Solved Recovered from virus, Now IE8 will not work

Hi Bromi

Here is the log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-16 09:40:49
Windows 5.1.2600 Service Pack 3
Running: vn0q8w74.exe; Driver: C:\DOCUME~1\SVENAL~1\LOCALS~1\Temp\kxlyiaoc.sys


---- System - GMER 1.0.15 ----

SSDT F8D12A76 ZwCreateKey
SSDT F8D12A6C ZwCreateThread
SSDT F8D12A7B ZwDeleteKey
SSDT F8D12A85 ZwDeleteValueKey
SSDT F8D12A8A ZwLoadKey
SSDT F8D12A58 ZwOpenProcess
SSDT F8D12A5D ZwOpenThread
SSDT F8D12A94 ZwReplaceKey
SSDT F8D12A8F ZwRestoreKey
SSDT F8D12A80 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEFC5A950]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 428 804E2A94 1 Byte [80]
init C:\windows\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF88FB760]

---- EOF - GMER 1.0.15 ----


Also, in my E-Mail it will not show any pictures any more.
I don't know where to change that, or is that related to my problem with IE8

Thanks

Sven

 

i use outlook express.

i can not download to my desktop, so i will download to a differend computer and tranfer. is that o.k.?

 

here it is

ComboFix 10-07-15.05 - Sven Albrecht 07/16/2010 10:28:46.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.230 [GMT -7:00]
Running from: c:\documents and settings\Sven Albrecht\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-16 15:32 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 15:32 . 2010-07-16 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 15:32 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 22:38 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 17:34 . 2010-07-12 17:34 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-09 23:30 . 2010-07-09 23:30 -------- d-----w- C:\$AVG8.VAULT$
2010-07-09 23:22 . 2010-07-09 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-08 23:28 . 2010-07-15 15:42 -------- d-----w- c:\documents and settings\Sven Albrecht\Local Settings\Application Data\cqdhsggfv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 23:44 . 2010-05-07 23:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-26 13:11 . 2010-05-26 13:11 503808 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65781f07-n\msvcp71.dll
2010-05-26 13:11 . 2010-05-26 13:11 499712 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65781f07-n\jmc.dll
2010-05-26 13:11 . 2010-05-26 13:11 348160 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65781f07-n\msvcr71.dll
2010-05-26 13:11 . 2010-05-26 13:11 61440 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c44011e-n\decora-sse.dll
2010-05-26 13:11 . 2010-05-26 13:11 12800 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c44011e-n\decora-d3d.dll
2010-05-21 21:14 . 2009-10-02 17:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-07 23:05 . 2010-05-07 23:05 63488 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-07 23:05 . 2010-05-07 23:05 52224 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-07 23:05 . 2010-05-07 23:05 117760 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 10:41 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-07 2017280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry "= "c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2004-03-17 77824]
"mmtask "= "c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"UpdateManager "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"ContentTransferWMDetector.exe "= "c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-12 423200]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-17 151597]
"CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-06 1848648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Sven Albrecht\Start Menu\Programs\Startup\
Shortcut to MSOFFICE.EXE.lnk - c:\microsoft office\Office10\MSOFFICE.EXE [2001-2-13 226720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:80 /pup /archives /IA:0 /KBD:2 /dir:C:\Program

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@= "beep "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sven Albrecht^Start Menu^Programs^Startup^Shortcut Bar.lnk]
path=c:\documents and settings\Sven Albrecht\Start Menu\Programs\Startup\Shortcut Bar.lnk
backup=c:\windows\pss\Shortcut Bar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12 "=2 (0x2)
"aspnet_state "=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP "= 8097:TCP:EarthLink UHP Modem Support

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/9/2010 12:35 PM 135336]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\SYSTEM32\DRIVERS\nxsIO32.sys [2/27/2006 1:40 PM 2208]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 OSCI_DRVNT;OSCI_DRVNT;c:\windows\SYSTEM32\DRIVERS\OSCI_DRVNT.sys [7/5/2007 11:24 AM 6784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\micros~1\Office10\EXCEL.EXE/3000
TCP: {8FA5322C-C36E-4393-BCE7-9B8836E141A6} = 66.51.205.100,66.51.206.100
DPF: {D34151C8-0C6C-4A7D-B677-4FCC9552E957} - hxxp://www.bcnx.com/SunInfoConnect_www.bcnx.com_medium.cab
FF - ProfilePath - c:\documents and settings\Sven Albrecht\Application Data\Mozilla\Firefox\Profiles\cikbrq55.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.earthlink.net/
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-HijackThis - c:\documents and settings\Sven Albrecht\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-16 10:37:16
ComboFix-quarantined-files.txt 2010-07-16 17:37

