Please help remove a virus

ComboFix 12-04-03.02 - ivan 05/04/2012 9:52.12.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1784 [GMT 12:00]
Running from: c:\documents and settings\ivan\Desktop\your_name.exe
Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\BO0iKkW.com__"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-04-01 23:49 . 2012-04-01 23:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-03-28 20:59 . 2012-03-28 20:59 -------- d-----w- c:\documents and settings\ivan\Application Data\SUPERAntiSpyware.com
2012-03-28 20:58 . 2012-03-28 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-28 20:58 . 2012-03-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 00:00 . 2011-05-17 22:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-19 19:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-04 08:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-02-16 96160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-19 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-21 250016]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 07:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 03:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 01:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 12:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-01-11 15:37 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\SQLANY70\\dbeng7.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 11:38 a.m. 116608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20/10/2009 8:33 a.m. 27632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 4:27 a.m. 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 9:55 a.m. 67664]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [28/02/2011 2:03 p.m. 239528]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2010 3:36 p.m. 652360]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19/04/2004 3:01 p.m. 6656]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/07/2010 3:22 p.m. 13224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2010 3:36 p.m. 20464]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20/10/2009 8:32 a.m. 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20/10/2009 8:32 a.m. 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20/10/2009 8:32 a.m. 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20/10/2009 8:32 a.m. 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20/10/2009 8:32 a.m. 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20/10/2009 8:32 a.m. 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20/10/2009 8:32 a.m. 109864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qhwscsvc
WNCPKT
artourservice
ccevtmgr
g400
dcfssvc
adminserver
DELTA
mcmispupdmgr
axinstsv
comhost
ntrtscan
atimtag
se45unic
eelsservice
lmab_device
ha20x2k
szserver
blueletaudio
rt73
aswmon2
BCMWLNPF
avfilter
sfcure01
alcaudsl
StkASSrv
pdlndint
usbvideo
netmnt
prepdrvr
nv
ELhid
slabbus
WGX
s7otranx
wmp54gsvc
brmfrmps
dlcq_device
tmlisten
caboagp
Wpsnuio
se26nd5
lxrsge10s
l8042pr2
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
TCP: Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-05 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,f5,0e,71,1f,6a,17,45,bc,9a,d4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1636)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-04-05 10:10:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 22:10
ComboFix2.txt 2012-04-04 21:07
ComboFix3.txt 2012-04-04 06:03
ComboFix4.txt 2012-04-04 04:27
ComboFix5.txt 2012-04-04 21:42
.
Pre-Run: 14,149,033,984 bytes free
Post-Run: 14,152,630,272 bytes free
.
- - End Of File - - 8B36B9A07477FF58658156A05B3AE406

Computer seems ok (thanks to your tender ministrations) but TBF I have been doing most of the posting from another machine, leaving the infected one well alone and running XP in safe mode.

OTL.txt (Part 1 of 2 - original post exceeded 50k char limit)
==================================================
OTL logfile created on: 5/04/2012 10:50:11 a.m. - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\ivan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.11% Memory free
2.58 Gb Paging File | 2.06 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 11.21 Gb Free Space | 30.09% Space Free | Partition Type: NTFS
Drive H: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive O: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive P: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive X: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive Z: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS

Computer Name: IVAN2_PC | User Name: ivan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/05 10:37:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
PRC - [2012/03/08 09:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 13:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/12 11:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/17 10:59:38 | 000,096,160 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2011/02/17 10:58:10 | 000,239,528 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/07/31 05:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/21 11:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/05 10:36:18 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/05 10:36:18 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/29 08:59:32 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/03/29 08:59:32 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2005/10/30 15:24:08 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2003/02/07 17:24:20 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rupsmon.dll -- (Wpsnuio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DVDVRRdr_xp.dll -- (WNCPKT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pnrouter.dll -- (wmp54gsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcdrndisuio.dll -- (WGX)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VX3000.dll -- (usbvideo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsmon.dll -- (tmlisten)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regspy.dll -- (szserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btwusb.dll -- (StkASSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HpqRemHid.dll -- (slabbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\3dkeybd.dll -- (sfcure01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LMIRfsDriver.dll -- (se45unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE27mdm.dll -- (se26nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TVALG.dll -- (s7otranx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmHidLo.dll -- (rt73)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA_CMIDI.dll -- (qhwscsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FireHook.dll -- (prepdrvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SPFDRV.dll -- (pdlndint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wceusbsh.dll -- (nv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flutilssvc.dll -- (ntrtscan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VRFIL.dll -- (netmnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apache.dll -- (mcmispupdmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avpnnic.dll -- (lxrsge10s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FileDisk.dll -- (lmab_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvprcsrv.dll -- (l8042pr2)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsaua.dll -- (ha20x2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016mgmt.dll -- (g400)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PQNTDrv.dll -- (ELhid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\buslogic.dll -- (eelsservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecamserver.dll -- (dlcq_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbaudio.dll -- (DELTA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotagent.dll -- (dcfssvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SABProcEnum.dll -- (comhost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asc3350p.dll -- (ccevtmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcd_device.dll -- (caboagp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\n558.dll -- (brmfrmps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\navex15.dll -- (blueletaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sleepy.dll -- (BCMWLNPF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvhidsvc.dll -- (axinstsv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s117unic.dll -- (avfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCamUSBGrandTek.dll -- (atimtag)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stylexphelper.dll -- (aswmon2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRESP50.dll -- (artourservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\perc2.dll -- (alcaudsl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SerTVOutCtlr.dll -- (adminserver)
SRV - [2012/01/13 13:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/12 11:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/02/17 10:58:10 | 000,239,528 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2002/09/21 11:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\your_name\catchme.sys -- (catchme)
DRV - [2011/12/10 14:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/23 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/21 17:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 17:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 17:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/10/04 08:40:18 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/04/06 09:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 09:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/01/09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2004/08/04 12:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 12:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 12:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 12:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 12:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 12:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 12:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 12:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 12:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 12:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 12:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 12:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 12:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 12:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 12:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/05/05 05:31:18 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/04/19 15:01:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)
DRV - [2004/02/05 07:34:16 | 000,051,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/04/04 18:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\..\SearchScopes\{FE9A569F-029E-4F47-9194-72F4C3C6FB8C}: "URL" = http://search.avg.com/?d=4d6ab8d6&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-217054336-590899114-1854122260-1119\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========


