Jump to content

Blank screen (no logon) after malwarebytes dll removal


Recommended Posts

Hi - I am mending an XP PC and malwarebytes found a virus in "embdtrst.dll" which is said it couldn't delete and would to after a restart.

Well it restarted but I now get a blank screen with just the mouse pointer and no logon. CTL-ALT-DEL does not work. Same in Safe mode with the addition of the "safe mode text".

I read a near identical post on here where someone suggested installing another XP in another folder and then using that install to access the original Xp install to then email you some files/configs.

Could you help me with this? Which data would you need?

Thanks in advance

(p.s. I have access to another clean laptop, a USB key, and the "extra " install of XP is now in place in the infected machine)

Link to post
Share on other sites

Hello, and welcome to Malwarebytes forum!

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist

    [*]Press Run Scan to start the scan.

    [*]When finished, the file will be saved in drive C:\OTL.txt

    [*]Copy this file to your USB drive if you do not have internet connection on this system

    [*]Please post the contents of the OTL.txt file in your reply.

Link to post
Share on other sites

Thanks! - Here is the text file: (note that the installation of XP in C:\WINREC is a temporary new one that I installed so as to get disk access - there is no other purpose for this installation - the important one is c:\WINDOWS). I also used the WINREC install to take ownership of the "system volume information folder - to take a look.

File attached - although it seems to have scanned the WINREC installation and not the WINDOWS one...

OTL.Txt

Link to post
Share on other sites

Update - it's definately scanned C:\WINREC instead of c:\WINDOWS :-( - I can't see how to change it?

Just to clarify - the install in c:\winrec is fine - it's c:\windows that isn't. I get a choice to boot either and it's the c:\windows install (XP fundamentals) that gets stuck with no logon screen

Link to post
Share on other sites

I see what you mean. I'll check with OTLPE's developper to see if there is a way we can scan the windows installation that is not booting properly.

Do you know if the second installation was made on another partition and if so on which one?

Link to post
Share on other sites

Well, lets hope that this install on the C drive did not mess up your old installation B)

For now, boot from the CD and on the Reatogo desktop, doubleclick on My Computer, then on your C drive.

Look for the following file: c:\boot.ini

Right-click on this file and rename it to boot.bak

Now run OTLPE. You will be asked to select the folder with your windows installation, select c:\windows there, this will start the scan in your old installation.

Note, at this point most likely you will get an error message when trying to boot in your Winrec installation. This is easy to fix by renaming back boot.bak to boot.ini, but until we are ready with OTLPE we need to keep boot.ini renamed, otherwise it will not run.

Link to post
Share on other sites

Should be ok - I was actually following the advice here for anther case :-) (he emailed his system file from system32\config and the agent at your end "fixed" it and emailed it back).

Scan looks much more productive - with the correct user accounts too. Here you go!

OTL logfile created on: 3/6/2010 1:19:04 PM - Run

OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

255.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 31.00% Memory free

215.00 Mb Paging File | 91.00 Mb Available in Paging File | 42.00% Paging File free

Paging file location(s): C:\pagefile.sys 192 192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 9.77 Gb Total Space | 3.33 Gb Free Space | 34.12% Space Free | Partition Type: NTFS

Drive D: | 6.43 Gb Total Space | 1.70 Gb Free Space | 26.49% Space Free | Partition Type: FAT32

Drive E: | 2.93 Gb Total Space | 2.91 Gb Free Space | 99.41% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (RSVP)

SRV - [2009/06/22 06:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqtgsvc.exe -- (MSMQTriggers)

SRV - [2009/06/22 06:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqsvc.exe -- (MSMQ)

SRV - [2009/06/05 22:59:46 | 000,164,228 | RHS- | M] () [Auto] -- C:\Documents and Settings\Computer\Application Data\zwyuhhm.dll -- (eaiwi)

SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (warpkohdj)

SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (vladlag)

SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (rtrrfpfpu)

SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (nruwksyie)

SRV - [2009/05/27 21:37:25 | 000,164,228 | -HS- | M] () [Auto] -- C:\Windows\system32\zwyuhhm.dll -- (hljkfmr)

SRV - [2009/05/20 11:00:44 | 000,164,228 | RHS- | M] () [Auto] -- C:\Program Files\Movie Maker\zwyuhhm.dll -- (anhul)

SRV - [2007/01/19 06:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\snmp.exe -- (SNMP)

SRV - [2004/08/04 03:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc)

SRV - [2004/08/04 03:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\system32\irmon.dll -- (Irmon)

SRV - [2000/11/30 09:30:40 | 000,057,344 | ---- | M] () [Disabled] -- C:\Windows\system32\ati2evxx.exe -- (Ati HotKey Poller)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | Boot] -- -- (jpvetuc)

DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)

DRV - [2010/02/17 04:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 04:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 04:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC)

DRV - [2008/06/20 04:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2006/03/16 05:39:10 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wg111v2.sys -- (RTLWUSB)

DRV - [2005/04/01 05:43:02 | 000,066,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\Windows\system32\drivers\EAPPkt.sys -- (EAPPkt)

DRV - [2004/08/04 02:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mpe.sys -- (MPE)

DRV - [2004/08/04 02:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mf.sys -- (mf)

DRV - [2004/08/04 02:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nscirda.sys -- (NSCIRDA)

DRV - [2004/08/04 02:00:52 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ramdisk.sys -- (Ramdisk)

DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nmnt.sys -- (nm)

DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2002/10/02 02:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\system32\drivers\SjyPkt.sys -- (SjyPkt)

DRV - [2002/07/15 21:58:12 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001/09/26 18:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ati2mtaa.sys -- (ati2mtaa)

DRV - [2001/08/18 00:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdspx.sys -- (TDSPX)

DRV - [2001/08/18 00:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdipx.sys -- (TDIPX)

DRV - [2001/08/18 00:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdasync.sys -- (TDASYNC)

DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\modemcsa.sys -- (MODEMCSA)

DRV - [2001/08/17 15:53:26 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\scsiscan.sys -- (scsiscan)

DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irsir.sys -- (irsir)

DRV - [2001/08/17 15:49:58 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2001/08/17 15:49:40 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\system32\drivers\fs_rec.sys -- (Fs_Rec)

DRV - [2001/08/17 15:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstusb.sys -- (STIrUsb)

DRV - [2001/08/17 15:49:04 | 000,024,576 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viairda.sys -- (VIAIRDA)

DRV - [2001/08/17 15:49:04 | 000,023,552 | ---- | M] (MKNet Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irmk7.sys -- (SIERRA) MKNet MK7100-based VFIR (16Mbps)

DRV - [2001/08/17 15:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\alifir.sys -- (ALiIRDA)

DRV - [2001/08/17 15:36:48 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\system32\winsock.dll -- (Winsock)

DRV - [2001/08/17 14:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wbfirdma.sys -- (WBFIRDMA)

DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (NECIRDA)

DRV - [2001/08/17 14:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tos4mo.sys -- (OBOE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/

IE - HKU\Computer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\Computer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 06:16:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 06:16:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/08 13:27:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/04 08:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/12/03 16:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2007/06/11 07:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

[2009/07/16 05:25:53 | 000,001,412 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\demauro.xml

[2009/07/16 05:25:53 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml

[2009/07/16 05:25:53 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml

[2009/07/16 05:25:53 | 000,000,649 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\Computer_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O4 - HKU\Computer_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2007/12/03 15:15:03 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2007/12/03 15:15:05 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2007/12/03 15:15:18 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2007/12/03 15:15:15 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Recent [2007/12/03 15:15:15 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2007/12/03 15:15:03 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\All Users\Application Data [2010/03/04 07:41:27 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\All Users\Desktop [2010/03/04 09:21:58 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users\Documents [2007/12/03 16:11:55 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users\DRM [2007/12/03 15:00:16 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\All Users\Favorites [2008/02/20 14:31:01 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat ()