Pre-Run: 107,572,838,400 bytes free
Post-Run: 107,693,961,216 bytes free

- - End Of File - - 0FE02AFEED2A300D6F7926DACCDB1B80

 

Combo fix did the job!!!
I am on line on the infected computer.
Let me know if I have to do somthing else

Thanks

Sven

 

here is the new log

ComboFix 10-07-15.05 - Sven Albrecht 07/16/2010 11:48:53.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.255 [GMT -7:00]
Running from: c:\documents and settings\Sven Albrecht\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sven Albrecht\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-16 15:32 . 2010-07-16 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 22:38 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 17:34 . 2010-07-12 17:34 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-09 23:30 . 2010-07-09 23:30 -------- d-----w- C:\$AVG8.VAULT$
2010-07-09 23:22 . 2010-07-09 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-08 23:28 . 2010-07-15 15:42 -------- d-----w- c:\documents and settings\Sven Albrecht\Local Settings\Application Data\cqdhsggfv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 18:41 . 2010-05-07 23:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-26 13:11 . 2010-05-26 13:11 503808 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65781f07-n\msvcp71.dll
2010-05-26 13:11 . 2010-05-26 13:11 499712 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65781f07-n\jmc.dll
2010-05-26 13:11 . 2010-05-26 13:11 348160 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65781f07-n\msvcr71.dll
2010-05-26 13:11 . 2010-05-26 13:11 61440 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c44011e-n\decora-sse.dll
2010-05-26 13:11 . 2010-05-26 13:11 12800 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c44011e-n\decora-d3d.dll
2010-05-21 21:14 . 2009-10-02 17:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-07 23:05 . 2010-05-07 23:05 63488 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-07 23:05 . 2010-05-07 23:05 52224 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-07 23:05 . 2010-05-07 23:05 117760 ----a-w- c:\documents and settings\Sven Albrecht\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 10:41 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-16_17.34.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-16 18:37 . 2010-07-16 18:37 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-16 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry "= "c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2004-03-17 77824]
"mmtask "= "c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"UpdateManager "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"ContentTransferWMDetector.exe "= "c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-12 423200]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-17 151597]
"CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-06 1848648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Sven Albrecht\Start Menu\Programs\Startup\
Shortcut to MSOFFICE.EXE.lnk - c:\microsoft office\Office10\MSOFFICE.EXE [2001-2-13 226720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:80 /pup /archives /IA:0 /KBD:2 /dir:C:\Program

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@= "beep "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sven Albrecht^Start Menu^Programs^Startup^Shortcut Bar.lnk]
path=c:\documents and settings\Sven Albrecht\Start Menu\Programs\Startup\Shortcut Bar.lnk
backup=c:\windows\pss\Shortcut Bar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12 "=2 (0x2)
"aspnet_state "=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP "= 8097:TCP:EarthLink UHP Modem Support

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/9/2010 12:35 PM 135336]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\SYSTEM32\DRIVERS\nxsIO32.sys [2/27/2006 1:40 PM 2208]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S3 OSCI_DRVNT;OSCI_DRVNT;c:\windows\SYSTEM32\DRIVERS\OSCI_DRVNT.sys [7/5/2007 11:24 AM 6784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\micros~1\Office10\EXCEL.EXE/3000
TCP: {8FA5322C-C36E-4393-BCE7-9B8836E141A6} = 66.51.205.100,66.51.206.100
DPF: {D34151C8-0C6C-4A7D-B677-4FCC9552E957} - hxxp://www.bcnx.com/SunInfoConnect_www.bcnx.com_medium.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 11:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-16 11:57:16
ComboFix-quarantined-files.txt 2010-07-16 18:57
ComboFix2.txt 2010-07-16 17:37

Pre-Run: 107,696,553,984 bytes free
Post-Run: 107,684,376,576 bytes free

- - End Of File - - FC29E1B9B1E16D4509677FDA2A1E895C

 

