Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MS REMOVAL TOOL VIRUS


  • This topic is locked This topic is locked

#1
mrmatt

mrmatt

    Member

  • Member
  • PipPip
  • 21 posts
Hi,

I have the MS removal tool virus,( at least it does identify itself!!!!!! :) )

I have a home-built computer, XP OS,service pak 3
MotherBoard ECS Elitegroup A790GXM-AD3

I cannot run any program in normal mode, not rkill, not MBAM - nothing. The virus shuts them down immediately.

I cannot connect to the internet via firefox, opera or IE, although under tools-internet connection -etc - all seems fine, for IE there proxy connection is not checked. however, not sure what else has to be there for it to connect. As far as I can tell, all the browsers seem to have ok connections, but none will connect.

I am able to get into safe mode (& networking - here I cannot get to the internet either), when I do rkill here it does not identify it has stopped anything. My MBAM update is only a few days old, so that should be good. I run it, and it completes the scan and finds the nasties. However when told to clean up it will begin to quarantine, then stops. Most of the time the computer screen will then turn black and i have to restart.

The nasties as MBAM shows are: Trojan Dropper, Rogue removal tool (registry) and
Rogue removal tool (file)
I was able to create a MBAM file which is attached. That is all the information I can generate right now.

Hope you can help

Thanks!
Matt

Edited by mrmatt, 23 May 2011 - 05:35 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run this programme from safe mode please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
mrmatt

mrmatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thank you so much for helping Essex..

here are the logs you requested ..........


OTL logfile created on: 5/30/2011 8:32:56 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Sacher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.91 Gb Available Physical Memory | 89.58% Memory free
5.09 Gb Paging File | 4.91 Gb Available in Paging File | 96.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 53.28 Gb Free Space | 35.75% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 44.68 Gb Free Space | 59.95% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.84% Space Free | Partition Type: FAT32

Computer Name: ANNAANDDAD | User Name: Sacher | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 20:20:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTL.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 20:20:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/01 20:20:12 | 002,109,440 | ---- | M] (ContentWatch, Inc.) [Auto | Stopped] -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 22:47:49 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/04/06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Stopped] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/01/18 20:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/08/11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2003/03/09 00:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/23 18:19:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{970F119C-4494-4B82-86CC-388DBFCB71B0}\MpKsl92f5a4d6.sys -- (MpKsl92f5a4d6)
DRV - [2011/05/22 21:22:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{970F119C-4494-4B82-86CC-388DBFCB71B0}\MpKsl023f80d9.sys -- (MpKsl023f80d9)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/19 06:35:20 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/06 19:25:26 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/28 10:58:25 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/28 10:58:25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/28 03:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/01/14 03:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/26 05:27:26 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/31 14:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/30 07:02:24 | 000,079,448 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/04/14 08:00:00 | 000,025,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonydcam.sys -- (sonydcam)
DRV - [2007/10/11 21:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2006/11/14 23:32:08 | 000,066,736 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680.sys -- (Pnp680)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] ([email protected]) [Kernel | System | Stopped] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msnmember.msn.com/
IE - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 7C 9F 0C 52 17 CC 01 [binary data]
IE - HKU\S-1-5-21-1482476501-261903793-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-261903793-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {50DD596B-6884-4EF4-A92F-6FA01DDAA72B}:1.9.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{50DD596B-6884-4EF4-A92F-6FA01DDAA72B}: C:\Documents and Settings\Sacher\Local Settings\Application Data\{50DD596B-6884-4EF4-A92F-6FA01DDAA72B}\ [2011/04/29 21:32:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 12:29:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 12:29:04 | 000,000,000 | ---D | M]