O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2007/12/03 15:51:46 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Application Data [2010/03/04 21:30:43 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Desktop [2010/03/04 21:30:52 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Documents [2010/03/04 20:53:34 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\DRM [2010/03/04 20:57:51 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Start Menu [2010/03/04 21:04:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Templates [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\.gimp-2.4 [2009/06/25 16:15:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\.gtk-bookmarks ()

O4 - Startup: C:\Documents and Settings\Computer\.recently-used.xbel ()

O4 - Startup: C:\Documents and Settings\Computer\.thumbnails [2007/12/20 15:48:15 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Application Data [2010/03/04 07:41:39 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Contacts [2008/03/01 05:46:41 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Cookies [2010/03/04 08:58:50 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\Computer\Desktop [2010/03/04 09:25:31 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Favorites [2008/11/03 09:16:41 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Computer\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\NetHood [2008/01/23 05:13:42 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Computer\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Computer\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\Computer\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Recent [2010/03/04 07:19:45 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\SendTo [2007/12/03 16:50:45 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Computer\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\UserData [2007/12/03 15:58:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\Default User\Application Data [2007/12/03 14:53:06 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Cookies [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\Favorites [2007/12/03 14:53:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2007/12/03 14:53:06 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\My Documents [2007/12/03 14:53:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Default User\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Recent [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\SendTo [2007/12/03 15:00:01 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Default User\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Application Data [2010/03/04 12:27:19 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Local Settings [2010/03/04 12:27:19 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\My Documents [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Default User.WINREC\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Recent [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\SendTo [2010/03/04 20:55:55 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2007/12/03 15:44:30 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2007/12/03 15:04:30 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data [2010/03/04 21:06:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies [2010/03/04 21:06:29 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings [2010/03/04 21:06:27 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Recent [2010/03/05 18:09:01 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2007/12/03 15:45:00 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2007/12/03 15:04:29 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data [2010/03/04 21:05:47 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings [2010/03/04 21:05:48 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Recent [2010/03/05 18:33:25 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Application Data [2010/03/04 21:30:55 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\roger\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\roger\Favorites [2010/03/04 21:10:49 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\Local Settings [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\My Documents [2010/03/04 21:10:47 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\roger\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\roger\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\roger\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\Recent [2010/03/05 18:44:09 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\SendTo [2010/03/04 21:10:33 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\rsvpsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\rsvpsp.dll File not found

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/06 13:15:27 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft

[2010/03/06 13:13:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp

[2010/03/06 13:13:28 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies

[2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent

[2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures

[2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music

[2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents

[2010/03/06 13:13:28 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop

[2010/03/06 13:13:28 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data

[2010/03/05 18:23:19 | 000,000,000 | ---D | C] -- C:\ps

[2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox

[2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2010/03/04 20:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services

[2010/03/04 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap

[2010/03/04 20:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting

[2010/03/04 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express

[2010/03/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone

[2010/03/04 20:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN

[2010/03/04 18:10:43 | 000,000,000 | -HSD | C] -- D:\System Volume Information

[2010/03/04 12:14:07 | 000,000,000 | ---D | C] -- C:\WINREC

[2010/03/04 09:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/03/04 08:48:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe

[2010/03/04 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\Malwarebytes

[2010/03/04 07:41:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/03/04 07:41:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/03/04 07:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/04 07:25:59 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE

[2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\SUPERAntiSpyware.com

[2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/03/04 06:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/03/04 06:33:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/03/04 06:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/04 06:26:25 | 000,000,000 | ---D | C] -- C:\SDFix

[2010/03/04 05:58:46 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys

[2010/03/04 05:58:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hid.dll

[2010/03/04 05:58:31 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys

[2010/02/27 17:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/06 16:05:37 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/06 13:18:35 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/03/06 13:18:13 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk

[2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/03/04 20:49:17 | 000,000,304 | -HS- | M] () -- C:\boot.bak

[2010/03/04 09:37:55 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/03/04 09:37:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Computer\ntuser.ini

[2010/03/04 09:37:48 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Computer\NTUSER.DAT

[2010/03/04 09:37:45 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\IconCache.db

[2010/03/04 09:25:32 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk

[2010/03/04 09:12:33 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/03/04 09:11:52 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini

[2010/03/04 09:11:52 | 000,000,012 | ---- | M] () -- C:\Windows\system.ini

[2010/03/04 08:55:49 | 004,119,394 | R--- | M] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe

[2010/03/04 08:50:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe

[2010/03/04 08:33:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/04 07:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE

[2010/03/04 05:55:20 | 000,002,184 | ---- | M] () -- C:\Windows\System32\wpa.dbl

[2010/03/01 23:47:36 | 000,131,072 | ---- | M] () -- D:\doc1.doc

[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk

[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk

[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk

[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk

[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk

[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk

[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk

[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk

[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk

[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk

[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk

[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk

[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk

[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk

[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk

[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk

[2010/02/22 14:38:53 | 000,051,867 | -H-- | M] () -- C:\Documents and Settings\Computer\Desktop\ZbThumbnail.info

[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/06 13:13:29 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk

[2010/03/06 13:13:29 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk

[2010/03/06 13:13:29 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk

[2010/03/06 13:13:29 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk

[2010/03/06 13:13:29 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk

[2010/03/06 13:13:29 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk

[2010/03/06 13:13:29 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk

[2010/03/06 13:13:29 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk

[2010/03/06 13:13:29 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk

[2010/03/06 13:13:29 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk

[2010/03/06 13:13:29 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk

[2010/03/06 13:13:29 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk

[2010/03/06 13:13:29 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk

[2010/03/06 13:13:29 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk

[2010/03/06 13:13:29 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk

[2010/03/06 13:13:29 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk

[2010/03/06 13:13:29 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk

[2010/03/04 21:10:23 | 267,968,512 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2010/03/04 09:25:31 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk

[2010/03/04 08:55:49 | 004,119,394 | R--- | C] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe

[2010/03/01 23:47:33 | 000,131,072 | ---- | C] () -- D:\doc1.doc

[2009/06/05 22:59:46 | 000,164,228 | RHS- | C] () -- C:\Documents and Settings\Computer\Application Data\zwyuhhm.dll

[2009/05/27 21:37:25 | 000,164,228 | -HS- | C] () -- C:\Windows\System32\zwyuhhm.dll

[2008/12/10 17:49:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/01/29 12:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI

[2008/01/26 06:04:47 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini

[2008/01/26 05:49:17 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI

[2008/01/26 05:49:16 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI

[2007/12/16 10:23:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll

[2007/12/03 16:06:50 | 000,558,592 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2007/12/03 16:06:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2007/12/03 16:06:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2007/12/03 16:06:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2007/12/03 16:06:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2007/12/03 16:06:43 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2007/12/03 15:54:04 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/12/03 15:48:42 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL

[2007/12/03 15:32:49 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll

[2007/12/03 15:32:49 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll

[2006/04/29 00:25:15 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll

[2001/09/26 17:23:00 | 000,032,592 | ---- | C] () -- C:\Windows\System32\drivers\atinxsxx.sys

[2001/09/26 17:22:48 | 000,020,960 | ---- | C] () -- C:\Windows\System32\drivers\atinttxx.sys

[2001/09/26 17:22:40 | 000,011,760 | ---- | C] () -- C:\Windows\System32\drivers\atinpdxx.sys

[2001/09/26 17:22:34 | 000,011,280 | ---- | C] () -- C:\Windows\System32\drivers\atinmdxx.sys

[2001/09/26 17:22:28 | 000,032,848 | ---- | C] () -- C:\Windows\System32\drivers\atinraxx.sys

[2001/09/26 17:22:04 | 000,060,464 | ---- | C] () -- C:\Windows\System32\drivers\atinbtxx.sys

[2001/09/26 17:21:00 | 000,065,104 | ---- | C] () -- C:\Windows\System32\drivers\atinrvxx.sys

[2001/09/26 17:20:06 | 000,032,336 | ---- | C] () -- C:\Windows\System32\drivers\atintuxx.sys

========== LOP Check ==========

[2008/02/03 11:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\gtk-2.0

[2007/12/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Thunderbird

[2009/08/21 05:18:29 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Hello again,

First of all, I hope you won't get any trouble with your documents that changed ownership, but I suspect you will need to reverse the process once your old install will work again.