Here are the logs

OTL Extras logfile created on: 7/16/2010 12:33:14 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Sven Albrecht\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 209.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 100.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 2.43 Gb Free Space | 23.31% Space Free | Partition Type: NTFS
Drive E: | 64.08 Gb Total Space | 58.88 Gb Free Space | 91.89% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 111.79 Gb Total Space | 100.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS

Computer Name: INTERTRADEINC
Current User Name: Sven Albrecht
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl -- (EarthLink, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25F9791C-B446-462D-BDC6-F95BCBB81851}" = EarthLink Spyware Blocker
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{279C4248-7769-45CA-A03F-E8339954C4F3}" = EarthLink Redistributed
"{2A011F38-2F3B-484F-9595-E8462430F0BF}" = ELNBonus
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2F72E05E-2371-4C05-9091-B643A9456267}" = EarthLink Setup
"{3454F318-1008-46A9-A1F5-69C5F8AB3BCF}" = Deal Info
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50915408-4940-4C36-B4CC-0D9944FA4C59}" = EarthLink FastLane
"{51487A3E-7A7D-46D8-B7E5-7F85B57B8C2F}" = EarthLink Common
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{62329568-19B5-43CF-9524-3EE4DD709D01}" = EarthLink Toolbar
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79500098-252F-47C3-B773-E6EFEBBD1D92}" = EarthLink Update Manager
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF2AD4B-9374-4B72-B79B-A743CD41F2A4}" = EarthLink TaskPanel
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D9C3CDEB-BC7F-4CB3-BC92-719B365DF28E}" = EarthLink IM
"{DBDB8C5A-E0B9-4C10-A649-59D962E3A07F}" = EarthLink Webspace
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CompuPic" = CompuPic
"EarthLink TotalAccess 2004" = EarthLink Software
"EASEUS Data Recovery Wizard Professional 5.0.1_is1" = EASEUS Data Recovery Wizard Professional 5.0.1
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormDocs" = FormDocs 6.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell 2.1.1 (build 325)
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"PropFix" = Microsoft Office 97 Unique Identifier Removal Tool
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealOne Player
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XQXSetup_is1" = Xteq Systems X-Setup 6.3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2010 8:31:26 PM | Computer Name = INTERTRADEINC | Source = Application Error | ID = 1000
Description = Faulting application googleearth.exe, version 5.1.3533.1731, faulting
module msvcr80.dll, version 8.0.50727.762, fault address 0x00008a8c.

Error - 1/28/2010 8:31:32 PM | Computer Name = INTERTRADEINC | Source = Application Error | ID = 1001
Description = Fault bucket 1566600331.

Error - 2/8/2010 5:59:19 PM | Computer Name = INTERTRADEINC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 8.5.0.427, fault address 0x00017eb1.

Error - 3/8/2010 6:05:50 PM | Computer Name = INTERTRADEINC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 8.5.0.427, fault address 0x00017eb1.

Error - 4/29/2010 4:57:48 PM | Computer Name = INTERTRADEINC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/10/2010 1:00:25 PM | Computer Name = INTERTRADEINC | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/9/2010 1:00:02 PM | Computer Name = INTERTRADEINC | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/14/2010 6:13:56 PM | Computer Name = INTERTRADEINC | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/15/2010 11:41:42 AM | Computer Name = INTERTRADEINC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/15/2010 11:41:42 AM | Computer Name = INTERTRADEINC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 7/14/2010 5:53:45 PM | Computer Name = INTERTRADEINC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/14/2010 5:54:46 PM | Computer Name = INTERTRADEINC | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/14/2010 7:14:52 PM | Computer Name = INTERTRADEINC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/15/2010 11:41:29 AM | Computer Name = INTERTRADEINC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/15/2010 6:28:43 PM | Computer Name = INTERTRADEINC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/16/2010 11:27:58 AM | Computer Name = INTERTRADEINC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/16/2010 11:48:01 AM | Computer Name = INTERTRADEINC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/16/2010 12:47:45 PM | Computer Name = INTERTRADEINC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/16/2010 2:37:40 PM | Computer Name = INTERTRADEINC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/16/2010 2:42:16 PM | Computer Name = INTERTRADEINC | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183


< End of report >

 