O1 HOSTS File: ([2012/04/05 10:04:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-217054336-590899114-1854122260-1119..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-217054336-590899114-1854122260-1119..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1190169885609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190169815312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PCRentalsAuckland.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B69E7A3-4BFA-42B1-923A-5B2BFB7E218E}: NameServer = 10.0.2.93,210.48.66.2,210.48.65.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCFBDEE0-6D1B-45C8-AA11-085E4BC40A5D}: NameServer = 210.55.24.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\ivan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ivan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/20 15:06:55 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: qhwscsvc - %systemroot%\system32\MA_CMIDI.dll File not found
NetSvcs: WNCPKT - %systemroot%\system32\DVDVRRdr_xp.dll File not found
NetSvcs: artourservice - %systemroot%\system32\MRESP50.dll File not found
NetSvcs: ccevtmgr - %systemroot%\system32\asc3350p.dll File not found
NetSvcs: g400 - %systemroot%\system32\a016mgmt.dll File not found
NetSvcs: dcfssvc - %systemroot%\system32\symantecantibotagent.dll File not found
NetSvcs: adminserver - %systemroot%\system32\SerTVOutCtlr.dll File not found
NetSvcs: DELTA - %systemroot%\system32\usbaudio.dll File not found
NetSvcs: mcmispupdmgr - %systemroot%\system32\apache.dll File not found
NetSvcs: axinstsv - %systemroot%\system32\lvhidsvc.dll File not found
NetSvcs: comhost - %systemroot%\system32\SABProcEnum.dll File not found
NetSvcs: ntrtscan - %systemroot%\system32\flutilssvc.dll File not found
NetSvcs: atimtag - %systemroot%\system32\DCamUSBGrandTek.dll File not found
NetSvcs: se45unic - %systemroot%\system32\LMIRfsDriver.dll File not found
NetSvcs: eelsservice - %systemroot%\system32\buslogic.dll File not found
NetSvcs: lmab_device - %systemroot%\system32\FileDisk.dll File not found
NetSvcs: ha20x2k - %systemroot%\system32\fsaua.dll File not found
NetSvcs: szserver - %systemroot%\system32\regspy.dll File not found
NetSvcs: blueletaudio - %systemroot%\system32\navex15.dll File not found
NetSvcs: rt73 - %systemroot%\system32\WmHidLo.dll File not found
NetSvcs: aswmon2 - %systemroot%\system32\stylexphelper.dll File not found
NetSvcs: BCMWLNPF - %systemroot%\system32\sleepy.dll File not found
NetSvcs: avfilter - %systemroot%\system32\s117unic.dll File not found
NetSvcs: sfcure01 - %systemroot%\system32\3dkeybd.dll File not found
NetSvcs: alcaudsl - %systemroot%\system32\perc2.dll File not found
NetSvcs: StkASSrv - %systemroot%\system32\btwusb.dll File not found
NetSvcs: pdlndint - %systemroot%\system32\SPFDRV.dll File not found
NetSvcs: usbvideo - %systemroot%\system32\VX3000.dll File not found
NetSvcs: netmnt - %systemroot%\system32\VRFIL.dll File not found
NetSvcs: prepdrvr - %systemroot%\system32\FireHook.dll File not found
NetSvcs: nv - %systemroot%\system32\wceusbsh.dll File not found
NetSvcs: ELhid - %systemroot%\system32\PQNTDrv.dll File not found
NetSvcs: slabbus - %systemroot%\system32\HpqRemHid.dll File not found
NetSvcs: WGX - %systemroot%\system32\pcdrndisuio.dll File not found
NetSvcs: s7otranx - %systemroot%\system32\TVALG.dll File not found
NetSvcs: wmp54gsvc - %systemroot%\system32\pnrouter.dll File not found
NetSvcs: brmfrmps - %systemroot%\system32\n558.dll File not found
NetSvcs: dlcq_device - %systemroot%\system32\websensecamserver.dll File not found
NetSvcs: tmlisten - %systemroot%\system32\vsmon.dll File not found
NetSvcs: caboagp - %systemroot%\system32\lxcd_device.dll File not found
NetSvcs: Wpsnuio - %systemroot%\system32\rupsmon.dll File not found
NetSvcs: se26nd5 - %systemroot%\system32\SE27mdm.dll File not found
NetSvcs: lxrsge10s - %systemroot%\system32\avpnnic.dll File not found
NetSvcs: l8042pr2 - %systemroot%\system32\lvprcsrv.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/05 10:37:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
[2012/04/05 10:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/04 14:01:23 | 004,455,431 | R--- | C] (Swearware) -- C:\Documents and Settings\ivan\Desktop\your_name.exe
[2012/04/04 12:13:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/04 12:10:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/04 12:10:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/04 12:10:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/04 12:10:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/04 12:10:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/04 12:10:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/04 11:43:07 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\ivan\Desktop\boot_cleaner.exe
[2012/04/04 10:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan\Desktop\bootkit_remover
[2012/04/03 16:40:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ivan\Start Menu\Programs\Administrative Tools
[2012/04/03 13:55:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\ivan\Desktop\dds.scr
[2012/04/02 11:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2012/04/02 11:47:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/29 10:53:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ivan\Desktop\aswMBR.exe
[2012/03/29 08:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan\Application Data\SUPERAntiSpyware.com
[2012/03/29 08:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/29 08:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/29 08:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/28 17:30:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ivan\Recent
[2012/03/28 17:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/28 17:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/05 10:40:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/05 10:40:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/05 10:37:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
[2012/04/05 10:36:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/05 10:35:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/05 10:35:49 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 10:04:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/04 14:01:23 | 004,455,431 | R--- | M] (Swearware) -- C:\Documents and Settings\ivan\Desktop\your_name.exe
[2012/04/04 13:59:07 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\rkill.com
[2012/04/04 12:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/04 11:39:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\MBR.dat
[2012/04/04 10:46:44 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\bootkit_remover.zip
[2012/04/04 09:59:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
[2012/04/04 02:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
[2012/04/03 13:57:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\8kzz5ksr.exe
[2012/04/03 13:55:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\ivan\Desktop\dds.scr
[2012/04/02 14:49:01 | 000,000,267 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2012/04/02 14:48:56 | 000,000,044 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2012/03/29 16:09:46 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6gg8V7.dat
[2012/03/29 11:10:48 | 000,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2012/03/29 10:53:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ivan\Desktop\aswMBR.exe
[2012/03/29 08:58:53 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/03/29 08:40:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/03/29 07:49:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 07:40:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 16:26:18 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\ivan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/15 09:19:56 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 08:40:46 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/03/14 17:01:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/07 15:12:14 | 000,041,849 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.JPG
[2012/03/07 15:10:42 | 000,557,390 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.tif
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/05 10:35:49 | 2138,574,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/04 13:59:03 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\rkill.com
[2012/04/04 12:13:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/04 12:13:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/04 12:10:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/04 12:10:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/04 12:10:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/04 12:10:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/04 12:10:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 10:46:37 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\bootkit_remover.zip
[2012/04/03 13:57:42 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\8kzz5ksr.exe
[2012/03/29 13:48:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\ivan\Desktop\MBR.dat
[2012/03/29 10:54:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6gg8V7.dat
[2012/03/29 08:59:15 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job
[2012/03/29 08:59:14 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
[2012/03/29 08:58:53 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/03/29 07:40:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 17:24:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/07 15:12:14 | 000,041,849 | ---- | C] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.JPG
[2012/03/07 15:10:38 | 000,557,390 | ---- | C] () -- C:\Documents and Settings\ivan\My Documents\Cricket - Fun photo.tif
[2012/02/20 07:47:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/28 14:03:40 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/02/28 14:03:40 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/02/28 14:03:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ivan\Application Data\$_hpcst$.hpc
[2010/04/29 10:51:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