[2009/10/13 08:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Extensions
[2011/05/13 08:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\extensions
[2011/05/02 18:24:20 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/10 16:12:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 06:28:29 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/10/17 20:57:28 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\searchplugins\askcom.xml
[2011/05/08 09:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 16:38:15 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/04/29 21:32:35 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SACHER\LOCAL SETTINGS\APPLICATION DATA\{50DD596B-6884-4EF4-A92F-6FA01DDAA72B}
[2009/10/23 07:18:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/08 12:28:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/07/31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2011/05/08 12:28:52 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/20 22:29:47 | 000,433,811 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14956 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1482476501-261903793-682003330-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1482476501-261903793-682003330-1004..\Run: [AMP WinOFF] c:\program files\amp winoff\winoff.exe (Alberto Martínez Pérez)
O4 - HKU\S-1-5-21-1482476501-261903793-682003330-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1482476501-261903793-682003330-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1482476501-261903793-682003330-1004..\RunOnce: [bI06511MfOlP06511] C:\Documents and Settings\All Users\Application Data\bI06511MfOlP06511\bI06511MfOlP06511.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Sacher\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-261903793-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/04 09:59:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/09 19:11:06 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 20:27:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTL.exe
[2011/05/23 18:21:14 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTH.scr
[2011/05/22 15:23:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sacher\IECompatCache
[2011/05/22 14:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bI06511MfOlP06511
[2011/01/27 20:22:19 | 004,750,496 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe
[2009/11/29 21:56:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sacher\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 20:25:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/30 20:25:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/30 20:20:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/30 20:20:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTL.exe
[2011/05/30 20:20:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 06:18:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 06:18:39 | 000,079,008 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/05/23 18:12:02 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTH.scr
[2011/05/23 18:11:30 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Sacher\Desktop\rkill.scr
[2011/05/23 18:10:34 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Sacher\Desktop\rkill.com
[2011/05/22 15:30:09 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/22 14:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 22:29:47 | 000,433,811 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/20 22:26:41 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Sacher\Desktop\Spybot - Search & Destroy.lnk
[2011/05/20 12:04:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 21:19:46 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2011/05/18 19:26:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/16 20:13:29 | 000,102,228 | ---- | M] () -- C:\Documents and Settings\Sacher\Desktop\heater circle wire.JPG
[2011/05/15 17:28:43 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\Sacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/09 14:51:27 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/08 21:32:48 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 18:22:54 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Sacher\Desktop\rkill.com
[2011/05/22 15:30:09 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/05/20 22:26:41 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Sacher\Desktop\Spybot - Search & Destroy.lnk
[2011/05/16 20:13:29 | 000,102,228 | ---- | C] () -- C:\Documents and Settings\Sacher\Desktop\heater circle wire.JPG
[2011/05/08 12:29:07 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/29 21:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Trixatewisucej.bin
[2011/04/12 19:37:15 | 000,013,852 | -HS- | C] () -- C:\Documents and Settings\Sacher\Local Settings\Application Data\1133866781
[2011/04/12 19:37:15 | 000,013,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1133866781
[2011/04/12 19:12:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/12 19:03:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hsowej.dat
[2011/02/21 20:05:46 | 000,020,724 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2011/02/21 20:05:46 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2011/01/02 14:59:46 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2011/01/02 14:59:43 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/11/29 21:53:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/10 16:39:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/09 00:48:09 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/10/18 07:27:33 | 000,289,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/10/16 20:32:59 | 000,975,872 | ---- | C] () -- C:\WINDOWS\System32\libxml2_CW.dll
[2010/10/16 20:32:59 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2010/10/16 20:32:57 | 002,916,352 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_core_vc_CW.dll
[2010/10/16 20:32:57 | 001,236,992 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_vc_CW.dll
[2010/10/16 20:32:57 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\wxcode_msw28u_wxcurl_CW.dll
[2010/10/16 20:32:57 | 000,716,800 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_adv_vc_CW.dll
[2010/10/16 20:32:57 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_xrc_vc_CW.dll
[2010/10/16 20:32:57 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_html_vc_CW.dll
[2010/10/16 20:32:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_xml_vc_CW.dll
[2010/10/16 20:32:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_net_vc_CW.dll
[2010/10/16 20:32:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_media_vc_CW.dll
[2010/10/16 20:32:57 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\wxcode_msw28u_wxjson_CW.dll
[2010/10/02 20:27:07 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/08/24 17:24:18 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wsodsini.dll
[2010/08/24 17:23:40 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2010/01/08 19:35:02 | 000,000,383 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/03 17:37:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/01/03 17:37:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/01/03 17:37:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/01/03 17:37:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/01/03 17:37:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/01/03 17:37:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/12/06 20:16:08 | 000,002,455 | ---- | C] () -- C:\WINDOWS\Infoa.dat
[2009/12/06 20:16:08 | 000,000,592 | ---- | C] () -- C:\WINDOWS\Infob.dat
[2009/11/29 22:18:17 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2009/11/29 21:56:02 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sacher\Application Data\pcouffin.cat