Log #2

OTL logfile created on: 7/16/2010 12:33:14 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Sven Albrecht\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 209.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 100.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 2.43 Gb Free Space | 23.31% Space Free | Partition Type: NTFS
Drive E: | 64.08 Gb Total Space | 58.88 Gb Free Space | 91.89% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 111.79 Gb Total Space | 100.60 Gb Free Space | 89.99% Space Free | Partition Type: NTFS

Computer Name: INTERTRADEINC
Current User Name: Sven Albrecht
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/16 12:31:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sven Albrecht\Desktop\OTL.exe
PRC - [2010/04/19 10:32:11 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/06 10:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/07/11 17:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2004/03/16 18:07:01 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/13 09:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2001/02/13 00:58:54 | 000,226,720 | ---- | M] (Microsoft Corporation) -- C:\Microsoft Office\Office10\MSOFFICE.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/16 12:31:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sven Albrecht\Desktop\OTL.exe
MOD - [2001/08/18 11:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\X-Setup\bin\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\windows\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [Disabled | Stopped] -- C:\windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/19 10:32:11 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\TEMP\WinIo.sys -- (WINIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\SVENAL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/16 11:41:42 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/05 13:28:41 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/07/05 11:24:43 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OSCI_DRVNT.sys -- (OSCI_DRVNT)
DRV - [2006/02/27 13:40:22 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nxsIO32.sys -- (nxsIO32)
DRV - [2004/07/27 09:01:13 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/07/27 09:00:23 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/27 08:59:55 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/07/27 08:59:53 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/07/27 08:59:51 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/07/27 08:59:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/07/27 08:59:48 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/07/27 08:59:45 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/07/27 08:59:45 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/07/27 08:59:45 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/07/27 08:59:44 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/06 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 00:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 00:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 02:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\windows\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://start.earthlink.net/ "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


[2010/07/15 14:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Mozilla\Extensions
[2006/04/28 11:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Mozilla\Firefox\Profiles\cikbrq55.default\extensions