========== LOP Check ==========

[2012/01/23 08:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/04/03 09:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/02/28 08:34:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/02 11:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/02/09 11:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/08/20 15:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/04/20 15:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/08/21 10:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Canon
[2009/04/23 10:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\gtk-2.0
[2011/04/12 17:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Inkscape
[2011/09/06 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\ML
[2011/04/18 15:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Mp3tag
[2008/08/21 10:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\NewSoft
[2012/02/09 11:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\Samsung
[2008/08/20 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\ScanSoft
[2010/08/25 11:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan\Application Data\YCanPDF
[2012/04/04 02:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
[2012/04/04 09:59:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job

========== Purity Check ==========

OTL.txt (Part 2 of 2)
==================================================


========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/08/20 15:06:55 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/03/29 08:40:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/04/04 12:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/04/05 10:10:15 | 000,010,349 | ---- | M] () -- C:\ComboFix.txt
[2012/04/05 10:35:49 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys
[2006/01/12 03:39:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/01/12 03:39:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/28 09:50:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/04/05 10:35:47 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010/06/04 10:07:55 | 000,000,764 | ---- | M] () -- C:\Rescued document 1.txt
[2011/09/22 09:42:29 | 000,000,602 | ---- | M] () -- C:\Rescued document 2.txt
[2011/09/22 10:05:06 | 000,000,562 | ---- | M] () -- C:\Rescued document 3.txt
[2010/06/04 10:04:40 | 000,000,820 | ---- | M] () -- C:\Rescued document.txt
[2012/04/04 14:02:45 | 000,000,310 | ---- | M] () -- C:\rkill.log
[2004/08/05 03:00:00 | 000,047,564 | -HS- | M] () -- C:\__0X02BF
[2004/08/05 03:00:00 | 000,250,032 | -HS- | M] () -- C:\__0x02c0

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 01:32:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/06/10 22:55:08 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp052.DLL
[2006/04/25 05:07:24 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43e.DLL
[2007/02/13 19:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 01:20:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 01:20:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 01:20:10 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/05/28 09:55:35 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2004/08/10 08:59:58 | 000,524,288 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\__0X0042
[2004/08/10 06:59:58 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\__0X0043
[2004/08/10 06:59:58 | 000,000,178 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\__0x0044

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/08/12 12:03:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 06:42:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/04/03 13:57:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\8kzz5ksr.exe
[2012/03/29 10:53:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ivan\Desktop\aswMBR.exe
[2010/05/17 11:25:43 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\ivan\Desktop\avg_free_stb_all_9_114_cnet.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\ivan\Desktop\boot_cleaner.exe
[2010/05/05 09:28:13 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\ivan\Desktop\ccsetup231.exe
[2008/09/19 10:13:49 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ivan\Desktop\FileFormatConverters.exe
[2009/03/25 12:54:09 | 003,879,797 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\FileZilla_3.2.3_win32-setup.exe
[2011/01/27 13:29:23 | 312,528,557 | ---- | M] (Arobas Music ) -- C:\Documents and Settings\ivan\Desktop\GuitarPro6Demo-rev9067.exe
[2009/04/23 10:07:53 | 035,074,836 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\Inkscape-0.46.win32.exe
[2011/03/31 09:35:13 | 003,135,064 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\lide70osmwin200us.exe
[2011/03/17 12:36:46 | 014,203,112 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\ljp3005pcl6win2kxp2003vista2008.exe
[2009/03/25 10:16:25 | 001,091,264 | ---- | M] (Xiph.Org) -- C:\Documents and Settings\ivan\Desktop\oggcodecs_0.81.15562-win32.exe
[2012/04/05 10:37:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan\Desktop\OTL.exe
[2010/08/25 10:45:25 | 014,499,958 | ---- | M] (PDF OCR ) -- C:\Documents and Settings\ivan\Desktop\pdfocr.exe
[2010/07/22 13:08:36 | 015,291,693 | ---- | M] (EffectMatrix Inc. ) -- C:\Documents and Settings\ivan\Desktop\tvc.exe
[2011/04/20 15:36:42 | 020,153,672 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\winzip150.exe
[2008/09/03 17:29:11 | 001,206,366 | ---- | M] () -- C:\Documents and Settings\ivan\Desktop\wrar371.exe
[2012/04/04 14:01:23 | 004,455,431 | R--- | M] (Swearware) -- C:\Documents and Settings\ivan\Desktop\your_name.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2004/08/04 20:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/04/05 10:35:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/04/04 02:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 39bb3ef2-2fdc-4521-889b-4651ad3e4c28.job
[2012/04/04 09:59:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3d3b28ec-3f26-4d34-a2f8-810af41dc5ac.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/04/14 11:23:04 | 000,288,040 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\SoftonicDownloader_for_cricket-scorer.exe
[2006/12/15 09:53:46 | 001,035,271 | ---- | M] () -- C:\Documents and Settings\ivan\My Documents\wrar362.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2005/02/05 10:50:56 | 000,031,736 | ---- | M] () -- C:\WINDOWS\Driver Cache\CUTEPDFW.PPD
[2006/06/01 19:41:18 | 001,441,792 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpbcfgre.DLL
[2007/08/07 13:22:18 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\hpbicoin.dll
[2005/06/20 13:33:42 | 000,081,920 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBMIAPI.DLL
[2006/01/24 16:07:28 | 000,241,721 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBMINI.DLL
[2005/06/20 13:33:06 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPBNRAC2.DLL
[2006/11/16 18:15:52 | 000,025,600 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOID.DLL
[2004/10/16 04:31:06 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOID.EXE
[2005/06/20 13:33:44 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBOIDPS.DLL
[2006/11/16 18:16:06 | 000,038,912 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPRO.DLL
[2005/05/20 09:37:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPRO.EXE
[2005/06/20 13:33:46 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPBPROPS.DLL
[2006/06/29 17:53:02 | 000,012,218 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30056.GPD
[2006/06/29 17:55:06 | 000,014,077 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30x56.XML
[2006/07/04 10:11:14 | 000,108,700 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xx6.GPD
[2006/07/04 23:42:49 | 004,605,305 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xxc.cab
[2005/12/22 12:21:46 | 000,000,164 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc30xxc.INI
[2005/05/26 20:02:52 | 000,021,560 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPC38006.GPD
[2005/06/10 20:23:12 | 000,012,426 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPC38006.XML
[2005/06/14 05:51:30 | 004,138,348 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc3800c.cab
[2004/11/22 18:57:46 | 000,000,164 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc3800c.INI
[2005/06/08 16:58:38 | 000,099,067 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpc380x6.GPD
[2006/04/28 12:10:36 | 000,663,624 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\hpcdmc32.dll
[2005/06/29 14:52:46 | 000,018,901 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPCEAC05.HPI
[2006/11/02 18:32:06 | 000,018,747 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpceac06.hpi
[2006/06/07 04:43:32 | 000,173,039 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3005.CFG
[2006/06/07 04:43:32 | 000,031,067 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3005.cf_
[2005/05/06 06:12:26 | 000,134,260 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3800.CFG
[2005/05/06 06:12:26 | 000,025,086 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpcp3800.cf_
[2005/03/22 10:22:40 | 000,225,792 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\Driver Cache\HPFIE052.DLL
[2005/06/20 13:33:48 | 000,163,840 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPJCMN2U.DLL
[2005/06/20 13:33:52 | 000,094,208 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPJIPX1U.DLL
[2004/10/16 04:31:22 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPNRA.EXE
[2005/06/20 13:51:30 | 000,213,063 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPPAPML0.DLL
[2005/06/20 13:51:28 | 000,225,351 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPPAPTS0.DLL
[2005/06/20 13:51:18 | 000,208,969 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPPASNM0.DLL
[2007/02/13 17:47:54 | 000,977,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz3c4wm.dll
[2005/06/07 00:10:20 | 000,011,649 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m052.GPD
[2006/05/05 16:12:30 | 000,011,745 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m43e.GPD
[2007/02/15 14:10:36 | 000,012,038 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpz6m4wm.GPD
[2005/06/10 22:55:42 | 001,189,376 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r052.DLL
[2006/04/25 05:08:08 | 001,336,320 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r43e.DLL
[2007/02/13 19:23:12 | 001,468,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpz6r4wm.DLL
[2005/06/10 22:55:16 | 000,548,352 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev052.DLL
[2006/04/25 05:07:30 | 000,408,576 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev43e.DLL