Please re-open OTLPE, and copy/paste the text in the codebox below into the "custom scan/fix" field. Click "run fix".

:services
jpvetuc
eaiwi
warpkohdj
vladlag
rtrrfpfpu
nruwksyie
hljkfmr
anhul

:files
C:\Documents and Settings\Computer\Application Data\zwyuhhm.dll
C:\Windows\system32\zwyuhhm.dll
C:\Program Files\Movie Maker\zwyuhhm.dll

Afterwards try to boot normally in windows (note, you will need to rename c:\boot.bak to c:\boot.ini first).

Link to post
Share on other sites

OTL logfile created on: 3/6/2010 7:56:25 PM - Run

OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

255.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 31.00% Memory free

215.00 Mb Paging File | 91.00 Mb Available in Paging File | 42.00% Paging File free

Paging file location(s): C:\pagefile.sys 192 192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 9.77 Gb Total Space | 3.52 Gb Free Space | 36.04% Space Free | Partition Type: NTFS

Drive D: | 1005.98 Mb Total Space | 878.50 Mb Free Space | 87.33% Space Free | Partition Type: FAT32

Drive E: | 6.43 Gb Total Space | 1.70 Gb Free Space | 26.49% Space Free | Partition Type: FAT32

Drive F: | 2.93 Gb Total Space | 2.91 Gb Free Space | 99.41% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (RSVP)

SRV - [2009/06/22 06:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqtgsvc.exe -- (MSMQTriggers)

SRV - [2009/06/22 06:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqsvc.exe -- (MSMQ)

SRV - [2007/01/19 06:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\snmp.exe -- (SNMP)

SRV - [2004/08/04 03:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc)

SRV - [2004/08/04 03:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\system32\irmon.dll -- (Irmon)

SRV - [2000/11/30 09:30:40 | 000,057,344 | ---- | M] () [Disabled] -- C:\Windows\system32\ati2evxx.exe -- (Ati HotKey Poller)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)

DRV - [2010/02/17 04:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 04:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 04:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC)

DRV - [2008/06/20 04:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2006/03/16 05:39:10 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wg111v2.sys -- (RTLWUSB)

DRV - [2005/04/01 05:43:02 | 000,066,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\Windows\system32\drivers\EAPPkt.sys -- (EAPPkt)

DRV - [2004/08/04 02:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mpe.sys -- (MPE)

DRV - [2004/08/04 02:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mf.sys -- (mf)

DRV - [2004/08/04 02:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nscirda.sys -- (NSCIRDA)

DRV - [2004/08/04 02:00:52 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ramdisk.sys -- (Ramdisk)

DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nmnt.sys -- (nm)

DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2002/10/02 02:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\system32\drivers\SjyPkt.sys -- (SjyPkt)

DRV - [2002/07/15 21:58:12 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001/09/26 18:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ati2mtaa.sys -- (ati2mtaa)

DRV - [2001/08/18 00:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdspx.sys -- (TDSPX)

DRV - [2001/08/18 00:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdipx.sys -- (TDIPX)

DRV - [2001/08/18 00:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdasync.sys -- (TDASYNC)

DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\modemcsa.sys -- (MODEMCSA)

DRV - [2001/08/17 15:53:26 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\scsiscan.sys -- (scsiscan)

DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irsir.sys -- (irsir)

DRV - [2001/08/17 15:49:58 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2001/08/17 15:49:40 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\system32\drivers\fs_rec.sys -- (Fs_Rec)

DRV - [2001/08/17 15:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstusb.sys -- (STIrUsb)

DRV - [2001/08/17 15:49:04 | 000,024,576 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viairda.sys -- (VIAIRDA)

DRV - [2001/08/17 15:49:04 | 000,023,552 | ---- | M] (MKNet Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irmk7.sys -- (SIERRA) MKNet MK7100-based VFIR (16Mbps)

DRV - [2001/08/17 15:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\alifir.sys -- (ALiIRDA)

DRV - [2001/08/17 15:36:48 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\system32\winsock.dll -- (Winsock)

DRV - [2001/08/17 14:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wbfirdma.sys -- (WBFIRDMA)

DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (NECIRDA)

DRV - [2001/08/17 14:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tos4mo.sys -- (OBOE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/

IE - HKU\Computer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\Computer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 06:16:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 06:16:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/08 13:27:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/04 08:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/12/03 16:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2007/06/11 07:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

[2009/07/16 05:25:53 | 000,001,412 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\demauro.xml

[2009/07/16 05:25:53 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml

[2009/07/16 05:25:53 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml

[2009/07/16 05:25:53 | 000,000,649 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\Computer_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O4 - HKU\Computer_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2007/12/03 15:15:03 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2007/12/03 15:15:05 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2007/12/03 15:15:18 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2007/12/03 15:15:15 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Recent [2007/12/03 15:15:15 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2007/12/03 15:15:03 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\All Users\Application Data [2010/03/04 07:41:27 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\All Users\Desktop [2010/03/04 09:21:58 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users\Documents [2007/12/03 16:11:55 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users\DRM [2007/12/03 15:00:16 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\All Users\Favorites [2008/02/20 14:31:01 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat ()

O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2007/12/03 15:51:46 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Application Data [2010/03/04 21:30:43 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Desktop [2010/03/04 21:30:52 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Documents [2010/03/04 20:53:34 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\DRM [2010/03/04 20:57:51 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Start Menu [2010/03/04 21:04:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Templates [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\.gimp-2.4 [2009/06/25 16:15:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\.gtk-bookmarks ()

O4 - Startup: C:\Documents and Settings\Computer\.recently-used.xbel ()

O4 - Startup: C:\Documents and Settings\Computer\.thumbnails [2007/12/20 15:48:15 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Application Data [2010/03/06 17:18:49 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Contacts [2008/03/01 05:46:41 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Cookies [2010/03/04 08:58:50 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\Computer\Desktop [2010/03/04 09:25:31 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Favorites [2008/11/03 09:16:41 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Computer\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\NetHood [2008/01/23 05:13:42 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Computer\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Computer\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\Computer\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Recent [2010/03/04 07:19:45 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\SendTo [2007/12/03 16:50:45 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Computer\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\UserData [2007/12/03 15:58:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\Default User\Application Data [2007/12/03 14:53:06 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Cookies [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\Favorites [2007/12/03 14:53:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2007/12/03 14:53:06 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\My Documents [2007/12/03 14:53:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Default User\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Recent [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\SendTo [2007/12/03 15:00:01 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Default User\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Application Data [2010/03/04 12:27:19 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Local Settings [2010/03/04 12:27:19 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\My Documents [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Default User.WINREC\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Recent [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\SendTo [2010/03/04 20:55:55 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2007/12/03 15:44:30 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2007/12/03 15:04:30 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data [2010/03/04 21:06:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies [2010/03/04 21:06:29 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings [2010/03/04 21:06:27 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Recent [2010/03/05 18:09:01 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2007/12/03 15:45:00 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2007/12/03 15:04:29 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data [2010/03/04 21:05:47 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings [2010/03/04 21:05:48 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Recent [2010/03/05 18:33:25 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Application Data [2010/03/04 21:30:55 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\roger\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\roger\Favorites [2010/03/04 21:10:49 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\Local Settings [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\My Documents [2010/03/04 21:10:47 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\roger\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\roger\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\roger\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\Recent [2010/03/05 18:44:09 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\SendTo [2010/03/04 21:10:33 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\rsvpsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\rsvpsp.dll File not found