O1 HOSTS File: ([2010/07/16 10:34:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PnIEBrowserHelperObj Class) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Sven Albrecht\Start Menu\Programs\Startup\Shortcut to MSOFFICE.EXE.lnk = C:\Microsoft Office\Office10\MSOFFICE.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopIniCache = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1091044601515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137428743093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38070.5747569444 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D34151C8-0C6C-4A7D-B677-4FCC9552E957} http://www.bcnx.com/SunInfoConnect_www.bcnx.com_medium.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 66.51.205.100 156.154.71.16
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\ITI.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\ITI.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:* /L:1033 /heur:80 /pup /archives /IA:0 /KBD:2 /dir:C:\Program) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\windows\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\windows\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: midi - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\windows\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\System32\MSG711.ACM (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\windows\System32\MSG723.ACM (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\System32\MSGSM32.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\windows\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\windows\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\windows\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\windows\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\windows\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\windows\System32\SERWVDRV.DLL (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\System32\MSACM32.DRV (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/16 12:31:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sven Albrecht\Desktop\OTL.exe
[2010/07/16 08:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/12 10:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/09 16:30:00 | 000,000,000 | ---D | C] -- C:\$AVG8.VAULT$
[2010/07/09 16:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/07/08 16:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sven Albrecht\Local Settings\Application Data\cqdhsggfv
[2010/06/23 08:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sven Albrecht\My Documents\RSVP PIcs
[2010/05/07 16:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/07 16:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sven Albrecht\Application Data\SUPERAntiSpyware.com
[2010/05/07 16:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/07 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[16 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/16 12:35:01 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\NTUSER.DAT
[2010/07/16 12:31:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sven Albrecht\Desktop\OTL.exe
[2010/07/16 11:57:17 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/16 11:54:40 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/07/16 11:40:07 | 000,000,330 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/07/16 11:37:55 | 000,001,170 | ---- | M] () -- C:\windows\System32\WPA.DBL
[2010/07/16 11:36:56 | 000,002,048 | --S- | M] () -- C:\windows\BOOTSTAT.DAT
[2010/07/16 11:36:54 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/16 11:36:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sven Albrecht\NTUSER.INI
[2010/07/16 10:34:15 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\ETC\hosts
[2010/07/08 15:20:08 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\Lotto Payout.xls
[2010/06/16 16:39:43 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\catalog Letter.doc
[2010/06/11 10:16:04 | 000,203,328 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/10 10:03:50 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2010/06/03 14:13:41 | 000,193,024 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\zip code tax.doc
[2010/06/03 13:57:07 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\Zip Codes.xls
[2010/06/01 16:24:02 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\zip code.doc
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[16 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/03 14:13:41 | 000,193,024 | ---- | C] () -- C:\Documents and Settings\Sven Albrecht\My Documents\zip code tax.doc
[2010/06/01 16:24:01 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Sven Albrecht\My Documents\zip code.doc
[2010/06/01 16:16:13 | 000,158,208 | ---- | C] () -- C:\Documents and Settings\Sven Albrecht\My Documents\Zip Codes.xls
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\windows\bdoscandellang.ini
[2008/03/25 11:10:01 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2008/03/25 11:08:47 | 000,000,044 | ---- | C] () -- C:\windows\EPCX8400.ini
[2007/07/05 11:24:43 | 000,006,784 | ---- | C] () -- C:\windows\System32\drivers\OSCI_DRVNT.sys
[2006/02/27 13:40:22 | 000,002,208 | ---- | C] () -- C:\windows\System32\drivers\nxsIO32.sys
[2005/10/20 15:28:14 | 000,000,037 | ---- | C] () -- C:\windows\cdplayer.ini
[2005/05/20 14:37:11 | 000,049,152 | ---- | C] () -- C:\windows\System32\TVicHW32.dll
[2005/03/24 12:05:26 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2004/10/20 08:22:22 | 000,000,078 | ---- | C] () -- C:\windows\qwimp.ini
[2004/10/11 08:50:04 | 000,001,081 | ---- | C] () -- C:\windows\QUICKEN.INI
[2004/05/18 20:03:48 | 000,053,248 | ---- | C] () -- C:\windows\System32\zlib.dll
[2004/05/03 08:41:06 | 000,000,061 | ---- | C] () -- C:\windows\bi_group.ini
[2004/04/30 16:23:33 | 000,257,536 | ---- | C] () -- C:\windows\System32\biimg.dll
[2004/04/30 16:23:33 | 000,073,728 | ---- | C] () -- C:\windows\System32\bieresnt.dll
[2004/04/14 16:12:24 | 000,000,000 | ---- | C] () -- C:\windows\Webspace.INI
[2004/03/25 13:57:53 | 000,001,992 | ---- | C] () -- C:\windows\wskat.ini
[2004/03/24 15:48:35 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2004/03/24 11:30:44 | 000,000,034 | ---- | C] () -- C:\windows\AuthMgr.INI
[2004/03/23 14:25:20 | 000,000,738 | ---- | C] () -- C:\windows\ODBC.INI
[2004/03/23 09:39:54 | 000,000,002 | ---- | C] () -- C:\windows\msoffice.ini
[2004/03/16 18:16:24 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2004/03/16 18:04:28 | 000,000,304 | ---- | C] () -- C:\windows\wininit.ini
[2004/03/16 18:01:14 | 000,000,780 | ---- | C] () -- C:\windows\orun32.ini
[2004/03/16 17:45:55 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2004/03/16 17:33:52 | 000,000,550 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2003/08/13 21:54:00 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\windows\System32\hptcpmon.ini
[2000/09/13 18:15:38 | 000,053,248 | ---- | C] () -- C:\windows\System32\pagesync.dll
[1996/11/17 01:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\ODBCSTF.DLL
[1996/11/17 01:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1996/11/17 01:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\e100bmsg.dll