[2009/11/29 21:56:02 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sacher\Application Data\pcouffin.inf
[2009/11/08 10:33:21 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\Sacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/22 19:39:13 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/10/18 10:16:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\microday08.dll
[2009/10/18 10:16:15 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\mypath0079.dll
[2009/10/18 10:16:15 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\MTX0CI.dll
[2009/10/13 08:45:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/13 08:07:50 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/10/12 08:45:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/07 09:06:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/06 09:44:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/10/06 09:39:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/06 09:39:39 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/10/06 09:39:38 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/10/06 09:39:38 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/10/06 09:39:37 | 000,180,720 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/05 05:47:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/05 05:45:16 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/04 10:01:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 09:56:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/21 13:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 13:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/03 18:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 17:58:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2007/01/03 17:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL
[2000/12/12 20:56:50 | 000,016,384 | ---- | C] () -- C:\WINDOWS\WinBait.exe
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/11/27 23:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/05/22 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bI06511MfOlP06511
[2010/12/05 11:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2010/10/16 20:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ContentWatch
[2011/03/05 19:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBhCcCn06511
[2010/01/26 16:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/03/26 21:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/01/03 17:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/04/25 21:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/05/21 09:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2010/11/16 20:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/07/15 12:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/05/17 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2011/02/22 19:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/02/06 11:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/05/20 22:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/03 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/12/16 21:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
[2011/02/22 19:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/07/31 20:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/08 22:45:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/12/13 21:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\.BitTornado
[2011/01/02 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\AnvSoft
[2011/04/24 20:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\B89F2C420AEE10AB237D43F98C3B019A
[2010/12/05 11:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\BSD
[2010/01/06 20:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\DarkRadiant
[2010/01/26 22:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\EmailNotifier
[2011/01/12 19:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\FreeBurner
[2010/06/18 14:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\GARMIN
[2010/05/17 19:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\GetRightToGo
[2010/01/04 19:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\gtk-2.0
[2011/04/25 21:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\IObit
[2011/02/07 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\MP42MPEG
[2011/05/15 20:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\MP42WMV
[2010/01/26 16:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\ooVoo Details
[2010/07/31 19:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\oovootb
[2010/02/26 15:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\Opera
[2011/01/03 15:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\Search Settings
[2011/01/27 20:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\TeamViewer
[2010/01/03 17:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\Ulead Systems
[2011/03/23 21:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\uTorrent
[2010/01/07 20:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\Vso
[2010/10/17 15:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\WebcamMax
[2010/02/14 10:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\WinPatrol
[2011/05/18 19:26:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/04/24 19:14:03 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1298333659.job
[2010/01/16 20:13:17 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\Wise Disk Cleaner 4.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX10\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX11\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX3\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX4\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX5\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX6\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX7\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX8\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX9\procs\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX10\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX11\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX3\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX4\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX5\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX6\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX7\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX8\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX9\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX11\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX6\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX7\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX8\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX9\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX11\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX6\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX7\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX8\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX9\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/08 12:28:53 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/08 12:28:53 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/08 12:28:53 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/08 12:28:48 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/08 12:28:48 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/08 12:28:48 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN.EXE" [2010/07/26 08:49:56 | 000,102,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/04/23 20:48:25 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/04/23 20:48:25 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/04/23 20:48:25 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/04/23 20:48:25 | 000,941,936 | ---- | M] (Opera Software)