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/06 19:52:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft

[2010/03/06 19:51:04 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp

[2010/03/06 19:51:03 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies

[2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent

[2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures

[2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music

[2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents

[2010/03/06 19:51:03 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop

[2010/03/06 19:51:03 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data

[2010/03/06 17:18:48 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/03/05 18:23:19 | 000,000,000 | ---D | C] -- C:\ps

[2010/03/05 15:22:28 | 000,000,000 | ---D | C] -- D:\ps

[2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox

[2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2010/03/04 20:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services

[2010/03/04 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap

[2010/03/04 20:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting

[2010/03/04 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express

[2010/03/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone

[2010/03/04 20:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN

[2010/03/04 18:15:42 | 007,071,296 | ---- | C] (Macrovision Corporation) -- D:\Setup.exe

[2010/03/04 15:35:30 | 000,000,000 | ---D | C] -- D:\lspfix

[2010/03/04 13:37:48 | 004,492,328 | ---- | C] (Malwarebytes Corporation ) -- D:\mbam-rules.exe

[2010/03/04 13:37:46 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- D:\mbam-setup.exe

[2010/03/04 13:25:41 | 000,000,000 | RHSD | C] -- D:\RECYCLER

[2010/03/04 13:24:36 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\SASDEFINITIONS.EXE

[2010/03/04 12:14:07 | 000,000,000 | ---D | C] -- C:\WINREC

[2010/03/04 09:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/03/04 08:48:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe

[2010/03/04 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\Malwarebytes

[2010/03/04 07:41:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/03/04 07:41:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/03/04 07:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/04 07:25:59 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE

[2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\SUPERAntiSpyware.com

[2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/03/04 06:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/03/04 06:33:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/03/04 06:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/04 06:26:25 | 000,000,000 | ---D | C] -- C:\SDFix

[2010/03/04 05:58:46 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys

[2010/03/04 05:58:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hid.dll

[2010/03/04 05:58:31 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys

[2010/02/27 17:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2010/03/06 19:54:45 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk

[2010/03/06 17:19:22 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/03/06 16:05:37 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/03/04 20:49:17 | 000,000,304 | -HS- | M] () -- C:\boot.bak

[2010/03/04 15:19:58 | 031,424,312 | ---- | M] () -- D:\vpsupd.exe

[2010/03/04 15:15:20 | 044,696,968 | ---- | M] () -- D:\setup_av_free.exe

[2010/03/04 13:37:34 | 004,492,328 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-rules.exe

[2010/03/04 13:37:06 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-setup.exe

[2010/03/04 13:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\SASDEFINITIONS.EXE

[2010/03/04 12:54:26 | 003,327,000 | ---- | M] () -- D:\WindowsXP-KB942288-v3-x86.exe

[2010/03/04 12:22:10 | 007,757,856 | ---- | M] () -- D:\SUPERAntiSpyware.exe

[2010/03/04 12:20:24 | 001,529,241 | ---- | M] () -- D:\SDFix.exe

[2010/03/04 12:20:02 | 004,119,394 | ---- | M] () -- D:\ComboFix.exe

[2010/03/04 09:37:55 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/03/04 09:37:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Computer\ntuser.ini

[2010/03/04 09:37:48 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Computer\NTUSER.DAT

[2010/03/04 09:37:45 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\IconCache.db

[2010/03/04 09:25:32 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk

[2010/03/04 09:12:33 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/03/04 09:11:52 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini

[2010/03/04 09:11:52 | 000,000,012 | ---- | M] () -- C:\Windows\system.ini

[2010/03/04 08:55:49 | 004,119,394 | R--- | M] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe

[2010/03/04 08:50:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe

[2010/03/04 08:33:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/04 07:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE

[2010/03/04 05:55:20 | 000,002,184 | ---- | M] () -- C:\Windows\System32\wpa.dbl

[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk

[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk

[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk

[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk

[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk

[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk

[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk

[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk

[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk

[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk

[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk

[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk

[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk

[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk

[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk

[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk

[2010/02/22 14:38:53 | 000,051,867 | -H-- | M] () -- C:\Documents and Settings\Computer\Desktop\ZbThumbnail.info

========== Files Created - No Company Name ==========

[2010/03/06 19:51:04 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk

[2010/03/06 19:51:04 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk

[2010/03/06 19:51:04 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk

[2010/03/06 19:51:04 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk

[2010/03/06 19:51:04 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk

[2010/03/06 19:51:04 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk

[2010/03/06 19:51:04 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk

[2010/03/06 19:51:04 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk

[2010/03/06 19:51:04 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk

[2010/03/06 19:51:04 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk

[2010/03/06 19:51:04 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk

[2010/03/06 19:51:04 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk

[2010/03/06 19:51:04 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk

[2010/03/06 19:51:04 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk

[2010/03/06 19:51:04 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk

[2010/03/06 19:51:04 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk

[2010/03/06 19:51:04 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk

[2010/03/04 21:10:23 | 267,968,512 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2010/03/04 15:19:08 | 044,696,968 | ---- | C] () -- D:\setup_av_free.exe

[2010/03/04 12:54:58 | 003,327,000 | ---- | C] () -- D:\WindowsXP-KB942288-v3-x86.exe

[2010/03/04 12:23:42 | 001,529,241 | ---- | C] () -- D:\SDFix.exe

[2010/03/04 12:23:41 | 004,119,394 | ---- | C] () -- D:\ComboFix.exe

[2010/03/04 09:25:31 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk

[2010/03/04 08:55:49 | 004,119,394 | R--- | C] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe

[2008/12/10 17:49:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/01/29 12:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI

[2008/01/26 06:04:47 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini

[2008/01/26 05:49:17 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI

[2008/01/26 05:49:16 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI

[2007/12/16 10:23:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll

[2007/12/03 16:06:50 | 000,558,592 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2007/12/03 16:06:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2007/12/03 16:06:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2007/12/03 16:06:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2007/12/03 16:06:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2007/12/03 16:06:43 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2007/12/03 15:54:04 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/12/03 15:48:42 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL

[2007/12/03 15:32:49 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll

[2007/12/03 15:32:49 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll

[2006/04/29 00:25:15 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll

[2001/09/26 17:23:00 | 000,032,592 | ---- | C] () -- C:\Windows\System32\drivers\atinxsxx.sys

[2001/09/26 17:22:48 | 000,020,960 | ---- | C] () -- C:\Windows\System32\drivers\atinttxx.sys

[2001/09/26 17:22:40 | 000,011,760 | ---- | C] () -- C:\Windows\System32\drivers\atinpdxx.sys

[2001/09/26 17:22:34 | 000,011,280 | ---- | C] () -- C:\Windows\System32\drivers\atinmdxx.sys

[2001/09/26 17:22:28 | 000,032,848 | ---- | C] () -- C:\Windows\System32\drivers\atinraxx.sys

[2001/09/26 17:22:04 | 000,060,464 | ---- | C] () -- C:\Windows\System32\drivers\atinbtxx.sys