[2007/02/13 19:22:18 | 000,435,712 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzev4wm.DLL
[2005/06/10 20:38:18 | 000,923,676 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL052.CAB
[2006/04/25 01:28:48 | 001,134,874 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL43e.CAB
[2007/02/14 08:36:44 | 002,337,433 | ---- | M] () -- C:\WINDOWS\Driver Cache\HPZHL4wm.CAB
[2005/06/20 13:51:22 | 000,278,584 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIDR12.DLL
[2006/05/11 17:15:42 | 000,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZINW12.DLL
[2005/04/29 16:43:44 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZINW12.EXE
[2006/05/11 17:15:50 | 000,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\Driver Cache\HPZIPM12.DLL
[2005/04/29 16:44:06 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIPM12.EXE
[2005/06/20 13:51:32 | 000,204,800 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIPR12.DLL
[2005/06/20 13:51:34 | 000,094,208 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZIPT12.DLL
[2005/06/20 13:51:26 | 000,057,344 | ---- | M] (HP) -- C:\WINDOWS\Driver Cache\HPZISN12.DLL
[2005/06/10 22:55:22 | 001,234,432 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls052.DLL
[2006/04/25 05:07:52 | 001,390,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls43e.DLL
[2007/02/13 19:22:38 | 001,588,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzls4wm.DLL
[2007/02/13 19:22:20 | 000,179,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpe4wm.DLL
[2007/02/13 19:23:18 | 000,117,248 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzpi4wm.DLL
[2007/02/13 19:23:26 | 000,103,424 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpnp.dll
[2005/06/10 22:55:08 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp052.DLL
[2006/04/25 05:07:24 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp43e.DLL
[2007/02/13 19:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzpp4wm.DLL
[2005/03/22 10:19:28 | 000,004,701 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc052.DTD
[2005/05/30 21:17:18 | 000,004,694 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc43e.DTD
[2006/07/04 22:36:14 | 000,008,294 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsc4wm.DTD
[2005/06/10 20:38:18 | 000,088,093 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm052.GPD
[2006/06/08 15:07:02 | 000,095,047 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm43e.GPD
[2007/02/14 08:30:54 | 000,144,720 | ---- | M] () -- C:\WINDOWS\Driver Cache\hpzsm4wm.GPD
[2005/06/10 21:54:54 | 000,562,688 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss052.DLL
[2006/04/25 02:39:54 | 000,562,688 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss43e.DLL
[2007/02/13 18:53:18 | 000,670,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzss4wm.DLL
[2005/06/10 20:41:28 | 003,088,384 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst052.DLL
[2006/04/25 01:31:38 | 003,950,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst43e.DLL
[2007/02/13 17:42:42 | 005,580,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzst4wm.DLL
[2005/06/10 22:55:14 | 002,033,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui052.DLL
[2006/04/25 05:07:40 | 002,461,696 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui43e.DLL
[2007/02/13 19:22:14 | 003,269,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzui4wm.DLL
[2007/02/13 17:47:12 | 003,459,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\Driver Cache\hpzur4wm.dll
[2007/04/09 12:24:04 | 000,758,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\mdigraph.dll
[2007/04/09 12:23:58 | 000,046,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\mdiui.dll
[2006/07/04 23:43:14 | 000,302,967 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2arww.cab
[2006/07/04 23:43:15 | 000,302,845 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2caww.cab
[2006/07/04 23:43:16 | 000,303,849 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2csww.cab
[2006/07/04 23:43:18 | 000,302,695 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2daww.cab
[2006/07/04 23:43:19 | 000,303,569 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2deww.cab
[2006/07/04 23:43:22 | 000,303,541 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2elww.cab
[2006/07/04 23:43:20 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2enww.cab
[2006/07/04 23:43:20 | 000,302,845 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2esww.cab
[2006/07/04 23:43:31 | 000,302,867 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2fiww.cab
[2006/07/04 23:43:21 | 000,304,585 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2frww.cab
[2006/07/04 23:43:23 | 000,302,621 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2heww.cab
[2006/07/04 23:43:26 | 000,303,953 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2huww.cab
[2006/07/04 23:43:23 | 000,304,303 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2itww.cab
[2006/07/04 23:43:24 | 000,302,781 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2jaww.cab
[2006/07/04 23:43:25 | 000,301,793 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2koww.cab
[2006/07/04 23:43:27 | 000,303,635 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2nlww.cab
[2006/07/04 23:43:27 | 000,302,909 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2noww.cab
[2006/07/04 23:43:28 | 000,304,057 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2plww.cab
[2006/07/04 23:43:29 | 000,304,097 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2ptww.cab
[2006/07/04 23:43:30 | 000,303,187 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2ruww.cab
[2006/07/04 23:43:30 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2skww.cab
[2006/07/04 23:43:32 | 000,302,733 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2svww.cab
[2006/07/04 23:43:33 | 000,303,435 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2thww.cab
[2006/07/04 23:43:33 | 000,303,549 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2trww.cab
[2006/07/04 23:43:16 | 000,302,159 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2zhcn.cab
[2006/07/04 23:43:17 | 000,300,553 | ---- | M] () -- C:\WINDOWS\Driver Cache\p6i2zhtw.cab
[2004/07/10 02:56:00 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\pclxl.DLL
[2002/05/23 09:21:46 | 000,010,375 | ---- | M] () -- C:\WINDOWS\Driver Cache\pclxl.GPD
[2002/05/23 09:21:50 | 000,001,156 | ---- | M] () -- C:\WINDOWS\Driver Cache\pjl.GPD
[2002/07/22 12:05:04 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\PS5UI.DLL
[2002/07/22 12:05:04 | 000,026,038 | ---- | M] () -- C:\WINDOWS\Driver Cache\PSCRIPT.HLP
[2003/05/03 10:37:36 | 000,790,300 | ---- | M] () -- C:\WINDOWS\Driver Cache\PSCRIPT.NTF
[2002/07/22 12:05:04 | 000,455,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\PSCRIPT5.DLL
[2002/05/23 09:22:06 | 000,014,362 | ---- | M] () -- C:\WINDOWS\Driver Cache\STDNAMES.GPD
[2004/08/04 11:26:48 | 000,264,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIDRV.DLL
[2003/03/28 03:07:08 | 000,021,225 | ---- | M] () -- C:\WINDOWS\Driver Cache\UNIDRV.HLP
[2004/08/04 11:26:48 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIDRVUI.DLL
[2004/08/04 11:26:36 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\UNIRES.DLL