========== LOP Check ==========

[2010/04/08 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2005/07/18 15:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BF8051E7-626F-4a11-AF7A-625A7B555862
[2009/12/11 15:29:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/22 15:59:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/02/02 15:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2005/07/18 15:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/07/27 16:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Bild.de Radio
[2010/03/22 12:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Canon
[2008/10/07 15:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/11 11:59:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Earthlink
[2009/03/05 12:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\EarthLink Toolbar
[2006/03/03 09:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\ieSpell
[2007/07/02 11:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Image Zone Express
[2005/07/18 15:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Leadertech
[2005/07/18 15:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Learn2.com
[2006/04/12 15:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\PCTV4Me
[2010/07/16 11:40:07 | 000,000,330 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2002/09/03 07:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/25 10:48:25 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 07:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/16 11:57:17 | 000,011,702 | ---- | M] () -- C:\ComboFix.txt
[2002/09/03 07:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/03/16 17:37:10 | 000,005,848 | RH-- | M] () -- C:\DELL.SDR
[2004/04/06 16:26:22 | 000,005,205 | -H-- | M] () -- C:\ffastun.ffa
[2004/04/06 16:26:22 | 000,417,792 | -H-- | M] () -- C:\ffastun.ffl
[2004/04/06 16:26:22 | 000,204,800 | -H-- | M] () -- C:\ffastun.ffo
[2004/04/06 16:26:22 | 001,441,792 | -H-- | M] () -- C:\ffastun0.ffx
[2010/07/16 11:36:54 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2002/09/03 07:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/03/16 18:06:41 | 000,000,843 | -H-- | M] () -- C:\IPH.PH
[2002/09/03 07:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/07/27 09:11:17 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/29 10:25:27 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2004/04/29 09:02:43 | 000,000,481 | -H-- | M] () -- C:\os657885.bin
[2010/07/16 11:36:53 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2006/08/14 08:42:13 | 000,002,824 | ---- | M] () -- C:\pc-decrapifier.log
[2004/03/16 18:08:19 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/12/01 12:24:36 | 000,015,016 | ---- | M] (Black Ice Software) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\biepront.dll
[2008/10/08 14:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD9D.DLL
[2008/10/08 14:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP9D.DLL
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp054.dll
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp5mu.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[16 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 07:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 07:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 07:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll
[16 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[16 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\SYSTEM32\ws2help.dll
[16 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

 

here is the log

All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\SVENAL~1\LOCALS~1\Temp\catchme.sys not found.
Service WINIO stopped successfully!
Service WINIO deleted successfully!
File C:\windows\TEMP\WinIo.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
C:\windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Starting removal of ActiveX control {D34151C8-0C6C-4A7D-B677-4FCC9552E957}
C:\WINDOWS\Downloaded Program Files\SunInfoConnect.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D34151C8-0C6C-4A7D-B677-4FCC9552E957}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D34151C8-0C6C-4A7D-B677-4FCC9552E957}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D34151C8-0C6C-4A7D-B677-4FCC9552E957}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D34151C8-0C6C-4A7D-B677-4FCC9552E957}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\windows\Downloaded Program Files\CONFLICT.1\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
C:\$AVG8.VAULT$ folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update\download\ads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update\download folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Lsdb\Prev folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Lsdb folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8 folder moved successfully.
C:\Documents and Settings\Sven Albrecht\Local Settings\Application Data\cqdhsggfv folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: NetworkService
->Temp folder emptied: 896 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Sven Albrecht
->Temp folder emptied: 9252166 bytes
->Temporary Internet Files folder emptied: 1383600 bytes
->Java cache emptied: 75064200 bytes
->FireFox cache emptied: 4328807 bytes
->Flash cache emptied: 1860722 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 309433 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 808 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Sven Albrecht
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07162010_143012

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

here it is

OTL logfile created on: 7/16/2010 2:47:30 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Sven Albrecht\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 196.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 100.57 Gb Free Space | 89.96% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 2.43 Gb Free Space | 23.31% Space Free | Partition Type: NTFS
Drive E: | 64.08 Gb Total Space | 58.88 Gb Free Space | 91.89% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 111.79 Gb Total Space | 100.57 Gb Free Space | 89.96% Space Free | Partition Type: NTFS

Computer Name: INTERTRADEINC
Current User Name: Sven Albrecht
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/16 12:31:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sven Albrecht\Desktop\OTL.exe
PRC - [2010/07/16 11:41:42 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/04/19 10:32:11 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/06 10:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/07/11 17:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2004/03/16 18:07:01 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/13 09:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2001/02/13 00:58:54 | 000,226,720 | ---- | M] (Microsoft Corporation) -- C:\Microsoft Office\Office10\MSOFFICE.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/16 12:31:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sven Albrecht\Desktop\OTL.exe
MOD - [2001/08/18 11:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\X-Setup\bin\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\windows\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [Disabled | Stopped] -- C:\windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/19 10:32:11 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - [2010/07/16 11:41:42 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/05 13:28:41 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/07/05 11:24:43 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OSCI_DRVNT.sys -- (OSCI_DRVNT)
DRV - [2006/02/27 13:40:22 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nxsIO32.sys -- (nxsIO32)
DRV - [2004/07/27 09:01:13 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/07/27 09:00:23 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/27 08:59:55 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/07/27 08:59:53 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/07/27 08:59:51 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/07/27 08:59:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/07/27 08:59:48 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/07/27 08:59:45 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/07/27 08:59:45 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/07/27 08:59:45 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/07/27 08:59:44 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/06 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 00:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 00:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 02:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\windows\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://start.earthlink.net/ "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


[2010/07/15 14:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Mozilla\Extensions
[2006/04/28 11:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Mozilla\Firefox\Profiles\cikbrq55.default\extensions

O1 HOSTS File: ([2010/07/16 14:31:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PnIEBrowserHelperObj Class) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Sven Albrecht\Start Menu\Programs\Startup\Shortcut to MSOFFICE.EXE.lnk = C:\Microsoft Office\Office10\MSOFFICE.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopIniCache = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1091044601515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137428743093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 66.51.205.100 156.154.71.16
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\ITI.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\ITI.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:* /L:1033 /heur:80 /pup /archives /IA:0 /KBD:2 /dir:C:\Program) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/16 14:31:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/16 14:30:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/16 14:27:29 | 000,153,376 | ---- | C] (Oracle) -- C:\windows\System32\javaws.exe
[2010/07/16 14:27:29 | 000,145,184 | ---- | C] (Oracle) -- C:\windows\System32\javaw.exe
[2010/07/16 14:27:29 | 000,145,184 | ---- | C] (Oracle) -- C:\windows\System32\java.exe
[2010/07/16 12:31:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sven Albrecht\Desktop\OTL.exe
[2010/07/16 08:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/12 10:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/23 08:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sven Albrecht\My Documents\RSVP PIcs
[2010/05/07 16:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/07 16:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sven Albrecht\Application Data\SUPERAntiSpyware.com
[2010/05/07 16:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/07 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/22 12:41:27 | 000,423,656 | ---- | C] (Oracle) -- C:\windows\System32\deployJava1.dll

========== Files - Modified Within 90 Days ==========

[2010/07/16 14:37:27 | 000,000,330 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/07/16 14:35:14 | 000,001,170 | ---- | M] () -- C:\windows\System32\WPA.DBL
[2010/07/16 14:34:21 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/16 14:34:16 | 000,002,048 | --S- | M] () -- C:\windows\BOOTSTAT.DAT
[2010/07/16 14:34:15 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/16 14:33:25 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\NTUSER.DAT
[2010/07/16 14:33:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sven Albrecht\NTUSER.INI
[2010/07/16 14:31:19 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\ETC\Hosts
[2010/07/16 12:31:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sven Albrecht\Desktop\OTL.exe
[2010/07/16 11:54:40 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/07/08 15:20:08 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\Lotto Payout.xls
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\windows\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\windows\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\windows\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\windows\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\windows\System32\javacpl.cpl
[2010/06/16 16:39:43 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\catalog Letter.doc
[2010/06/11 10:16:04 | 000,203,328 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/10 10:03:50 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2010/06/03 14:13:41 | 000,193,024 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\zip code tax.doc
[2010/06/03 13:57:07 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\Zip Codes.xls
[2010/06/01 16:24:02 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Sven Albrecht\My Documents\zip code.doc