[2001/09/26 17:21:00 | 000,065,104 | ---- | C] () -- C:\Windows\System32\drivers\atinrvxx.sys

[2001/09/26 17:20:06 | 000,032,336 | ---- | C] () -- C:\Windows\System32\drivers\atintuxx.sys

========== LOP Check ==========

[2008/02/03 11:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\gtk-2.0

[2007/12/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Thunderbird

[2009/08/21 05:18:29 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: MSAPSSPC.DLL >

[2004/08/04 07:00:00 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=E484F006380A89A52CCC7828ECE5DCA0 -- C:\WINREC\system32\dllcache\msapsspc.dll

[2004/08/04 07:00:00 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=E484F006380A89A52CCC7828ECE5DCA0 -- C:\WINREC\system32\msapsspc.dll

< End of report >

Link to post
Share on other sites

OTL logfile created on: 3/7/2010 12:50:22 PM - Run

OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

255.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 31.00% Memory free

215.00 Mb Paging File | 91.00 Mb Available in Paging File | 42.00% Paging File free

Paging file location(s): C:\pagefile.sys 192 192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 9.77 Gb Total Space | 3.33 Gb Free Space | 34.13% Space Free | Partition Type: NTFS

Drive D: | 1005.98 Mb Total Space | 878.50 Mb Free Space | 87.33% Space Free | Partition Type: FAT32

Drive E: | 6.43 Gb Total Space | 1.70 Gb Free Space | 26.49% Space Free | Partition Type: FAT32

Drive F: | 2.93 Gb Total Space | 2.91 Gb Free Space | 99.41% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (RSVP)

SRV - [2009/06/22 06:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqtgsvc.exe -- (MSMQTriggers)

SRV - [2009/06/22 06:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqsvc.exe -- (MSMQ)

SRV - [2007/01/19 06:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\snmp.exe -- (SNMP)

SRV - [2004/08/04 03:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc)

SRV - [2004/08/04 03:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\system32\irmon.dll -- (Irmon)

SRV - [2000/11/30 09:30:40 | 000,057,344 | ---- | M] () [Disabled] -- C:\Windows\system32\ati2evxx.exe -- (Ati HotKey Poller)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)

DRV - [2010/02/17 04:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 04:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 04:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC)

DRV - [2008/06/20 04:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2006/03/16 05:39:10 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wg111v2.sys -- (RTLWUSB)

DRV - [2005/04/01 05:43:02 | 000,066,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\Windows\system32\drivers\EAPPkt.sys -- (EAPPkt)

DRV - [2004/08/04 02:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mpe.sys -- (MPE)

DRV - [2004/08/04 02:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mf.sys -- (mf)

DRV - [2004/08/04 02:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nscirda.sys -- (NSCIRDA)

DRV - [2004/08/04 02:00:52 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ramdisk.sys -- (Ramdisk)

DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nmnt.sys -- (nm)

DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2002/10/02 02:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\system32\drivers\SjyPkt.sys -- (SjyPkt)

DRV - [2002/07/15 21:58:12 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001/09/26 18:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ati2mtaa.sys -- (ati2mtaa)

DRV - [2001/08/18 00:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdspx.sys -- (TDSPX)

DRV - [2001/08/18 00:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdipx.sys -- (TDIPX)

DRV - [2001/08/18 00:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdasync.sys -- (TDASYNC)

DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\modemcsa.sys -- (MODEMCSA)

DRV - [2001/08/17 15:53:26 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\scsiscan.sys -- (scsiscan)

DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irsir.sys -- (irsir)

DRV - [2001/08/17 15:49:58 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2001/08/17 15:49:40 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\system32\drivers\fs_rec.sys -- (Fs_Rec)

DRV - [2001/08/17 15:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstusb.sys -- (STIrUsb)

DRV - [2001/08/17 15:49:04 | 000,024,576 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viairda.sys -- (VIAIRDA)

DRV - [2001/08/17 15:49:04 | 000,023,552 | ---- | M] (MKNet Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irmk7.sys -- (SIERRA) MKNet MK7100-based VFIR (16Mbps)

DRV - [2001/08/17 15:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\alifir.sys -- (ALiIRDA)

DRV - [2001/08/17 15:36:48 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\system32\winsock.dll -- (Winsock)

DRV - [2001/08/17 14:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wbfirdma.sys -- (WBFIRDMA)

DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (NECIRDA)

DRV - [2001/08/17 14:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tos4mo.sys -- (OBOE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/

IE - HKU\Computer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\Computer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 06:16:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 06:16:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/08 13:27:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/04 08:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/12/03 16:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2007/06/11 07:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

[2009/07/16 05:25:53 | 000,001,412 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\demauro.xml

[2009/07/16 05:25:53 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml

[2009/07/16 05:25:53 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml

[2009/07/16 05:25:53 | 000,000,649 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\Computer_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O4 - HKU\Computer_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2007/12/03 15:15:03 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2007/12/03 15:15:05 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2007/12/03 15:15:18 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2007/12/03 15:15:15 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Recent [2007/12/03 15:15:15 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2007/12/03 15:15:03 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\All Users\Application Data [2010/03/04 07:41:27 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\All Users\Desktop [2010/03/04 09:21:58 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users\Documents [2007/12/03 16:11:55 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users\DRM [2007/12/03 15:00:16 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\All Users\Favorites [2008/02/20 14:31:01 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat ()

O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2007/12/03 15:51:46 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Application Data [2010/03/04 21:30:43 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Desktop [2010/03/04 21:30:52 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Documents [2010/03/04 20:53:34 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\DRM [2010/03/04 20:57:51 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Start Menu [2010/03/04 21:04:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Templates [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\.gimp-2.4 [2009/06/25 16:15:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\.gtk-bookmarks ()

O4 - Startup: C:\Documents and Settings\Computer\.recently-used.xbel ()

O4 - Startup: C:\Documents and Settings\Computer\.thumbnails [2007/12/20 15:48:15 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Application Data [2010/03/06 17:18:49 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Contacts [2008/03/01 05:46:41 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Cookies [2010/03/04 08:58:50 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\Computer\Desktop [2010/03/04 09:25:31 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Favorites [2008/11/03 09:16:41 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Computer\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\NetHood [2008/01/23 05:13:42 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Computer\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Computer\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\Computer\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Recent [2010/03/04 07:19:45 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\SendTo [2007/12/03 16:50:45 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Computer\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\UserData [2007/12/03 15:58:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\Default User\Application Data [2007/12/03 14:53:06 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Cookies [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\Favorites [2007/12/03 14:53:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2007/12/03 14:53:06 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\My Documents [2007/12/03 14:53:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Default User\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Recent [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\SendTo [2007/12/03 15:00:01 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Default User\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Application Data [2010/03/04 12:27:19 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Local Settings [2010/03/04 12:27:19 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\My Documents [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Default User.WINREC\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Recent [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\SendTo [2010/03/04 20:55:55 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2007/12/03 15:44:30 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2007/12/03 15:04:30 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data [2010/03/04 21:06:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies [2010/03/04 21:06:29 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings [2010/03/04 21:06:27 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Recent [2010/03/05 18:09:01 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2007/12/03 15:45:00 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2007/12/03 15:04:29 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data [2010/03/04 21:05:47 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings [2010/03/04 21:05:48 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Recent [2010/03/05 18:33:25 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Application Data [2010/03/04 21:30:55 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\roger\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\roger\Favorites [2010/03/04 21:10:49 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\Local Settings [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\My Documents [2010/03/04 21:10:47 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\roger\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\roger\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\roger\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\Recent [2010/03/05 18:44:09 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\SendTo [2010/03/04 21:10:33 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\rsvpsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\rsvpsp.dll File not found