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5CE2502D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >












OTL Extras logfile created on: 5/30/2011 8:32:56 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Sacher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.91 Gb Available Physical Memory | 89.58% Memory free
5.09 Gb Paging File | 4.91 Gb Available in Paging File | 96.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 53.28 Gb Free Space | 35.75% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 44.68 Gb Free Space | 59.95% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.84% Space Free | Partition Type: FAT32

Computer Name: ANNAANDDAD | User Name: Sacher | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37678:TCP" = 37678:TCP:*:Disabled:ooVoo TCP port 37678
"37678:UDP" = 37678:UDP:*:Disabled:ooVoo UDP port 37678
"37679:UDP" = 37679:UDP:*:Disabled:ooVoo UDP port 37679
"37681:TCP" = 37681:TCP:*:Disabled:ooVoo TCP port 37681
"37681:UDP" = 37681:UDP:*:Disabled:ooVoo UDP port 37681
"37680:UDP" = 37680:UDP:*:Disabled:ooVoo UDP port 37680

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe" = C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- (Gabest)
"C:\Documents and Settings\Sacher\Desktop\MATTS\YOUTUBE DOWNLOADS\utorrent.exe" = C:\Documents and Settings\Sacher\Desktop\MATTS\YOUTUBE DOWNLOADS\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{045ECA18-1DB2-64C8-2279-F73A8DCE3B5E}" = CCC Help Hungarian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B1F138F-F085-22C6-6A38-3DBFB785B14B}" = Catalyst Control Center Graphics Full New
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{17302AA8-090C-40F4-A501-52F62CD0316B}_is1" = Mp4 to Mpeg Converter 1.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2481EC4A-B95E-6B1F-9240-EC3C7A72CF6F}" = Skins
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{26C3A7CB-30DC-798B-21CC-63BDF56F0657}" = CCC Help Chinese Traditional
"{28240E4E-E367-7844-846E-4E8427B53211}" = CCC Help Spanish
"{2A1BC0F0-110B-EDD7-4C3D-0864DEF60677}" = CCC Help Turkish
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C637334-FE5D-E488-4F11-BF9EFD6ADAA9}" = CCC Help English
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{41BCC278-007E-993C-61DC-25B86926F45E}" = CCC Help Finnish
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{433AA25B-442D-D97B-6492-71D2747355DB}" = ccc-utility
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4644EC10-EFE8-0235-41CC-C48491CF83E3}" = CCC Help Greek
"{4655D394-1F7C-F51A-70BC-0561FF71E9D7}" = CCC Help Norwegian
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4BE9562E-A31B-A5FF-5DF9-A69F9CB74746}" = CCC Help Japanese
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{5D1EA3CE-3356-2EB7-A5C7-2F2608BDEACB}" = CCC Help German
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{61BCD850-1A0F-E253-06FF-2A9778945765}" = ccc-core-static
"{6264F0C5-3D33-A669-62ED-AD8E325723BB}" = Catalyst Control Center Core Implementation
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7A1F1E81-A017-43EE-8A24-E88878164C91}" = SeaWorld Adventure Parks Tycoon 3D
"{7AB96F30-68CC-1F9E-A7C4-7A80FF06EFAC}" = CCC Help Dutch
"{83BF9176-882C-3AE7-3E1F-3F7E62EFD459}" = ccc-core-preinstall
"{856499F9-51B6-C958-BADC-0B2F930ED59E}" = CCC Help Swedish
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{932B8CC5-06AB-375C-42B9-B0CB58BC7019}" = Catalyst Control Center HydraVision Full
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98282981-0E26-50CD-6D7F-F0E3E3DF6486}" = Catalyst Control Center Graphics Full Existing
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8248F67-8160-7AAB-371F-03221340D539}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0BFB0B-116C-54DA-1B41-CBBE94B43007}" = CCC Help Czech
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B0043B14-E6FE-67F1-54A8-DA2C8DA5B1FA}" = CCC Help Portuguese
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B17C8039-DDDE-E6DE-3632-40186451799C}" = CCC Help Polish
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B31FFE22-A9BB-CB94-F91B-E678B8645D49}" = Catalyst Control Center Localization All
"{B3736663-7797-9F1E-77E8-6D78021B2921}" = CCC Help Danish
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57890F1-05B2-265D-62A6-C4B8EF212786}" = CCC Help French
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B80964E3-9445-46C3-3A2F-6556B595CBAC}" = Catalyst Control Center Graphics Light
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C265B00F-66E4-433C-A652-E46823D5FE61}_is1" = Mp4 to Wmv Converter 1.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4842EAA-7ACA-3466-9DC0-D0BF174B9F6E}" = CCC Help Chinese Standard
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE09BA21-399C-FCE7-E2E5-C9BCF14D61F3}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D410670C-B1B7-E7A4-0CD1-5C18669D35E5}" = Catalyst Control Center Graphics Previews Common
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF29A0E2-DF76-4932-98A9-34B441F40486}" = Auction Sentry
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E5DD5532-5CE8-8A47-C05F-DD8EC0ED3557}" = CCC Help Korean
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB8B2484-7DEC-4DDE-8A6E-9351DAD18028}" = Super Granny 3
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F937494E-4340-FFB4-6911-54E9FB4B5998}" = CCC Help Thai
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ALTACPHOME_is1" = Net Nanny Parental Controls
"am-cakemania" = Cake Mania
"am-luxor" = Luxor
"AMP WinOFF" = AMP WinOFF
"Ares Tube_is1" = Ares Tube 3.2
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BFGC" = Big Fish Games: Game Manager
"BFG-Luxor 2" = Luxor 2
"BitTornado" = BitTornado 0.3.17
"CBE 122239_is1" = CBE2_1
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.14
"DarkLoader_is1" = DarkLoader v4.1
"DarkRadiant_is1" = DarkRadiant 1.0.2
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.50
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Easy Burner_is1" = Free Easy Burner V 4.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GarrettLoader_is1" = GarrettLoader 1.41
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IObit Security 360_is1" = IObit Security 360
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Let's Make" = Let's Make
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MostFun.com Games - Super Granny 3" = MostFun.com Games - Super Granny 3 (remove only)
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSNINST" = MSN
"Opera 11.10.2092" = Opera 11.10
"Pdf to Word Text Jpeg Tiff Converter 3000_is1" = Pdf to Word Text Jpeg Tiff Converter 3000 7.4
"Picasa 3" = Picasa 3
"PictureIt_v9" = Microsoft Picture It! Express 9
"RealAlt_is1" = Real Alternative 2.0.2
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.3
"System Explorer_is1" = System Explorer 2.7.1
"TeamViewer 6" = TeamViewer 6
"Thief2DeinstallKey" = Thief 2
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Web Games Player Plugin" = Web Games Player Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 4.83
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.92
"Word Reader 5.9" = Word Reader 5.9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2011 7:04:06 AM | Computer Name = ANNAANDDAD | Source = FolderSize | ID = 0
Description =