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/05/09 10:14:13 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\ivan\Favorites\Desktop.ini
[1996/10/11 14:56:50 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\ivan\Favorites\My Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/08/12 11:54:24 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/04/20 18:58:37 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\ivan\Cookies\desktop.ini
[2012/04/05 10:49:59 | 000,147,456 | -HS- | M] () -- C:\Documents and Settings\ivan\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 05:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 20:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 22:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/03 02:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 22:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 22:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 20:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 22:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 22:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

OTL Extras logfile created on: 5/04/2012 10:38:45 a.m. - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\ivan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 69.02% Memory free
2.58 Gb Paging File | 2.08 Gb Available in Paging File | 80.63% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 11.21 Gb Free Space | 30.09% Space Free | Partition Type: NTFS
Drive H: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive O: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive P: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive X: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive Z: | 67.83 Gb Total Space | 29.41 Gb Free Space | 43.37% Space Free | Partition Type: NTFS

Computer Name: IVAN2_PC | User Name: ivan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-217054336-590899114-1854122260-1119\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\SQLANY70\dbeng7.exe" = C:\SQLANY70\dbeng7.exe:*:Enabled:Adaptive Server Anywhere Database Engine -- (Sybase, Inc.)
"C:\Documents and Settings\ivan\Desktop\utorrent.exe" = C:\Documents and Settings\ivan\Desktop\utorrent.exe:*:Enabled:µTorrent
"C:\WT_DESKB\DeskBank.exe" = C:\WT_DESKB\DeskBank.exe:*:Enabled:Main DeskBank Program -- (Westpac)
"\\pcrak\premier\MYOBPremNew\Myobp.exe" = \\pcrak\premier\MYOBPremNew\Myobp.exe:*:Enabled:Myobp.exe
"\\PCRAK\engineering\drivers\printer drivers\hp colourlaserjet 3800\original disk\Temp\InstEng\Setup.exe" = \\PCRAK\engineering\drivers\printer drivers\hp colourlaserjet 3800\original disk\Temp\InstEng\Setup.exe:*:Enabled:Hewlett-Packard Installer
"\\PCRAK\engineering\drivers\printer drivers\hp P3005N\Temp\InstEng\Setup.exe" = \\PCRAK\engineering\drivers\printer drivers\hp P3005N\Temp\InstEng\Setup.exe:*:Enabled:Hewlett-Packard Installer
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\msnneb32.exe" = C:\WINDOWS\system32\msnneb32.exe:*:Enabled:MsnUpdate
"C:\WINDOWS\system32\dllhost32.exe" = C:\WINDOWS\system32\dllhost32.exe:*:Enabled:schost
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\SQLANY70\dbeng7.exe" = C:\SQLANY70\dbeng7.exe:*:Enabled:Adaptive Server Anywhere Database Engine -- (Sybase, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 3.0
"{403BC48C-BCAA-47EA-9841-F26599A81E48}" = HP LaserJet P3005 Install Notes
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D5795B4-76AC-473B-82DA-0AE6CBB4BD8C}" = HP Color LaserJet 3800
"{526E8C7A-8709-49E8-8D6D-58A90CE37AB3}" = MYOB Premier v12
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{748B1880-9025-439D-B5D1-E078F2329993}" = HP LaserJet P3005
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{875C8982-4147-423D-9A81-4346DAD25ACA}" = MYOB ODBC Direct v8 NZ
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEF89BE7-8948-478A-A452-3F0E9F69233D}" = HP LaserJet P3005 User Guide
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.5
"DeskBank" = DeskBank
"DivX Setup.divx.com" = DivX Setup
"HP Color LaserJet 3800" = HP Color LaserJet 3800
"HP LaserJet P3005" = HP LaserJet P3005
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs
"InstallShield_{526E8C7A-8709-49E8-8D6D-58A90CE37AB3}" = MYOB Premier v12
"InstallShield_{875C8982-4147-423D-9A81-4346DAD25ACA}" = MYOB ODBC Direct v8 NZ
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mp3tag" = Mp3tag v2.48
"MusicBrainz Picard" = MusicBrainz Picard
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Software Setup" = Software Setup
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/04/2012 10:43:16 p.m. | Computer Name = IVAN2_PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module medialibrarynse.dll, version 2.0.16.0, fault address 0x00002736.