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 12:48:23 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft

[2010/03/07 12:46:21 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies

[2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent

[2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures

[2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music

[2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents

[2010/03/07 12:46:21 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop

[2010/03/07 12:46:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data

[2010/03/06 17:18:48 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/03/05 18:23:19 | 000,000,000 | ---D | C] -- C:\ps

[2010/03/05 15:22:28 | 000,000,000 | ---D | C] -- D:\ps

[2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox

[2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2010/03/04 20:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services

[2010/03/04 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap

[2010/03/04 20:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting

[2010/03/04 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express

[2010/03/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone

[2010/03/04 20:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN

[2010/03/04 18:15:42 | 007,071,296 | ---- | C] (Macrovision Corporation) -- D:\Setup.exe

[2010/03/04 15:35:30 | 000,000,000 | ---D | C] -- D:\lspfix

[2010/03/04 13:37:48 | 004,492,328 | ---- | C] (Malwarebytes Corporation ) -- D:\mbam-rules.exe

[2010/03/04 13:37:46 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- D:\mbam-setup.exe

[2010/03/04 13:25:41 | 000,000,000 | RHSD | C] -- D:\RECYCLER

[2010/03/04 13:24:36 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\SASDEFINITIONS.EXE

[2010/03/04 12:14:07 | 000,000,000 | ---D | C] -- C:\WINREC

[2010/03/04 09:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/03/04 08:48:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe

[2010/03/04 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\Malwarebytes

[2010/03/04 07:41:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/03/04 07:41:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/03/04 07:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/04 07:25:59 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE

[2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\SUPERAntiSpyware.com

[2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/03/04 06:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/03/04 06:33:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/03/04 06:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/04 06:26:25 | 000,000,000 | ---D | C] -- C:\SDFix

[2010/03/04 05:58:46 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys

[2010/03/04 05:58:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hid.dll

[2010/03/04 05:58:31 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys

[2010/02/27 17:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2010/03/07 15:37:31 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/07 12:49:23 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk

[2010/03/07 01:43:59 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/03/04 20:49:17 | 000,000,304 | -HS- | M] () -- C:\boot.bak

[2010/03/04 15:19:58 | 031,424,312 | ---- | M] () -- D:\vpsupd.exe

[2010/03/04 15:15:20 | 044,696,968 | ---- | M] () -- D:\setup_av_free.exe

[2010/03/04 13:37:34 | 004,492,328 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-rules.exe

[2010/03/04 13:37:06 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-setup.exe

[2010/03/04 13:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\SASDEFINITIONS.EXE

[2010/03/04 12:54:26 | 003,327,000 | ---- | M] () -- D:\WindowsXP-KB942288-v3-x86.exe

[2010/03/04 12:22:10 | 007,757,856 | ---- | M] () -- D:\SUPERAntiSpyware.exe

[2010/03/04 12:20:24 | 001,529,241 | ---- | M] () -- D:\SDFix.exe

[2010/03/04 12:20:02 | 004,119,394 | ---- | M] () -- D:\ComboFix.exe

[2010/03/04 09:37:55 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/03/04 09:37:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Computer\ntuser.ini

[2010/03/04 09:37:48 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Computer\NTUSER.DAT

[2010/03/04 09:37:45 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\IconCache.db

[2010/03/04 09:25:32 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk

[2010/03/04 09:12:33 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/03/04 09:11:52 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini

[2010/03/04 09:11:52 | 000,000,012 | ---- | M] () -- C:\Windows\system.ini

[2010/03/04 08:55:49 | 004,119,394 | R--- | M] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe

[2010/03/04 08:50:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe

[2010/03/04 08:33:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/04 07:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE

[2010/03/04 05:55:20 | 000,002,184 | ---- | M] () -- C:\Windows\System32\wpa.dbl

[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk

[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk

[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk

[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk

[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk

[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk

[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk

[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk

[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk

[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk

[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk

[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk

[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk

[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk

[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk

[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk

[2010/02/22 14:38:53 | 000,051,867 | -H-- | M] () -- C:\Documents and Settings\Computer\Desktop\ZbThumbnail.info

========== Files Created - No Company Name ==========

[2010/03/07 12:46:22 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk

[2010/03/07 12:46:22 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk

[2010/03/07 12:46:22 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk

[2010/03/07 12:46:22 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk

[2010/03/07 12:46:22 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk

[2010/03/07 12:46:22 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk

[2010/03/07 12:46:22 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk

[2010/03/07 12:46:22 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk

[2010/03/07 12:46:22 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk

[2010/03/07 12:46:22 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk

[2010/03/07 12:46:22 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk

[2010/03/07 12:46:21 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk

[2010/03/07 12:46:21 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk

[2010/03/07 12:46:21 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk

[2010/03/07 12:46:21 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk

[2010/03/07 12:46:21 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk

[2010/03/07 12:46:21 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk

[2010/03/04 21:10:23 | 267,968,512 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2010/03/04 15:19:08 | 044,696,968 | ---- | C] () -- D:\setup_av_free.exe

[2010/03/04 12:54:58 | 003,327,000 | ---- | C] () -- D:\WindowsXP-KB942288-v3-x86.exe

[2010/03/04 12:23:42 | 001,529,241 | ---- | C] () -- D:\SDFix.exe

[2010/03/04 12:23:41 | 004,119,394 | ---- | C] () -- D:\ComboFix.exe

[2010/03/04 09:25:31 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk

[2010/03/04 08:55:49 | 004,119,394 | R--- | C] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe

[2008/12/10 17:49:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/01/29 12:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI

[2008/01/26 06:04:47 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini

[2008/01/26 05:49:17 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI

[2008/01/26 05:49:16 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI

[2007/12/16 10:23:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll

[2007/12/03 16:06:50 | 000,558,592 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2007/12/03 16:06:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2007/12/03 16:06:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2007/12/03 16:06:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2007/12/03 16:06:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2007/12/03 16:06:43 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2007/12/03 15:54:04 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/12/03 15:48:42 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL

[2007/12/03 15:32:49 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll

[2007/12/03 15:32:49 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll

[2006/04/29 00:25:15 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll

[2001/09/26 17:23:00 | 000,032,592 | ---- | C] () -- C:\Windows\System32\drivers\atinxsxx.sys

[2001/09/26 17:22:48 | 000,020,960 | ---- | C] () -- C:\Windows\System32\drivers\atinttxx.sys

[2001/09/26 17:22:40 | 000,011,760 | ---- | C] () -- C:\Windows\System32\drivers\atinpdxx.sys

[2001/09/26 17:22:34 | 000,011,280 | ---- | C] () -- C:\Windows\System32\drivers\atinmdxx.sys

[2001/09/26 17:22:28 | 000,032,848 | ---- | C] () -- C:\Windows\System32\drivers\atinraxx.sys

[2001/09/26 17:22:04 | 000,060,464 | ---- | C] () -- C:\Windows\System32\drivers\atinbtxx.sys

[2001/09/26 17:21:00 | 000,065,104 | ---- | C] () -- C:\Windows\System32\drivers\atinrvxx.sys

[2001/09/26 17:20:06 | 000,032,336 | ---- | C] () -- C:\Windows\System32\drivers\atintuxx.sys

========== LOP Check ==========

[2008/02/03 11:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\gtk-2.0

[2007/12/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Thunderbird

[2009/08/21 05:18:29 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Will do although I fear there are not many. When I was trying to initially remove the virus I went into system restore and there was only the current day available, from where I'd installed Malwarebytes...

OTL logfile created on: 3/7/2010 4:30:20 PM - Run

OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

255.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 32.00% Memory free

215.00 Mb Paging File | 92.00 Mb Available in Paging File | 43.00% Paging File free

Paging file location(s): C:\pagefile.sys 192 192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 9.77 Gb Total Space | 3.33 Gb Free Space | 34.14% Space Free | Partition Type: NTFS

Drive D: | 6.43 Gb Total Space | 1.70 Gb Free Space | 26.49% Space Free | Partition Type: FAT32

Drive E: | 2.93 Gb Total Space | 2.91 Gb Free Space | 99.41% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (RSVP)

SRV - [2009/06/22 06:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqtgsvc.exe -- (MSMQTriggers)

SRV - [2009/06/22 06:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\mqsvc.exe -- (MSMQ)

SRV - [2007/01/19 06:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\system32\snmp.exe -- (SNMP)

SRV - [2004/08/04 03:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc)

SRV - [2004/08/04 03:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\system32\irmon.dll -- (Irmon)

SRV - [2000/11/30 09:30:40 | 000,057,344 | ---- | M] () [Disabled] -- C:\Windows\system32\ati2evxx.exe -- (Ati HotKey Poller)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)

DRV - [2010/02/17 04:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 04:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 04:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC)

DRV - [2008/06/20 04:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2006/03/16 05:39:10 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wg111v2.sys -- (RTLWUSB)

DRV - [2005/04/01 05:43:02 | 000,066,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\Windows\system32\drivers\EAPPkt.sys -- (EAPPkt)

DRV - [2004/08/04 02:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mpe.sys -- (MPE)

DRV - [2004/08/04 02:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mf.sys -- (mf)

DRV - [2004/08/04 02:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nscirda.sys -- (NSCIRDA)

DRV - [2004/08/04 02:00:52 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ramdisk.sys -- (Ramdisk)

DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nmnt.sys -- (nm)

DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2002/10/02 02:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\Windows\system32\drivers\SjyPkt.sys -- (SjyPkt)

DRV - [2002/07/15 21:58:12 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001/09/26 18:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ati2mtaa.sys -- (ati2mtaa)

DRV - [2001/08/18 00:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdspx.sys -- (TDSPX)

DRV - [2001/08/18 00:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdipx.sys -- (TDIPX)

DRV - [2001/08/18 00:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tdasync.sys -- (TDASYNC)

DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\modemcsa.sys -- (MODEMCSA)

DRV - [2001/08/17 15:53:26 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\scsiscan.sys -- (scsiscan)

DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irsir.sys -- (irsir)

DRV - [2001/08/17 15:49:58 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2001/08/17 15:49:40 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\system32\drivers\fs_rec.sys -- (Fs_Rec)

DRV - [2001/08/17 15:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstusb.sys -- (STIrUsb)

DRV - [2001/08/17 15:49:04 | 000,024,576 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viairda.sys -- (VIAIRDA)

DRV - [2001/08/17 15:49:04 | 000,023,552 | ---- | M] (MKNet Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irmk7.sys -- (SIERRA) MKNet MK7100-based VFIR (16Mbps)

DRV - [2001/08/17 15:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\alifir.sys -- (ALiIRDA)

DRV - [2001/08/17 15:36:48 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\system32\winsock.dll -- (Winsock)

DRV - [2001/08/17 14:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\wbfirdma.sys -- (WBFIRDMA)

DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (NECIRDA)

DRV - [2001/08/17 14:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tos4mo.sys -- (OBOE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKU\Computer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/

IE - HKU\Computer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\Computer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 06:16:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 06:16:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/08 13:27:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/04 08:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/12/03 16:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2007/06/11 07:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

[2009/07/16 05:25:53 | 000,001,412 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\demauro.xml

[2009/07/16 05:25:53 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml

[2009/07/16 05:25:53 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml

[2009/07/16 05:25:53 | 000,000,649 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\Computer_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O4 - HKU\Computer_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2007/12/03 15:15:03 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2007/12/03 15:15:05 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2007/12/03 15:15:18 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2007/12/03 15:15:15 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Recent [2007/12/03 15:15:15 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2007/12/03 15:15:03 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Administrator\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\All Users\Application Data [2010/03/04 07:41:27 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\All Users\Desktop [2010/03/04 09:21:58 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users\Documents [2007/12/03 16:11:55 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users\DRM [2007/12/03 15:00:16 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\All Users\Favorites [2008/02/20 14:31:01 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat ()

O4 - Startup: C:\Documents and Settings\All Users\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2007/12/03 15:51:46 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Application Data [2010/03/04 21:30:43 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Desktop [2010/03/04 21:30:52 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Documents [2010/03/04 20:53:34 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\DRM [2010/03/04 20:57:51 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Start Menu [2010/03/04 21:04:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\All Users.WINREC\Templates [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\.gimp-2.4 [2009/06/25 16:15:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\.gtk-bookmarks ()

O4 - Startup: C:\Documents and Settings\Computer\.recently-used.xbel ()

O4 - Startup: C:\Documents and Settings\Computer\.thumbnails [2007/12/20 15:48:15 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Application Data [2010/03/06 17:18:49 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Contacts [2008/03/01 05:46:41 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Cookies [2010/03/04 08:58:50 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\Computer\Desktop [2010/03/04 09:25:31 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Computer\Favorites [2008/11/03 09:16:41 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Computer\Local Settings [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\NetHood [2008/01/23 05:13:42 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Computer\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Computer\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\Computer\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Recent [2010/03/04 07:19:45 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\SendTo [2007/12/03 16:50:45 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Computer\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Computer\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Computer\UserData [2007/12/03 15:58:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\Default User\Application Data [2007/12/03 14:53:06 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Cookies [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Desktop [2009/08/21 04:07:43 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\Favorites [2007/12/03 14:53:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2007/12/03 14:53:06 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\My Documents [2007/12/03 14:53:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User\NetHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Default User\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Recent [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User\SendTo [2007/12/03 15:00:01 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2007/12/03 14:53:06 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Default User\Templates [2007/12/03 14:53:06 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Application Data [2010/03/04 12:27:19 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Favorites [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Local Settings [2010/03/04 12:27:19 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\My Documents [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\Default User.WINREC\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Recent [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\SendTo [2010/03/04 20:55:55 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\Default User.WINREC\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2007/12/03 15:44:30 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2007/12/03 15:04:30 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data [2010/03/04 21:06:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies [2010/03/04 21:06:29 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings [2010/03/04 21:06:27 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\LocalService.NT AUTHORITY\Recent [2010/03/05 18:09:01 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2009/08/21 04:07:23 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2007/12/03 15:45:00 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2007/12/03 15:04:29 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data [2010/03/04 21:05:47 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings [2010/03/04 21:05:48 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\NetworkService.NT AUTHORITY\Recent [2010/03/05 18:33:25 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Application Data [2010/03/04 21:30:55 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Cookies [2010/03/04 21:04:35 | 000,000,000 | --SD | M]

O4 - Startup: C:\Documents and Settings\roger\Desktop [2010/03/04 12:27:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Documents and Settings\roger\Favorites [2010/03/04 21:10:49 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\Local Settings [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\My Documents [2010/03/04 21:10:47 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\NetHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\NTUSER.DAT ()

O4 - Startup: C:\Documents and Settings\roger\ntuser.dat.LOG ()

O4 - Startup: C:\Documents and Settings\roger\ntuser.ini ()

O4 - Startup: C:\Documents and Settings\roger\PrintHood [2010/03/04 12:27:19 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\roger\Recent [2010/03/05 18:44:09 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\SendTo [2010/03/04 21:10:33 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Documents and Settings\roger\Start Menu [2010/03/04 12:27:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Documents and Settings\roger\Templates [2010/03/04 20:51:28 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\Computer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\rsvpsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\rsvpsp.dll File not found

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/04 20:58:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 16:28:21 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft

[2010/03/07 16:26:16 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp

[2010/03/07 16:26:15 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies

[2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent

[2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures

[2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music

[2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents

[2010/03/07 16:26:15 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop

[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data

[2010/03/06 17:18:48 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/03/05 18:23:19 | 000,000,000 | ---D | C] -- C:\ps

[2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox

[2010/03/04 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2010/03/04 20:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services

[2010/03/04 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap

[2010/03/04 20:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting

[2010/03/04 20:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express

[2010/03/04 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone

[2010/03/04 20:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN

[2010/03/04 18:10:43 | 000,000,000 | -HSD | C] -- D:\System Volume Information

[2010/03/04 12:14:07 | 000,000,000 | ---D | C] -- C:\WINREC

[2010/03/04 09:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/03/04 08:48:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe

[2010/03/04 07:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\Malwarebytes

[2010/03/04 07:41:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/03/04 07:41:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/03/04 07:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/04 07:25:59 | 005,073,085 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE

[2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Application Data\SUPERAntiSpyware.com

[2010/03/04 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/03/04 06:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/03/04 06:33:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/03/04 06:31:22 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/04 06:26:25 | 000,000,000 | ---D | C] -- C:\SDFix

[2010/03/04 05:58:46 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys

[2010/03/04 05:58:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hid.dll

[2010/03/04 05:58:31 | 000,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys

[2010/02/27 17:11:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/07 16:29:01 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk

[2010/03/07 15:37:31 | 267,968,512 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/07 12:54:39 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/03/04 20:58:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/03/04 20:49:17 | 000,000,304 | -HS- | M] () -- C:\boot.bak

[2010/03/04 09:37:55 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/03/04 09:37:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Computer\ntuser.ini

[2010/03/04 09:37:48 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Computer\NTUSER.DAT

[2010/03/04 09:37:45 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\IconCache.db

[2010/03/04 09:25:32 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk

[2010/03/04 09:12:33 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/03/04 09:11:52 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini

[2010/03/04 09:11:52 | 000,000,012 | ---- | M] () -- C:\Windows\system.ini

[2010/03/04 08:55:49 | 004,119,394 | R--- | M] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe

[2010/03/04 08:50:00 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Computer\Desktop\HJTInstall.exe

[2010/03/04 08:33:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/04 07:24:24 | 005,073,085 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer\Desktop\SASDEFINITIONS.EXE

[2010/03/04 05:55:20 | 000,002,184 | ---- | M] () -- C:\Windows\System32\wpa.dbl

[2010/03/01 23:47:36 | 000,131,072 | ---- | M] () -- D:\doc1.doc

[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk

[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk

[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk

[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk

[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk

[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk

[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk

[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk

[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk

[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk

[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk

[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk

[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk

[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk

[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk

[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk

[2010/02/22 14:38:53 | 000,051,867 | -H-- | M] () -- C:\Documents and Settings\Computer\Desktop\ZbThumbnail.info

[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 16:26:16 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk

[2010/03/07 16:26:16 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk

[2010/03/07 16:26:16 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk

[2010/03/07 16:26:16 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk

[2010/03/07 16:26:16 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk

[2010/03/07 16:26:16 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk

[2010/03/07 16:26:16 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk

[2010/03/07 16:26:16 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk

[2010/03/07 16:26:16 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk

[2010/03/07 16:26:16 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk

[2010/03/07 16:26:16 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk

[2010/03/07 16:26:16 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk

[2010/03/07 16:26:16 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk

[2010/03/07 16:26:16 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk

[2010/03/07 16:26:16 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk

[2010/03/07 16:26:16 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk

[2010/03/07 16:26:16 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk

[2010/03/04 21:10:23 | 267,968,512 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2010/03/04 20:58:10 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2010/03/04 09:25:31 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Computer\Desktop\HijackThis.lnk

[2010/03/04 08:55:49 | 004,119,394 | R--- | C] () -- C:\Documents and Settings\Computer\Desktop\Combo0Fix0.exe

[2010/03/01 23:47:33 | 000,131,072 | ---- | C] () -- D:\doc1.doc

[2008/12/10 17:49:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/01/29 12:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI

[2008/01/26 06:04:47 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini

[2008/01/26 05:49:17 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI

[2008/01/26 05:49:16 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI

[2007/12/16 10:23:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll

[2007/12/03 16:06:50 | 000,558,592 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2007/12/03 16:06:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2007/12/03 16:06:49 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2007/12/03 16:06:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2007/12/03 16:06:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2007/12/03 16:06:43 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2007/12/03 15:54:04 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/12/03 15:48:42 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL

[2007/12/03 15:32:49 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll

[2007/12/03 15:32:49 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll

[2006/04/29 00:25:15 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll

[2001/09/26 17:23:00 | 000,032,592 | ---- | C] () -- C:\Windows\System32\drivers\atinxsxx.sys

[2001/09/26 17:22:48 | 000,020,960 | ---- | C] () -- C:\Windows\System32\drivers\atinttxx.sys

[2001/09/26 17:22:40 | 000,011,760 | ---- | C] () -- C:\Windows\System32\drivers\atinpdxx.sys

[2001/09/26 17:22:34 | 000,011,280 | ---- | C] () -- C:\Windows\System32\drivers\atinmdxx.sys

[2001/09/26 17:22:28 | 000,032,848 | ---- | C] () -- C:\Windows\System32\drivers\atinraxx.sys

[2001/09/26 17:22:04 | 000,060,464 | ---- | C] () -- C:\Windows\System32\drivers\atinbtxx.sys

[2001/09/26 17:21:00 | 000,065,104 | ---- | C] () -- C:\Windows\System32\drivers\atinrvxx.sys

[2001/09/26 17:20:06 | 000,032,336 | ---- | C] () -- C:\Windows\System32\drivers\atintuxx.sys

========== LOP Check ==========

[2008/02/03 11:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\gtk-2.0

[2007/12/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer\Application Data\Thunderbird

[2009/08/21 05:18:29 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

========== Restore Points Found ==========

[2010/03/04 21:27:19 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{2A639955-6513-40E1-BCEF-6F9B8DAE4E44}\RP4\snapshot

[2010/03/04 21:26:20 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{2A639955-6513-40E1-BCEF-6F9B8DAE4E44}\RP3\snapshot

[2010/03/04 21:16:42 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{2A639955-6513-40E1-BCEF-6F9B8DAE4E44}\RP2\snapshot

[2010/03/04 21:10:59 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{2A639955-6513-40E1-BCEF-6F9B8DAE4E44}\RP1\snapshot

[2010/03/04 07:25:31 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{67C5AD4E-1724-45A1-8D88-323119CBC85D}\RP4\snapshot

[2010/03/04 07:21:13 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{67C5AD4E-1724-45A1-8D88-323119CBC85D}\RP3\snapshot

[2010/03/04 07:04:39 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{67C5AD4E-1724-45A1-8D88-323119CBC85D}\RP2\snapshot

[2010/03/04 07:02:42 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{67C5AD4E-1724-45A1-8D88-323119CBC85D}\RP1\snapshot

< End of report >

Link to post
Share on other sites

Well lets hope you are right about that.... This is about the only thing we can still try.

Please run the following fix:

:restorepoint
[2010/03/04 07:02:42 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{67C5AD4E-1724-45A1-8D88-323119CBC85D}\RP1\snapshot

after running this fix, you will need to reboot normally in windows, otherwise the system restore will not be completed. It is possible the first reboot will crash, so please try it a few times.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.