computer\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Computer\ntuser.ini () O4 - Startup: C:\Documents and Settings\Computer\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\Recent [2010/03/04 07:19:45 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\SendTo [2007/12/03 16:50:45 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Computer\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Computer\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Computer\UserData [2007/12/03 15:58:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\Default User\Application Data [2007/12/03 14:53:06 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\Cookies [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\Favorites [2007/12/03 14:53:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2007/12/03 14:53:06 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\My Documents [2007/12/03 14:53:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Default User\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\Recent [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User\SendTo [2007/12/03 15:00:01 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Default User\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Application Data [2010/03/04 12:27:19 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Local Settings [2010/03/04 12:27:19 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\My Documents [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\Default User.WINREC\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Recent [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\SendTo [2010/03/04 20:55:55 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\Default User.WINREC\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2007/12/03 15:44:30 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2007/12/03 15:04:30 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data [2010/03/04 21:06:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies [2010/03/04 21:06:29 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings [2010/03/04 21:06:27 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini () O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Recent [2010/03/05 18:09:01 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2007/12/03 15:45:00 | 000,000,000 | -HSD | M] O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2007/12/03 15:04:29 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data [2010/03/04 21:05:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings [2010/03/04 21:05:48 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini () O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Recent [2010/03/05 18:33:25 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Application Data [2010/03/04 21:30:55 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M] O4 - Startup: C:\Documents and Settings\roger\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\roger\Favorites [2010/03/04 21:10:49 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\Local Settings [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\My Documents [2010/03/04 21:10:47 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\NTUSER.DAT () O4 - Startup: C:\Documents and Settings\roger\ntuser.dat.LOG () O4 - Startup: C:\Documents and Settings\roger\ntuser.ini () O4 - Startup: C:\Documents and Settings\roger\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\roger\Recent [2010/03/05 18:44:09 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\SendTo [2010/03/04 21:10:33 | 000,000,000 | RH-D | M] O4 - Startup: C:\Documents and Settings\roger\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M] O4 - Startup: C:\Documents and Settings\roger\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\rsvpsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\rsvpsp.dll File not found O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/03/06 13:15:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft [2010/03/06 13:13:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp [2010/03/06 13:13:28 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies [2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent [2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures [2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music [2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents [2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop [2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data [2010/03/05 18:23:19 | 000,000,000 | ---D | C] -- C:\ps [2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2010/03/04 20:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2010/03/04 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2010/03/04 20:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2010/03/04 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2010/03/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2010/03/04 20:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN [2010/03/04 18:10:43 | 000,000,000 | -HSD | C] -- D:\System Volume Information [2010/03/04 12:14:07 | 000,000,000 | ---D | C] -- C:\WINREC [2010/03/04 09:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/03/04 08:48:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe [2010/03/04 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\Malwarebytes [2010/03/04 07:41:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/04 07:41:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/04 07:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/04 07:25:59 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE [2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\SUPERAntiSpyware.com [2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/03/04 06:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/03/04 06:33:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/03/04 06:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/03/04 06:26:25 | 000,000,000 | ---D | C] -- C:\SDFix [2010/03/04 05:58:46 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2010/03/04 05:58:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hid.dll [2010/03/04 05:58:31 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2010/02/27 17:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [1 D:\*.tmp files -> D:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/06 16:05:37 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys [2010/03/06 13:18:35 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/03/06 13:18:13 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/03/04 20:49:17 | 000,000,304 | -HS- | M] () -- C:\boot.bak [2010/03/04 09:37:55 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/03/04 09:37:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Computer\ntuser.ini [2010/03/04 09:37:48 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Computer\NTUSER.DAT [2010/03/04 09:37:45 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\IconCache.db [2010/03/04 09:25:32 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk [2010/03/04 09:12:33 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/03/04 09:11:52 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini [2010/03/04 09:11:52 | 000,000,012 | ---- | M] () -- C:\Windows\system.ini [2010/03/04 08:55:49 | 004,119,394 | R--- | M] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe [2010/03/04 08:50:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe [2010/03/04 08:33:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/04 07:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE [2010/03/04 05:55:20 | 000,002,184 | ---- | M] () -- C:\Windows\System32\wpa.dbl [2010/03/01 23:47:36 | 000,131,072 | ---- | M] () -- D:\doc1.doc [2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/02/22 14:38:53 | 000,051,867 | -H-- | M] () -- C:\Documents and Settings\Computer\Desktop\ZbThumbnail.info [1 D:\*.tmp files -> D:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/03/06 13:13:29 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/03/06 13:13:29 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/03/06 13:13:29 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/03/06 13:13:29 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/03/06 13:13:29 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/03/06 13:13:29 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/03/06 13:13:29 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/03/06 13:13:29 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/03/06 13:13:29 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/03/06 13:13:29 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/03/06 13:13:29 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/03/06 13:13:29 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/03/06 13:13:29 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/03/06 13:13:29 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/03/06 13:13:29 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/03/06 13:13:29 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/03/06 13:13:29 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/03/04 21:10:23 | 267,968,512 | -HS- | C] () -- C:\hiberfil.sys [2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2010/03/04 09:25:31 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk [2010/03/04 08:55:49 | 004,119,394 | R--- | C] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe [2010/03/01 23:47:33 | 000,131,072 | ---- | C] () -- D:\doc1.doc [2009/06/05 22:59:46 | 000,164,228 | RHS- | C] () -- C:\Documents and Settings\Computer\Application Data\zwyuhhm.dll [2009/05/27 21:37:25 | 000,164,228 | -HS- | C] () -- C:\Windows\System32\zwyuhhm.dll [2008/12/10 17:49:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008/01/29 12:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008/01/26 06:04:47 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini [2008/01/26 05:49:17 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI [2008/01/26 05:49:16 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI [2007/12/16 10:23:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll [2007/12/03 16:06:50 | 000,558,592 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2007/12/03 16:06:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007/12/03 16:06:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007/12/03 16:06:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007/12/03 16:06:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007/12/03 16:06:43 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007/12/03 15:54:04 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI [2007/12/03 15:48:42 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL [2007/12/03 15:32:49 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2007/12/03 15:32:49 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2006/04/29 00:25:15 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll [2001/09/26 17:23:00 | 000,032,592 | ---- | C] () -- C:\Windows\System32\drivers\atinxsxx.sys [2001/09/26 17:22:48 | 000,020,960 | ---- | C] () -- C:\Windows\System32\drivers\atinttxx.sys [2001/09/26 17:22:40 | 000,011,760 | ---- | C] () -- C:\Windows\System32\drivers\atinpdxx.sys [2001/09/26 17:22:34 | 000,011,280 | ---- | C] () -- C:\Windows\System32\drivers\atinmdxx.sys [2001/09/26 17:22:28 | 000,032,848 | ---- | C] () -- C:\Windows\System32\drivers\atinraxx.sys [2001/09/26 17:22:04 | 000,060,464 | ---- | C] () -- C:\Windows\System32\drivers\atinbtxx.sys [2001/09/26 17:21:00 | 000,065,104 | ---- | C] () -- C:\Windows\System32\drivers\atinrvxx.sys [2001/09/26 17:20:06 | 000,032,336 | ---- | C] () -- C:\Windows\System32\drivers\atintuxx.sys ========== LOP Check ========== [2008/02/03 11:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\gtk-2.0 [2007/12/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Thunderbird [2009/08/21 05:18:29 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\WGASetup.job ========== Purity Check ========== < End of report >

Same partition - all on c. It was a very regular install. I just installed XP pro in \winrec as a 2nd install to do diags

I added c:\windows\*.* to the custom tab - don't know if that's enough... Here it is attached OTL2.Txt