Error - 5/4/2011 9:50:33 PM | Computer Name = ANNAANDDAD | Source = Application Error | ID = 1000
Description = Faulting application msn.exe, version 10.0.79.2600, faulting module
unknown, version 0.0.0.0, fault address 0x0054cab6.

Error - 5/4/2011 9:50:41 PM | Computer Name = ANNAANDDAD | Source = Application Error | ID = 1000
Description = Faulting application msn.exe, version 10.0.79.2600, faulting module
unknown, version 0.0.0.0, fault address 0x0054cab6.

Error - 5/4/2011 9:51:49 PM | Computer Name = ANNAANDDAD | Source = Application Error | ID = 1000
Description = Faulting application msn.exe, version 10.0.79.2600, faulting module
unknown, version 0.0.0.0, fault address 0x0054cab6.

Error - 5/4/2011 9:56:51 PM | Computer Name = ANNAANDDAD | Source = FolderSize | ID = 0
Description =

Error - 5/5/2011 7:28:20 AM | Computer Name = ANNAANDDAD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/5/2011 4:01:06 PM | Computer Name = ANNAANDDAD | Source = FolderSize | ID = 0
Description =

Error - 5/7/2011 8:50:16 AM | Computer Name = ANNAANDDAD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/7/2011 5:02:08 PM | Computer Name = ANNAANDDAD | Source = FolderSize | ID = 0
Description =

Error - 5/7/2011 7:09:50 PM | Computer Name = ANNAANDDAD | Source = Application Hang | ID = 1002
Description = Hanging application THIEF2.EXE, version 1.9.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/30/2011 8:30:39 PM | Computer Name = ANNAANDDAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/30/2011 8:31:07 PM | Computer Name = ANNAANDDAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/30/2011 8:31:37 PM | Computer Name = ANNAANDDAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/30/2011 8:34:16 PM | Computer Name = ANNAANDDAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/30/2011 8:34:16 PM | Computer Name = ANNAANDDAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/30/2011 8:34:17 PM | Computer Name = ANNAANDDAD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.233.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 5/30/2011 8:34:22 PM | Computer Name = ANNAANDDAD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.233.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 5/30/2011 8:34:22 PM | Computer Name = ANNAANDDAD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.233.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 5/30/2011 8:34:22 PM | Computer Name = ANNAANDDAD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.233.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 5/30/2011 8:34:22 PM | Computer Name = ANNAANDDAD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.233.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved


< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..extensions.enabledItems: {50DD596B-6884-4EF4-A92F-6FA01DDAA72B}:1.9.1
    FF - HKLM\software\mozilla\Firefox\Extensions\\{50DD596B-6884-4EF4-A92F-6FA01DDAA72B}: C:\Documents and Settings\Sacher\Local Settings\Application Data\{50DD596B-6884-4EF4-A92F-6FA01DDAA72B}\ [2011/04/29 21:32:35 | 000,000,000 | ---D | M]
    [2011/04/29 21:32:35 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SACHER\LOCAL SETTINGS\APPLICATION DATA\{50DD596B-6884-4EF4-A92F-6FA01DDAA72B}
    O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
    O3 - HKU\S-1-5-21-1482476501-261903793-682003330-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKU\S-1-5-21-1482476501-261903793-682003330-1004..\RunOnce: [bI06511MfOlP06511] C:\Documents and Settings\All Users\Application Data\bI06511MfOlP06511\bI06511MfOlP06511.exe ()
    O7 - HKU\S-1-5-21-1482476501-261903793-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2011/05/22 14:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bI06511MfOlP06511
    [2011/04/29 21:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Trixatewisucej.bin
    [2011/04/12 19:37:15 | 000,013,852 | -HS- | C] () -- C:\Documents and Settings\Sacher\Local Settings\Application Data\1133866781
    [2011/04/12 19:37:15 | 000,013,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1133866781
    [2011/04/12 19:03:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hsowej.dat
    [2011/05/22 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bI06511MfOlP06511
    [2011/03/05 19:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBhCcCn06511
    [2011/04/24 20:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\B89F2C420AEE10AB237D43F98C3B019A
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX10\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX11\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX3\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX4\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX5\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX6\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX7\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX8\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX9\procs\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX10\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX11\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX3\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX4\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX5\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX6\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX7\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX8\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX9\h\explorer.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX11\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX6\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX7\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX8\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX9\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX11\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX6\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX7\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX8\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Sacher\Local Settings\temp\RarSFX9\winlogon.exe

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Sacher\Local Settings\Application Data\1133866781
    C:\Documents and Settings\All Users\Application Data\1133866781
    C:\WINDOWS\Hsowej.dat
    C:\Documents and Settings\All Users\Application Data\bI06511MfOlP06511
    C:\Documents and Settings\All Users\Application Data\eBhCcCn06511
    C:\Documents and Settings\Sacher\Application Data\B89F2C420AEE10AB237D43F98C3B019A

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Reboot to normal mode and run the following programme - updating me on the system behaviour

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
mrmatt

mrmatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks for helping !

Ran your requested text in OTL

Computer behavior now seems to be fine, able to engage different browsers to the internet, able to run other programs, MSE seems to work.

First time running aswMBR.exe it ran into unexpected error and stopped. I downloaded it again and it completed successfully

Below is OTL log, then log of aswMBR.exe



OTL logfile created on: 5/31/2011 8:22:10 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Sacher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 89.05% Memory free
5.09 Gb Paging File | 4.90 Gb Available in Paging File | 96.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 53.28 Gb Free Space | 35.75% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 44.68 Gb Free Space | 59.95% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.81% Space Free | Partition Type: FAT32

Computer Name: ANNAANDDAD | User Name: Sacher | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 20:20:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTL.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/30 20:20:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 08:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 08:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 08:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 08:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/01 20:20:12 | 002,109,440 | ---- | M] (ContentWatch, Inc.) [Auto | Stopped] -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 22:47:49 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/04/06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Stopped] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/01/18 20:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/08/11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2003/03/09 00:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/23 18:19:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{970F119C-4494-4B82-86CC-388DBFCB71B0}\MpKsl92f5a4d6.sys -- (MpKsl92f5a4d6)
DRV - [2011/05/22 21:22:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{970F119C-4494-4B82-86CC-388DBFCB71B0}\MpKsl023f80d9.sys -- (MpKsl023f80d9)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/19 06:35:20 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/06 19:25:26 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/28 10:58:25 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/28 10:58:25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/28 03:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/01/14 03:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/26 05:27:26 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/31 14:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/30 07:02:24 | 000,079,448 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/04/14 08:00:00 | 000,025,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonydcam.sys -- (sonydcam)
DRV - [2007/10/11 21:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2006/11/14 23:32:08 | 000,066,736 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680.sys -- (Pnp680)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] ([email protected]) [Kernel | System | Stopped] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msnmember.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 7C 9F 0C 52 17 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 12:29:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 12:29:04 | 000,000,000 | ---D | M]