Error - 3/04/2012 11:40:04 p.m. | Computer Name = IVAN2_PC | Source = Application Error | ID = 1000
Description = Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe,
version 0.0.0.0, fault address 0x0008d1c0.

[ System Events ]
Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7023
Description = The Nnsvc service terminated with the following error: %%126

Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7023
Description = The LRMINIPORT service terminated with the following error: %%126

Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7023
Description = The Ntsvcmgr service terminated with the following error: %%126

Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7023
Description = The W550mdfl service terminated with the following error: %%126

Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7023
Description = The Vrfwsvc service terminated with the following error: %%126

Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7023
Description = The Ha20x2k service terminated with the following error: %%126

Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7023
Description = The Portio service terminated with the following error: %%126

Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7023
Description = The KMW_USB service terminated with the following error: %%126

Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7023
Description = The Naiavfilter1 service terminated with the following error: %%126

Error - 4/04/2012 6:37:22 p.m. | Computer Name = IVAN2_PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >

OTL.RunFix has been sitting (idle?) for about an hour. I've just realised I negelected to halt Malwarebytes and SuperAntiSpyware before pasting the parameters you gave me and clicking Run Fix. Is it ok for me to reboot and start over? The system's currently not accepting any input.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 405 bytes

User: Administrator.PCRENTALSAUCKLA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: ivan
->Temp folder emptied: 1430089 bytes
->Temporary Internet Files folder emptied: 6003036 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1879 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 9438 bytes

User: __0X00AC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: __0X00D0
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: __0X00F4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.PCRENTALSAUCKLA

User: All Users

User: Default User

User: ivan
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: __0X00AC

User: __0X00D0

User: __0X00F4

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.PCRENTALSAUCKLA

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: ivan
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: __0X00AC

User: __0X00D0

User: __0X00F4

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04052012_150240

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Could I possibly further impose upon you to suspend our work for the next little while? It's Easter here and I've taken next week off work to head away with my kids. I can't adequately express how grateful I am for your calm, patient and effective assistance and I feel a little remiss to baulk you now we appear to be in the home stretch. perhaps I could catch up with you again on April 16?

Back on deck today. Currently downloading and installing various av and test software per your last instructions.

CHECKUP.TXT
===================================================
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 31
Java 2 Runtime Environment, SE v1.4.2_03
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

======================================
FSS.txt

Farbar Service Scanner Version: 16-04-2012
Ran by ivan (administrator) on 17-04-2012 at 14:50:03
Running from "C:\Documents and Settings\ivan\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****

ESET.txt
==========================================================================
C:\Documents and Settings\ivan\My Documents\SoftonicDownloader_for_cricket-scorer.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\J3d8QFa3.exe.vir Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104350.com Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104418.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104419.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104420.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104421.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104422.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104423.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104424.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104425.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104426.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104427.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104428.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104429.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104430.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104431.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104432.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104433.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104434.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104435.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104436.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104437.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104438.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP891\A0104440.com Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP894\A0109429.com Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP894\A0112691.exe Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP894\A0115090.com Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP894\A0116237.exe Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined

Farbar Service Scanner Version: 16-04-2012
Ran by ivan (administrator) on 18-04-2012 at 09:35:30
Running from "C:\Documents and Settings\ivan\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****