========== Files Created - No Company Name ==========

[2010/06/03 14:13:41 | 000,193,024 | ---- | C] () -- C:\Documents and Settings\Sven Albrecht\My Documents\zip code tax.doc
[2010/06/01 16:24:01 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Sven Albrecht\My Documents\zip code.doc
[2010/06/01 16:16:13 | 000,158,208 | ---- | C] () -- C:\Documents and Settings\Sven Albrecht\My Documents\Zip Codes.xls
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\windows\bdoscandellang.ini
[2008/03/25 11:10:01 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2008/03/25 11:08:47 | 000,000,044 | ---- | C] () -- C:\windows\EPCX8400.ini
[2007/07/05 11:24:43 | 000,006,784 | ---- | C] () -- C:\windows\System32\drivers\OSCI_DRVNT.sys
[2006/02/27 13:40:22 | 000,002,208 | ---- | C] () -- C:\windows\System32\drivers\nxsIO32.sys
[2005/10/20 15:28:14 | 000,000,037 | ---- | C] () -- C:\windows\cdplayer.ini
[2005/05/20 14:37:11 | 000,049,152 | ---- | C] () -- C:\windows\System32\TVicHW32.dll
[2005/03/24 12:05:26 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2004/10/20 08:22:22 | 000,000,078 | ---- | C] () -- C:\windows\qwimp.ini
[2004/10/11 08:50:04 | 000,001,081 | ---- | C] () -- C:\windows\QUICKEN.INI
[2004/05/18 20:03:48 | 000,053,248 | ---- | C] () -- C:\windows\System32\zlib.dll
[2004/05/03 08:41:06 | 000,000,061 | ---- | C] () -- C:\windows\bi_group.ini
[2004/04/30 16:23:33 | 000,257,536 | ---- | C] () -- C:\windows\System32\biimg.dll
[2004/04/30 16:23:33 | 000,073,728 | ---- | C] () -- C:\windows\System32\bieresnt.dll
[2004/04/14 16:12:24 | 000,000,000 | ---- | C] () -- C:\windows\Webspace.INI
[2004/03/25 13:57:53 | 000,001,992 | ---- | C] () -- C:\windows\wskat.ini
[2004/03/24 15:48:35 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2004/03/24 11:30:44 | 000,000,034 | ---- | C] () -- C:\windows\AuthMgr.INI
[2004/03/23 14:25:20 | 000,000,738 | ---- | C] () -- C:\windows\ODBC.INI
[2004/03/23 09:39:54 | 000,000,002 | ---- | C] () -- C:\windows\msoffice.ini
[2004/03/16 18:16:24 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2004/03/16 18:04:28 | 000,000,304 | ---- | C] () -- C:\windows\wininit.ini
[2004/03/16 18:01:14 | 000,000,780 | ---- | C] () -- C:\windows\orun32.ini
[2004/03/16 17:45:55 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2004/03/16 17:33:52 | 000,000,550 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2003/08/13 21:54:00 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\windows\System32\hptcpmon.ini
[2000/09/13 18:15:38 | 000,053,248 | ---- | C] () -- C:\windows\System32\pagesync.dll
[1996/11/17 01:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\ODBCSTF.DLL
[1996/11/17 01:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1996/11/17 01:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\e100bmsg.dll

========== LOP Check ==========

[2010/04/08 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2005/07/18 15:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BF8051E7-626F-4a11-AF7A-625A7B555862
[2009/12/11 15:29:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/22 15:59:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/02/02 15:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2005/07/27 16:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Bild.de Radio
[2010/03/22 12:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Canon
[2008/10/07 15:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/11 11:59:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Earthlink
[2009/03/05 12:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\EarthLink Toolbar
[2006/03/03 09:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\ieSpell
[2007/07/02 11:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Image Zone Express
[2005/07/18 15:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Leadertech
[2005/07/18 15:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\Learn2.com
[2006/04/12 15:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sven Albrecht\Application Data\PCTV4Me
[2010/07/16 14:37:27 | 000,000,330 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job

========== Purity Check ==========


< End of report >

 

Hi Broni,

I just left the office and Kaspersky was running the scan. It tock forever to download the files because we have the slowest internet connection you can buy.
When I left, it had 11% scanned and that tock 45 minutes. So the scan will go on without me all night. On Saturday morning about 9:30 AM I will be in the office and look at the result and upload the log. I know already now that we have 2 infections. I will be there for about 45 minutes. If you should be on line at that time we can try and eradicate this virus, but if not then we will have to pick this up in about 2 weeks.
Regardless, I appreciate all the help you have given me.

Thank you very much.

Sven

 

Hi Broni

Here is the result from the scan:

KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, July 17, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 16, 2010 19:11:52
Records in database: 4225683
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Z:\

Scan statistics:
Objects scanned: 101234
Threats found: 2
Infected objects found: 2
Suspicious objects found: 2
Scan duration: 02:40:52


File name / Threat / Threats count
C:\Documents and Settings\Sven Albrecht\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.bak Infected: Trojan-Spy.HTML.Paylap.tk 1
C:\Documents and Settings\Sven Albrecht\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Sven Albrecht\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Paylap.tk 1
C:\Documents and Settings\Sven Albrecht\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.


Sven

 

Thanks Broni
I found the file that is listed and i will do the cleaup and restorepoint cleanup.

thanks for all your help.

Sven