[2009/10/13 08:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Extensions
[2011/05/13 08:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\extensions
[2011/05/02 18:24:20 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/10 16:12:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 06:28:29 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/10/17 20:57:28 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Profiles\xqp47wc9.default\searchplugins\askcom.xml
[2011/05/08 09:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 16:38:15 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SACHER\LOCAL SETTINGS\APPLICATION DATA\{50DD596B-6884-4EF4-A92F-6FA01DDAA72B}
[2009/10/23 07:18:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/08 12:28:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/07/31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2011/05/08 12:28:52 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/31 20:13:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [AMP WinOFF] c:\program files\amp winoff\winoff.exe (Alberto Martínez Pérez)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Sacher\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/04 09:59:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/09 19:11:06 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 20:12:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/30 20:27:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTL.exe
[2011/05/23 18:21:14 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTH.scr
[2011/05/22 15:23:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sacher\IECompatCache
[2011/01/27 20:22:19 | 004,750,496 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe
[2009/11/29 21:56:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sacher\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/31 20:22:14 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/31 20:22:13 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/31 20:17:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/31 20:13:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/30 20:20:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/30 20:20:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTL.exe
[2011/05/26 06:18:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 06:18:39 | 000,079,008 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/05/23 18:12:02 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sacher\Desktop\OTH.scr
[2011/05/23 18:11:30 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Sacher\Desktop\rkill.scr
[2011/05/23 18:10:34 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Sacher\Desktop\rkill.com
[2011/05/22 15:30:09 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/22 14:35:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 22:26:41 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Sacher\Desktop\Spybot - Search & Destroy.lnk
[2011/05/20 12:04:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 21:19:46 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2011/05/18 19:26:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/16 20:13:29 | 000,102,228 | ---- | M] () -- C:\Documents and Settings\Sacher\Desktop\heater circle wire.JPG
[2011/05/15 17:28:43 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\Sacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/09 14:51:27 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/08 21:32:48 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 18:22:54 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Sacher\Desktop\rkill.com
[2011/05/22 15:30:09 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/05/20 22:26:41 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Sacher\Desktop\Spybot - Search & Destroy.lnk
[2011/05/16 20:13:29 | 000,102,228 | ---- | C] () -- C:\Documents and Settings\Sacher\Desktop\heater circle wire.JPG
[2011/05/08 12:29:07 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/12 19:12:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/21 20:05:46 | 000,020,724 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2011/02/21 20:05:46 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2011/01/02 14:59:46 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2011/01/02 14:59:43 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/11/29 21:53:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/10 16:39:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/09 00:48:09 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/10/18 07:27:33 | 000,289,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/10/16 20:32:59 | 000,975,872 | ---- | C] () -- C:\WINDOWS\System32\libxml2_CW.dll
[2010/10/16 20:32:59 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2010/10/16 20:32:57 | 002,916,352 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_core_vc_CW.dll
[2010/10/16 20:32:57 | 001,236,992 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_vc_CW.dll
[2010/10/16 20:32:57 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\wxcode_msw28u_wxcurl_CW.dll
[2010/10/16 20:32:57 | 000,716,800 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_adv_vc_CW.dll
[2010/10/16 20:32:57 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_xrc_vc_CW.dll
[2010/10/16 20:32:57 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_html_vc_CW.dll
[2010/10/16 20:32:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_xml_vc_CW.dll
[2010/10/16 20:32:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_net_vc_CW.dll
[2010/10/16 20:32:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_media_vc_CW.dll
[2010/10/16 20:32:57 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\wxcode_msw28u_wxjson_CW.dll
[2010/10/02 20:27:07 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/08/24 17:24:18 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wsodsini.dll
[2010/08/24 17:23:40 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2010/01/08 19:35:02 | 000,000,383 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/03 17:37:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/01/03 17:37:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/01/03 17:37:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/01/03 17:37:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/01/03 17:37:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/01/03 17:37:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/12/06 20:16:08 | 000,002,455 | ---- | C] () -- C:\WINDOWS\Infoa.dat
[2009/12/06 20:16:08 | 000,000,592 | ---- | C] () -- C:\WINDOWS\Infob.dat
[2009/11/29 22:18:17 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2009/11/29 21:56:02 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sacher\Application Data\pcouffin.cat
[2009/11/29 21:56:02 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sacher\Application Data\pcouffin.inf
[2009/11/08 10:33:21 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\Sacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/22 19:39:13 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/10/18 10:16:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\microday08.dll
[2009/10/18 10:16:15 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\mypath0079.dll
[2009/10/18 10:16:15 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\MTX0CI.dll
[2009/10/13 08:45:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/13 08:07:50 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/10/12 08:45:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/07 09:06:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/06 09:44:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/10/06 09:39:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/10/06 09:39:39 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/10/06 09:39:38 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/10/06 09:39:38 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/10/06 09:39:37 | 000,180,720 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/05 05:47:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/05 05:45:16 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/04 10:01:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 09:56:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/21 13:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 13:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/03 18:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 17:58:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2007/01/03 17:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL
[2000/12/12 20:56:50 | 000,016,384 | ---- | C] () -- C:\WINDOWS\WinBait.exe
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/12/05 11:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2010/10/16 20:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ContentWatch
[2010/01/26 16:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/03/26 21:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/01/03 17:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/04/25 21:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/05/21 09:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2010/11/16 20:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/07/15 12:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/05/17 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2011/02/22 19:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/02/06 11:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/05/20 22:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/03 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/12/16 21:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
[2011/02/22 19:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/07/31 20:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/08 22:45:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/12/13 21:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\.BitTornado
[2011/01/02 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\AnvSoft
[2010/12/05 11:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\BSD
[2010/01/06 20:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\DarkRadiant
[2010/01/26 22:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\EmailNotifier
[2011/01/12 19:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\FreeBurner
[2010/06/18 14:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\GARMIN
[2010/05/17 19:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\GetRightToGo
[2010/01/04 19:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\gtk-2.0
[2011/04/25 21:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\IObit
[2011/02/07 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\MP42MPEG
[2011/05/15 20:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\MP42WMV
[2010/01/26 16:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\ooVoo Details
[2010/07/31 19:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\oovootb
[2010/02/26 15:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\Opera
[2011/01/03 15:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\Search Settings
[2011/01/27 20:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\TeamViewer
[2010/01/03 17:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\Ulead Systems
[2011/03/23 21:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\uTorrent
[2010/01/07 20:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\Vso
[2010/10/17 15:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\WebcamMax
[2010/02/14 10:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sacher\Application Data\WinPatrol
[2011/05/18 19:26:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/04/24 19:14:03 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1298333659.job
[2010/01/16 20:13:17 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\Wise Disk Cleaner 4.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5CE2502D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >












aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-31 21:08:43
-----------------------------
21:08:43.390 OS Version: Windows 5.1.2600 Service Pack 3
21:08:43.390 Number of processors: 3 586 0x402
21:08:43.390 ComputerName: ANNAANDDAD UserName: Sacher
21:08:43.937 Initialize success
21:08:46.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-8
21:08:46.906 Disk 0 Vendor: WDC_WD1600AAJB-22WRA0 58.01H58 Size: 152627MB BusType: 3
21:08:46.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\Pnp6801Port5Path0Target0Lun0
21:08:46.906 Disk 1 Vendor: WDC_WD80 13.0 Size: 76319MB BusType: 1
21:08:48.921 Disk 0 MBR read successfully
21:08:48.937 Disk 0 MBR scan
21:08:48.937 Disk 0 Windows XP default MBR code
21:08:50.953 Disk 0 scanning sectors +312560640
21:08:50.968 Disk 0 scanning C:\WINDOWS\system32\drivers
21:08:56.125 Service scanning
21:08:57.578 Disk 0 trace - called modules:
21:08:57.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
21:08:57.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af56378]
21:08:57.593 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8af54be0]
21:08:57.593 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-8[0x8af1cd98]
21:09:04.859 Unsigned kernel modules:
21:09:04.859 0xba5ac000 C:\WINDOWS\system32\speedfan.sys
21:09:05.328 0xba672000 C:\WINDOWS\system32\giveio.sys
21:09:07.062 0xb9da1000 C:\WINDOWS\system32\drivers\iviaspi.sys
21:09:13.625 0xba793000 C:\WINDOWS\system32\mbmiodrvr.sys
21:09:16.890 0xa7adc000 C:\WINDOWS\system32\drivers\cpuz132_x32.sys
21:09:17.671 Scan finished successfully
21:09:42.796 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
21:09:42.828 The log file has been saved successfully to "J:\successful aswMBR.txt"




Thanks again!
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a scan now for orphans and once completed can you let me know of any outstanding problems

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#7
mrmatt

mrmatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks,

Here is the MBAM LOG, found 4 items, asked to reboot the computer for complete cleansing which I did


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6748

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/1/2011 8:29:27 PM
mbam-log-2011-06-01 (20-29-27).txt

Scan type: Quick scan
Objects scanned: 177327
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\mozilla firefox\0.2805443856023916.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Sacher\local settings\temp\jar_cache5719104010621703900.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Sacher\local settings\temp\RarSFX3\proxycheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Sacher\local settings\temp\0.5869359940247292.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


RERAN MBAM (QUICKSCAN) AND IT FOUND NO MORE INFECTIONS


Matt

Edited by mrmatt, 02 June 2011 - 05:17 AM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#9
mrmatt

mrmatt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Great! Thank you so much Essex!

Even though some of the viruses I have had seem impossible to fix, you guys never let me and my family down. I always recommend your site to others!!!!!!


Thanks again!

Matt
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP