Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malaware looks as if my Hard Drive is erased [Solved]


  • This topic is locked This topic is locked

#1
360nourishment

360nourishment

    Member

  • Member
  • PipPipPip
  • 127 posts
Hello,

Well, where do I begin? I went to shut down My HP laptop and a freaking malaware took over. I know that my c drive still exists because I can run anti-virus software on it and it pulls files from my hard drive as the software is running.

I am the laptop is running off of Windows XP.

Please Help!
  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

The first step is to get an OTL log by doing the following. Then we can begin disinfection. Please do the following:

  • Download OTL from here
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open in manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

  • 0

#3
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi there,

Thanks for the speedy reply. Below is txt from the OTL file.

OTL logfile created on: 4/22/2012 12:34:14 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\T\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 43.07 Mb Available Physical Memory | 4.21% Memory free
2.40 Gb Paging File | 1.20 Gb Available in Paging File | 50.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 47.76 Gb Free Space | 64.09% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 208.93 Gb Free Space | 89.73% Space Free | Partition Type: FAT32

Computer Name: T-HP | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/22 00:24:00 | 007,247,536 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\HitmanPro.exe
PRC - [2012/04/22 00:11:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T\Desktop\OTL.exe
PRC - [2012/03/07 17:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/08 11:42:41 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/10/11 12:35:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 12:34:21 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 12:33:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/11 12:33:56 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 12:33:16 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
PRC - [2011/10/11 12:33:14 | 000,577,488 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [1999/12/31 20:00:00 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/22 00:24:07 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/22 00:24:05 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/03/26 10:10:06 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/03/26 10:10:06 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/02/22 10:50:03 | 000,172,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f3ad09a901d7bf18707558d9400e4bde\IsdiInterop.ni.dll
MOD - [2012/02/22 10:50:03 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b21efbbf908e76f478fecf0dac91b797\IAStorCommon.ni.dll
MOD - [2012/02/22 10:50:02 | 000,492,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ba565724f08e76b19d13c54655eec652\IAStorUtil.ni.dll
MOD - [2012/02/22 10:50:01 | 000,225,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\414ec8d76f2127a2a2ad42e4c23eeeea\IAStorDataMgr.ni.dll
MOD - [2012/02/22 10:50:00 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\8be0779797618954d5a2c476e3051384\IAStorDataMgrSvc.ni.exe
MOD - [2012/02/16 02:33:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 02:32:55 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/16 02:32:44 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 02:32:30 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 02:22:28 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 02:22:12 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/16 02:21:54 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/16 02:19:26 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/02/16 02:19:04 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/10/13 01:40:28 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/11 12:35:50 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/11 12:33:08 | 000,133,584 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\scewxmlw.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/20 11:05:26 | 000,059,904 | ---- | M] () -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2009/02/27 06:51:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/02 11:21:36 | 000,090,952 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/08 11:42:41 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/11 12:35:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 12:34:21 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2011/10/11 12:33:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [1999/12/31 20:00:00 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E85D12E0-EECF-4A7A-9F43-5ECE59C66CBB}\MpKslf6d288f0.sys -- (MpKslf6d288f0)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3420C2A-3A1E-460B-9663-068EC0906E8B}\MpKsld6ee06f2.sys -- (MpKsld6ee06f2)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6365B841-4F97-49BD-B309-AA8EF780ED94}\MpKsl55f18589.sys -- (MpKsl55f18589)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E618CDE6-9487-4A7A-93B3-4B5DFD91F1F2}\MpKsl20e2eb0d.sys -- (MpKsl20e2eb0d)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/24 10:02:35 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/02/15 08:12:36 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/11 12:36:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/11 12:36:39 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/10/11 12:36:36 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/10/07 04:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Intel®
DRV - [2010/05/20 22:15:30 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/03/04 10:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [1999/12/31 20:00:00 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [1999/12/31 20:00:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [1999/12/31 20:00:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [1999/12/31 20:00:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-02-22 09:41:05&v=10.0.0.7&sap=hp
IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\..\SearchScopes\{22D5E096-940A-CE47-CCFF-72BC315B9667}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\..\SearchScopes\{779F4144-A2CD-4E84-BD05-91D16CBCD454}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-02-22 09:41:05&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...1:05&sap=ku&q="
FF - prefs.js..network.proxy.http: "108.62.125.132"
FF - prefs.js..network.proxy.http_port: 10300
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\T\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\T\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 11:30:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/22 00:35:21 | 000,000,000 | ---D | M]

[2012/02/10 16:03:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\T\Application Data\Mozilla\Extensions
[2012/03/20 08:45:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\T\Application Data\Mozilla\Firefox\Profiles\lldcr0nj.default\extensions
[2012/03/20 08:45:37 | 000,000,000 | -H-D | M] (adblockvideo) -- C:\Documents and Settings\T\Application Data\Mozilla\Firefox\Profiles\lldcr0nj.default\extensions\[email protected]
[2012/02/10 17:28:42 | 000,000,000 | -H-D | M] (United States English Spellchecker) -- C:\Documents and Settings\T\Application Data\Mozilla\Firefox\Profiles\lldcr0nj.default\extensions\[email protected]
[2012/02/10 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\T\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LLDCR0NJ.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012/03/17 11:30:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/12 12:56:58 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/19 12:34:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/12/20 13:35:52 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/19 12:34:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...sa&d=2012-02-22 09:41:05&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\T\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\T\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\T\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\T\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\T\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\T\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Google Search = C:\Documents and Settings\T\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Gmail = C:\Documents and Settings\T\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-861567501-2052111302-1801674531-1004..\Run: [EPSON WorkForce 610 Series Network] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-861567501-2052111302-1801674531-1004..\Run: [SlimDrivers] C:\Program Files\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
O4 - HKU\S-1-5-21-861567501-2052111302-1801674531-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-861567501-2052111302-1801674531-1004..\Run: [WorkForce 610(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-2052111302-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\T\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80AE0A0B-865B-4FB0-95AA-790538CBDEB3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/T/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/T/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\T\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\T\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/11 18:54:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/12/07 14:35:32 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 00:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/03/26 10:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/03/26 10:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/26 10:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/26 01:46:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\T\Recent
[2012/03/26 01:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T\Start Menu\Programs\System Check
[2012/03/24 10:04:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/03/24 10:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 00:27:20 | 000,496,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/22 00:27:20 | 000,084,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/22 00:22:39 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-2052111302-1801674531-1004.job
[2012/04/22 00:22:39 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2012/04/22 00:22:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/22 00:22:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/26 10:24:55 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/26 10:09:39 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/26 09:01:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-2052111302-1801674531-1004UA.job
[2012/03/26 01:47:12 | 000,000,702 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2012/03/26 01:36:40 | 000,000,264 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~xy9RWthblpQ3gS
[2012/03/26 01:36:40 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~xy9RWthblpQ3gSr
[2012/03/26 01:36:30 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\xy9RWthblpQ3gS
[2012/03/25 21:01:03 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-2052111302-1801674531-1004Core.job
[2012/03/25 12:14:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-2052111302-1801674531-1004.job
[2012/03/24 10:02:35 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 00:35:39 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/26 10:09:39 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/26 01:36:40 | 000,000,264 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~xy9RWthblpQ3gS
[2012/03/26 01:36:40 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~xy9RWthblpQ3gSr
[2012/03/26 01:36:30 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\xy9RWthblpQ3gS
[2012/03/15 09:58:09 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/02/15 08:25:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/05 01:02:28 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/09/13 02:31:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/09/09 07:53:32 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/09/09 07:53:32 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/09/09 07:53:32 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/09/09 07:53:32 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/09/09 07:53:32 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/09/09 07:53:32 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/09/09 07:53:32 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/09/09 07:53:32 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/09/09 07:53:32 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/09/09 07:53:32 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/09/09 07:53:32 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/09/09 07:53:32 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/09/09 07:53:32 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/09/09 07:53:32 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/09/09 07:53:32 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/09/09 07:53:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/09/09 07:51:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EPWF610.ini
[2011/08/21 02:31:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2011/08/21 00:31:55 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2011/08/21 00:31:54 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2011/08/20 21:46:47 | 000,079,960 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/27 23:44:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/07/27 23:20:20 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/07/27 23:20:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/07/27 23:10:25 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/07/26 19:30:55 | 000,007,168 | -H-- | C] () -- C:\Documents and Settings\T\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/23 20:12:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/14 14:58:37 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/12 21:19:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/12 17:12:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/11 18:56:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/11 18:52:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/11 14:45:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/11 14:42:08 | 000,359,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/09 07:52:32 | 003,815,424 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/06/24 07:48:28 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/24 07:47:42 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/06/24 07:47:16 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/06/24 07:47:14 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/06/24 07:47:12 | 000,158,208 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/06/24 07:47:10 | 001,524,224 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/06/24 07:47:10 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/06/24 07:47:10 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/06/24 07:47:06 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/06/24 07:47:04 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/03/03 07:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/03/03 07:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 07:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/03/03 07:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/03/03 07:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/03/03 07:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/03/03 07:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/03/03 07:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 07:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/03/03 07:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/03/03 07:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/03/03 07:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/03/03 07:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/02/22 15:39:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/22 15:37:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/18 15:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini

========== LOP Check ==========

[2011/07/23 16:47:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/12/22 09:53:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/07/23 12:24:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/11 16:46:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/03/02 12:55:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/07/23 16:45:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/21 03:06:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/12/25 13:01:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2011/08/21 00:31:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2012/03/26 10:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/03/21 12:17:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/19 19:57:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/18 03:17:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/01/17 01:28:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\NetworkService\Application Data\Foxit Software
[2011/07/23 12:26:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\AVG10
[2012/01/25 21:36:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\com.springbox.mobilizer
[2011/07/11 19:08:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\DeviceDoctorSoftware
[2011/08/21 03:04:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\Downloaded Installations
[2012/02/08 15:04:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\DVDVideoSoft
[2011/10/02 21:00:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\DVDVideoSoftIEHelpers
[2011/10/13 09:07:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\Epson
[2011/10/31 23:11:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\FileZilla
[2012/01/17 01:34:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\Foxit Software
[2011/12/25 13:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\Free PDF to Word Converter
[2011/07/18 23:54:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\IObit
[2011/09/09 08:11:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\Leadertech
[2012/02/21 01:51:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/07/25 13:44:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\Mass Profit Formula
[2011/09/05 17:27:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\Nitro PDF
[2011/09/07 18:55:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\OpenCandy
[2012/01/04 22:48:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\OpenOffice.org
[2012/01/05 01:06:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\PrimoPDF
[2011/12/25 14:23:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\searchquband
[2011/08/21 02:54:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\SolidDocuments
[2011/07/27 22:53:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\Systweak
[2011/07/13 16:40:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\TeamViewer
[2011/07/14 12:24:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/01/18 03:12:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\Uniblue
[2011/07/21 23:08:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\T\Application Data\WinZip
[2012/04/22 00:22:39 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >
[2011/07/11 18:54:44 | 000,000,294 | -HS- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\desktop.ini
[2011/07/12 17:11:46 | 000,001,992 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
[2011/07/12 17:11:46 | 000,002,002 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
[2011/07/11 18:54:44 | 000,001,607 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2011/07/11 18:54:44 | 000,000,398 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2011/07/11 18:54:44 | 000,001,507 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2012/03/21 12:16:50 | 000,001,732 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\WinZip.lnk

< %Temp%\smtmp\2\*.* >
[2011/07/11 19:04:20 | 000,000,119 | -HS- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\desktop.ini
[2012/03/21 23:58:30 | 000,002,230 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
[2011/07/12 12:04:40 | 000,000,815 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2012/01/05 11:11:39 | 000,000,802 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Malwarebytes Anti-Malware.lnk
[2012/02/10 16:03:26 | 000,000,742 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2011/07/11 19:04:20 | 000,000,079 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2012/03/26 01:36:38 | 000,000,833 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\System Check.lnk
[2011/07/19 18:28:36 | 000,000,804 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >
[2012/01/19 17:20:02 | 000,001,734 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Adobe Reader X.lnk
[2011/10/11 12:41:57 | 000,001,707 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Avira Control Center.lnk
[2012/03/01 01:58:09 | 000,000,682 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\CCleaner.lnk
[2011/10/11 16:46:33 | 000,000,665 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\EPSON Scan.lnk
[2011/10/31 21:24:33 | 000,001,573 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\FLV Player.lnk
[2011/12/25 13:01:23 | 000,000,810 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Free PDF to Word Converter.lnk
[2012/03/02 11:21:36 | 000,001,610 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\HitmanPro.lnk
[2012/02/11 23:20:59 | 000,001,542 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\iTunes.lnk
[2012/02/06 15:55:38 | 000,000,784 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Malwarebytes Anti-Malware.lnk
[2012/03/02 12:52:16 | 000,000,640 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Mobilizer.lnk
[2012/02/10 16:03:26 | 000,000,724 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
[2011/11/02 14:12:55 | 000,001,604 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
[2012/03/24 10:04:41 | 000,001,878 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Skype.lnk
[2012/02/22 10:40:30 | 000,001,854 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\SlimDrivers.lnk
[2011/08/23 20:14:30 | 000,000,954 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Systems Survey Maestro.lnk
[2011/12/25 14:23:28 | 000,000,710 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\SysTools PDF Unlocker.lnk
[2011/08/08 01:58:21 | 000,000,640 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\TweetDeck.lnk
[2012/03/21 12:16:50 | 000,001,732 | -H-- | M] () -- C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\WinZip.lnk

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: T-HP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 75 GB Healthy System
Volume 2 E TOSHIBA EXT FAT32 Partition 233 GB Healthy

< End of report >



__________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Below is the text from the Extras file:

OTL Extras logfile created on: 4/22/2012 12:34:14 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\T\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 43.07 Mb Available Physical Memory | 4.21% Memory free
2.40 Gb Paging File | 1.20 Gb Available in Paging File | 50.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 47.76 Gb Free Space | 64.09% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 208.93 Gb Free Space | 89.73% Space Free | Partition Type: FAT32

Computer Name: T-HP | User Name: T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-861567501-2052111302-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" = C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe:*:Enabled:Hitman Pro 3.5
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"C:\Program Files\PhotoJoy\Bin\PjApp.exe" = C:\Program Files\PhotoJoy\Bin\PjApp.exe:*:Enabled:PhotoJoy
"C:\Program Files\PhotoJoy\Bin\PjImp.exe" = C:\Program Files\PhotoJoy\Bin\PjImp.exe:*:Enabled:PhotoJoy
"C:\Program Files\PhotoJoy\Bin\PhotoJoy.exe" = C:\Program Files\PhotoJoy\Bin\PhotoJoy.exe:*:Enabled:PhotoJoy
"C:\Documents and Settings\T\Local Settings\Application Data\MediaGet2\mediaget.exe" = C:\Documents and Settings\T\Local Settings\Application Data\MediaGet2\mediaget.exe:*:Disabled:MediaGet torrent client
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01597873-6B79-B0C2-4585-25DD4D52DA7E}" = CCC Help English
"{0428F876-0FAF-D8AD-DEB3-1569AF154738}" = Catalyst Control Center Localization Italian
"{055A2D62-65BC-E469-3258-E580E43B8E71}" = Catalyst Control Center Localization Polish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0691317B-A10A-96FF-8242-7E165ACF48C0}" = Catalyst Control Center Localization Swedish
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11BAF19D-08AC-4921-8B89-678BBBB9E036}" = Broadcom NetXtreme Ethernet Controller
"{18E893B6-28F0-495B-8448-AC40F4496728}" = Broadcom Management Programs
"{1A433E62-EFC7-B640-A518-6B2D57706F54}" = Catalyst Control Center Localization Dutch
"{1B3C844A-46BA-0AA4-6E1D-6C0E8E878D7A}" = Skins
"{1B8C7328-9FD2-6317-1BF0-6BFF142A2471}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E1167C-F8AB-FC5D-A34D-D72BDF27CB49}" = CCC Help Finnish
"{22DBA7C5-D97A-9A6C-BF27-50B2B4019547}" = Catalyst Control Center Localization Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{28EDA0C7-4075-D9E0-5F47-16AB23851178}" = Catalyst Control Center Localization Chinese Traditional
"{2BAE85F1-BE4D-3CA7-4E39-75E7F44BA41A}" = Catalyst Control Center Graphics Full New
"{2BD8A364-A690-C4EB-E6A8-677B2BFFA248}" = Catalyst Control Center Graphics Light
"{324F3551-D183-E6E7-4F4C-C085A257BD29}" = ccc-utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3627D595-F62A-5BE9-8D9A-6D97FEEB7516}" = CCC Help Chinese Traditional
"{3B28C95D-F8CD-151D-FDDC-5816A05E31A0}" = CCC Help Japanese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{43826648-62A5-4EEF-401C-A33B8DF88ABB}" = CCC Help Danish
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B722F6C-B6BC-A5E6-7A98-BD6F2FDAA88B}" = CCC Help Portuguese
"{5A3A7C67-0F52-18D1-F4B2-9314F6D9EAF2}" = Catalyst Control Center Localization Greek
"{5AC54C83-060F-9610-CC29-9310CBDF80CB}" = Mobilizer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{677E3E99-F488-1B5E-CD1C-F528CC638A43}" = CCC Help Czech
"{6D2F3A01-0C4F-6DDC-2D15-D56A72EBA77F}" = Catalyst Control Center Localization Japanese
"{6D5BBC62-D9ED-ECBF-5383-860084B1962F}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E86E8BE-7905-3147-8C1C-31D49DE56460}" = Catalyst Control Center Localization Danish
"{814AC902-CF8E-16DC-F936-33F08B56D10A}" = CCC Help Turkish
"{88718E34-B5BB-3570-D996-38741B9F69E7}" = Catalyst Control Center Localization Korean
"{887194DC-A1C5-E721-4529-C1EEBB2D28A7}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB201CD-A2E0-C372-8DE0-92CB349DE15D}" = Catalyst Control Center Core Implementation
"{8BD98327-EE8A-331A-D830-C574447886B6}" = Catalyst Control Center Localization Thai
"{8C47D978-84B4-FEDA-2B94-4E70D6C1E5D2}" = Catalyst Control Center Localization Spanish
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AEAD9A-0B56-DCBA-5EDD-69B9A1BBCD48}" = CCC Help Polish
"{97494104-FD91-CD94-8E0D-BCAC01BB389A}" = CCC Help Hungarian
"{976780BD-CC73-7B07-6374-EE137CCD1480}" = CCC Help Greek
"{9A3E1491-CA64-985C-A372-F05E699AD033}" = Catalyst Control Center Localization German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C902526-8635-7138-049A-85A7696254F2}" = CCC Help French
"{9CF86AB2-337A-75E2-9CCE-D065FC517B30}" = Catalyst Control Center Localization Portuguese
"{9DC8E0BD-BD8D-1F1B-38E6-C3007A650759}" = Catalyst Control Center Localization Finnish
"{A23743C6-167F-FEC5-0581-3FC09448DC58}" = CCC Help German
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A45D1785-E941-C07A-91FC-6F3AB832E048}" = Catalyst Control Center Graphics Full Existing
"{A6F73400-57BD-BF23-43DD-6301147CACC4}" = CCC Help Korean
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B67A317A-47B1-E927-DC2B-2F34EA241F5D}" = CCC Help Spanish
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0DF239F-1BBA-AF0D-ACFE-78FD7D0841B2}" = Catalyst Control Center Localization Hungarian
"{C349C10C-1474-4000-9073-9299856C8A70}" = Catalyst Control Center - Branding
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CDF7572E-92CF-1110-BCC6-CABC04194FCC}" = CCC Help Dutch
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6BD55D7-6A7B-8995-9AF4-905914A66D8F}" = Catalyst Control Center Localization Norwegian
"{E0DA7C51-2979-573E-B708-AFC8FC712CF5}" = ccc-core-static
"{E3FB161F-1775-5BA6-31AA-85D32BFB2BBF}" = CCC Help Thai
"{E8B291C5-E192-D78F-4658-B92B292F1D7C}" = CCC Help Russian
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel® PROSet/Wireless WiFi Software
"{F54FF6EB-967D-9439-F846-E126FB7D5A4A}" = Catalyst Control Center Localization Russian
"{F8116030-96CA-401C-BA85-50265E7C0A96}" = SlimDrivers
"{FA60A525-FA4E-B9FC-8B39-8EE4B101D617}" = ccc-core-preinstall
"{FA819412-0F33-F226-0754-82367EA97DEF}" = Catalyst Control Center Localization Chinese Standard
"{FBD68E88-2999-43B7-B249-E1B08FA2B065}_is1" = SysTools PDF Unlocker - v3.1
"{FDFC6537-9D06-90AF-F01A-990CB5E69511}" = Catalyst Control Center Localization Czech
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE9F3D1B-8109-EB11-DF0A-8962058DF94A}" = CCC Help Chinese Standard
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"{FFFF0244-1781-A451-DF65-CCE00DE7620E}" = Catalyst Control Center Localization French
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"com.springbox.mobilizer" = Mobilizer
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"FLV Player2.0.25" = FLV Player
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube Uploader_is1" = Free YouTube Uploader version 3.3.25.1228
"HitmanPro36" = HitmanPro 3.6
"ie8" = Windows Internet Explorer 8
"InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Media Player - Codec Pack" = Media Player Codec Pack 4.0.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"ProInst" = Intel PROSet Wireless
"Systems Survey Maestro_is1" = Systems Survey Maestro by Greene Software version 6.50
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-2052111302-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2012 1:57:41 AM | Computer Name = T-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/23/2012 1:57:41 AM | Computer Name = T-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9985

Error - 3/23/2012 1:57:41 AM | Computer Name = T-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9985

Error - 3/23/2012 1:57:43 AM | Computer Name = T-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/23/2012 1:57:43 AM | Computer Name = T-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12000

Error - 3/23/2012 1:57:43 AM | Computer Name = T-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12000

Error - 3/26/2012 10:07:16 AM | Computer Name = T-HP | Source = Application Error | ID = 1000
Description = Faulting application sas_94608.exe, version 5.0.0.1146, faulting module
sas_94608.exe, version 5.0.0.1146, fault address 0x000770e8.

Error - 3/26/2012 10:09:54 AM | Computer Name = T-HP | Source = Application Error | ID = 1000
Description = Faulting application sas_94608.exe, version 5.0.0.1146, faulting module
sas_94608.exe, version 5.0.0.1146, fault address 0x0007712c.

Error - 4/22/2012 12:25:28 AM | Computer Name = T-HP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/22/2012 12:26:15 AM | Computer Name = T-HP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 3/26/2012 9:51:51 AM | Computer Name = T-HP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 3/26/2012 9:51:51 AM | Computer Name = T-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv
Tcpip
WS2IFSL

Error - 3/26/2012 11:24:21 AM | Computer Name = T-HP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/26/2012 11:27:14 AM | Computer Name = T-HP | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/26/2012 11:27:14 AM | Computer Name = T-HP | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/26/2012 11:27:14 AM | Computer Name = T-HP | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/22/2012 12:22:57 AM | Computer Name = T-HP | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/22/2012 12:22:43 AM | Computer Name = T-HP | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/22/2012 12:22:43 AM | Computer Name = T-HP | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/22/2012 12:32:22 AM | Computer Name = T-HP | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >
  • 0

#4
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello 360nourishment. I just finished analyzing your OTL log. The next step is to clean a couple OTL entries, upload a couple files to see if they are malicious or not, run Roguekiller to see if you are infected with a Rogue and also to restore your start menu/desktop/quick launch icons, and run aswMBR to scan for infections prevalent these days. Please do the following:

Step 1

  • Download RogueKiller to the desktop
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the contents of the notepad window into your next post
  • Click on ShortcutsFix. Click on Report and copy/paste the contents of the notepad window into your next post

Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/03/26 01:36:40 | 000,000,264 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~xy9RWthblpQ3gS
    [2012/03/26 01:36:40 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~xy9RWthblpQ3gSr
    [2012/03/26 01:36:30 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\xy9RWthblpQ3gS
    
    :Files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply as well.

Step 3

There are several suspicious files on your machine that might or might not be malware. We will scan them to verify. Let me know if you have any trouble following these instructions. Please do the following:

  • Go to this site
  • Click the browse button on the top of the page
  • Navigate to this file C:\WINDOWS\System32\.crusader and click the open button
  • Click the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button
  • Once the Scan is completed, click on the Copy to Clipboard button at the bottom of the page. This will copy the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Repeat the above instructions but this time for C:\WINDOWS\System32\Primomonnt.dll

Step 4

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
RogueKiller logs (in the same directory as the program with the name RKreport[#].txt)
OTL fix log
OTL.txt
virscan upload results
aswMBR log

  • 0

#5
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi Craig,

Thanks for the reply. I went ahead and ran everything as you instructed, please see the below logs:

Rogue Killer Logs:

Rogue Killer Report #1


RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: T [Admin rights]
Mode: Scan -- Date: 04/23/2012 16:09:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0x9C4604B4)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0x9C46046E)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0x9C4604BE)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C39FA -> HOOKED (Unknown @ 0x9C460496)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0x9C460464)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0x9C460473)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0x9C46047D)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0x9C4604AF)
SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (Unknown @ 0x9C46049B)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0x9C460482)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0x9C460450)
SSDT[125] : NtOpenSection @ 0x805AA3EC -> HOOKED (Unknown @ 0x9C460491)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0x9C460455)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (Unknown @ 0x9C4604D7)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0x9C46048C)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (Unknown @ 0x9C4604C8)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0x9C460487)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0x9C4604C3)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (Unknown @ 0x9C4604CD)
SSDT[240] : NtSetSystemInformation @ 0x8060FD06 -> HOOKED (Unknown @ 0x9C4604A0)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0x9C460478)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (Unknown @ 0x9C4604D2)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (Unknown @ 0x9C46045A)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x9C4604E6)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x9C4604EB)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800BEVS-75RST0 +++++
--- User ---
[MBR] d9517fcefe50b90b53fd2c1267e9eb32
[BSP] 9fa1447b9f92d3e3bf56d703272fe6d1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
_________________________________________________________________________



Rogue Killer Report #2

RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: T [Admin rights]
Mode: Shortcuts HJfix -- Date: 04/23/2012 16:17:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 3134 / Fail 0
Quick launch: Success 8 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 188 / Fail 0
User folder: Success 9890 / Fail 0
My documents: Success 132 / Fail 0
My favorites: Success 12 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1475 / Fail 0
Backup: [FOUND] Success 184 / Fail 1

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

______________________________________________________________________________________________

OTL fix log:

Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...
_______________________________________________________________________________

OTL text log:

========== OTL ==========
File C:\Documents and Settings\All Users\Application Data\~xy9RWthblpQ3gS not found.
File C:\Documents and Settings\All Users\Application Data\~xy9RWthblpQ3gSr not found.
File C:\Documents and Settings\All Users\Application Data\xy9RWthblpQ3gS not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\WinZip.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader X.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Mobilizer.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Systems Survey Maestro.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\TweetDeck.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Security Center.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Avira\Avira Desktop\Avira Antivirus Premium 2012 Help.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Avira\Avira Desktop\Avira on the Internet.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Avira\Avira Desktop\Display readme.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Avira\Avira Desktop\Start Avira Antivirus Premium 2012.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Broadcom\Broadcom Advanced Control Suite 3.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Advanced.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Wizard.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\CCC.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Help.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Restart Runtime.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\CCleaner\CCleaner Homepage.url
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\CCleaner\CCleaner.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\CCleaner\Uninstall CCleaner.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Fix components.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Free Studio Manager.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Rocket Subscription.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Uninstall.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Programs\Free YouTube Download.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\DVDVideoSoft\Programs\Free YouTube Uploader.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\Shared printers monitor setting window.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\Uninstall WorkForce 610 Network Setup.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\WorkForce 610 Network Setup.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Scan\EPSON Scan Settings.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Scan\EPSON Scan.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON WorkForce 610 Series\Buy Ink.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON WorkForce 610 Series\Driver Update.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON WorkForce 610 Series\EPSON Printer Software Uninstall.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON WorkForce 610 Series\Online Support.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\WorkForce 610 Info Center\WorkForce 610 Info Center Uninstaller.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\EPSON\WorkForce 610 Info Center\WorkForce 610 Info Center.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Epson Software\Event Manager.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\FLV Player\FLV Player website.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\FLV Player\FLV Player.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\FLV Player\Uninstall FLV Player.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\FreeMind\FreeMind.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\FreeMind\Uninstall FreeMind.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\HitmanPro\HitmanPro.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\HitmanPro\Remove HitmanPro 3.6.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Intel\Intelr Rapid Storage Technology.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Intel PROSet Wireless\WiFi Connection Utility.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\AC3Filter Configuration.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\DivX Configuration.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\DivX H264 Configuration.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\DivX Registration.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\ffdshow Audio.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\ffdshow DXVA Configuration.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\ffdshow Raw Video.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\ffdshow VFW.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\ffdshow Video Configuration.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\GSpot Codec Information.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\Haali Splitter Config.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\Package Homepage.url
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\Uninstall.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\VSFilter Config.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\XviD AviC FOURCC Changer.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\XviD Config - Encoder.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\XviD MiniCalc.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\XviD OGMCalc.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\XviD Stats Reader.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\Helpful Resources\Clone Copy Protected CD's.url
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\Helpful Resources\Clone Copy Protected DVD's.url
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\Helpful Resources\How to play unusual files.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Media Player - Codec Pack\Helpful Resources\Play any Copy Protected Disc.url
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2003.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2003.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\SlimDrivers\SlimDrivers Help.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\SlimDrivers\SlimDrivers on the Web.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\SlimDrivers\SlimDrivers.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\Startup\WinZip Quick Pick.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\SysTools PDF Unlocker\SysTools PDF Unlocker.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\SysTools PDF Unlocker\Uninstall SysTools PDF Unlocker.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\1\Programs\WinZip\WinZip 16.0.lnk
159 File(s) copied
C:\Documents and Settings\T\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\T\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Malwarebytes Anti-Malware.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\System Check.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
8 File(s) copied
C:\Documents and Settings\T\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\T\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\T\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\T\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Adobe Reader X.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Avira Control Center.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\CCleaner.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\EPSON Scan.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\FLV Player.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Free PDF to Word Converter.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\HitmanPro.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\iTunes.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Malwarebytes Anti-Malware.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Mobilizer.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Skype.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\SlimDrivers.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\Systems Survey Maestro.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\SysTools PDF Unlocker.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\TweetDeck.lnk
C:\DOCUME~1\T\LOCALS~1\Temp\smtmp\4\WinZip.lnk
18 File(s) copied
C:\Documents and Settings\T\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\T\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.40.0 log created on 04232012_164408
_________________________________________________________________________________________________

Virus Scan logs:

VirSCAN.org Scanned Report :
Scanned time : 2012/04/23 17:01:21 (EDT)
Scanner results: Scanners did not find malware!
File Name : .crusader
File Size : 702 byte
File Type : Little-endian UTF-16 Unicode text, with very long lines, wit
MD5 : ab52c47549d19658b57faa29660e4174
SHA1 : 97a20a6e1e390b4ee4f8bb978ec21382d59809f3
Online report : http://r.virscan.org...5d8ba136048d072

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120423172436 2012-04-23 6.00 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 1.88 -
AntiVir 8.2.10.24 7.11.25.222 2012-03-22 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.28 -
Arcavir 2011 201204161059 2012-04-16 4.03 -
Authentium 5.1.1 201204231633 2012-04-23 1.42 -
AVAST! 4.7.4 120423-0 2012-04-23 0.16 -
AVG 12.0.1782 2409/4954 2012-04-23 0.23 -
BitDefender 7.90123.7083453 7.41995 2012-04-21 3.72 -
ClamAV 0.97.3 14833 2012-04-24 0.16 -
Comodo 5.1 12133 2012-04-23 2.31 -
CP Secure 1.3.0.5 2012.04.24 2012-04-24 0.16 -
Dr.Web 7.0.1.2210 2012.04.23 2012-04-23 11.64 -
F-Prot 4.6.2.117 20120423 2012-04-23 0.82 -
F-Secure 7.02.73807 2012.02.07.03 2012-02-07 2.16 -
Fortinet 4.3.392 15.454 2012-04-22 0.15 -
GData 22.4731 20120424 2012-04-24 5.44 -
ViRobot 20120423 2012.04.23 2012-04-23 0.41 -
Ikarus T3.1.32.20.0 2012.04.23.81015 2012-04-23 5.25 -
JiangMin 13.0.900 2012.04.23 2012-04-23 2.23 -
Kaspersky 5.5.10 2012.04.23 2012-04-23 0.21 -
KingSoft 2009.2.5.15 2012.4.23.9 2012-04-23 0.92 -
McAfee 5400.1158 6690 2012-04-23 9.22 -
Microsoft 1.8304 2012.04.23 2012-04-23 3.33 -
NOD32 3.0.21 7063 2012-04-17 0.16 -
Panda 9.05.01 2012.04.23 2012-04-23 2.47 -
Trend Micro 9.500-1005 8.932.05 2012-04-23 0.18 -
Quick Heal 11.00 2012.04.23 2012-04-23 0.95 -
Rising 20.0 24.07.00.01 2012-04-23 0.48 -
Sophos 3.30.0 4.76 2012-04-23 4.90 -
Sunbelt 3.9.2533.2 11830 2012-04-23 1.00 -
Symantec 1.3.0.24 20120423.002 2012-04-23 0.58 -
nProtect 20120423.01 11165582 2012-04-23 1.67 -
The Hacker 6.7.0.1 v00449 2012-04-22 0.64 -
VBA32 3.12.16.4 20120422.0946 2012-04-22 3.39 -
VirusBuster 5.5.0.2 14.2.42.0/8466274 2012-04-23 0.17 -


VirSCAN.org Scanned Report :
Scanned time : 2012/04/23 17:09:10 (EDT)
Scanner results: Scanners did not find malware!
File Name : Primomonnt.dll
File Size : 180624 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 2c6786656869093c521337d6ac813bc6
SHA1 : f6d7738ce60a326745e3fd890dcbdacad4e8ff53
Online report : http://r.virscan.org...20c99125a11d57f

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120423172436 2012-04-23 0.36 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.10 -
AntiVir 8.2.10.24 7.11.25.222 2012-03-22 0.17 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.27 -
Arcavir 2011 201204161059 2012-04-16 4.31 -
Authentium 5.1.1 201204231633 2012-04-23 1.51 -
AVAST! 4.7.4 120423-0 2012-04-23 0.20 -
AVG 12.0.1782 2409/4954 2012-04-23 0.26 -
BitDefender 7.90123.7089533 7.42026 2012-04-24 3.83 -
ClamAV 0.97.3 14833 2012-04-24 0.21 -
Comodo 5.1 12133 2012-04-23 2.44 -
CP Secure 1.3.0.5 2012.04.24 2012-04-24 0.23 -
Dr.Web 7.0.1.2210 2012.04.23 2012-04-23 12.17 -
F-Prot 4.6.2.117 20120423 2012-04-23 0.90 -
F-Secure 7.02.73807 2012.02.07.03 2012-02-07 0.31 -
Fortinet 4.3.392 15.454 2012-04-22 0.23 -
GData 22.4731 20120424 2012-04-24 5.41 -
ViRobot 20120423 2012.04.23 2012-04-23 0.40 -
Ikarus T3.1.32.20.0 2012.04.23.81015 2012-04-23 5.44 -
JiangMin 13.0.900 2012.04.23 2012-04-23 2.10 -
Kaspersky 5.5.10 2012.04.23 2012-04-23 0.37 -
KingSoft 2009.2.5.15 2012.4.23.9 2012-04-23 0.98 -
McAfee 5400.1158 6690 2012-04-23 9.24 -
Microsoft 1.8304 2012.04.23 2012-04-23 3.50 -
NOD32 3.0.21 7063 2012-04-17 0.17 -
Panda 9.05.01 2012.04.23 2012-04-23 2.54 -
Trend Micro 9.500-1005 8.932.05 2012-04-23 0.20 -
Quick Heal 11.00 2012.04.23 2012-04-23 1.05 -
Rising 20.0 24.07.00.01 2012-04-23 2.66 -
Sophos 3.30.0 4.76 2012-04-23 5.27 -
Sunbelt 3.9.2533.2 11830 2012-04-23 0.79 -
Symantec 1.3.0.24 20120423.002 2012-04-23 0.40 -
nProtect 20120423.01 11165582 2012-04-23 1.46 -
The Hacker 6.7.0.1 v00449 2012-04-22 0.59 -
VBA32 3.12.16.4 20120422.0946 2012-04-22 3.69 -
VirusBuster 5.5.0.2 14.2.42.0/8466274 2012-04-23 0.19 -


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 17:15:15
-----------------------------
17:15:15.703 OS Version: Windows 5.1.2600 Service Pack 3
17:15:15.703 Number of processors: 2 586 0xE08
17:15:15.703 ComputerName: T-HP UserName: T
17:15:18.546 Initialize success
17:19:08.875 AVAST engine defs: 12042301
17:19:55.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:19:55.468 Disk 0 Vendor: WDC_WD80 04.0 Size: 76319MB BusType: 3
17:19:55.515 Disk 0 MBR read successfully
17:19:55.515 Disk 0 MBR scan
17:19:55.593 Disk 0 Windows XP default MBR code
17:19:55.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
17:19:55.640 Disk 0 scanning sectors +156280320
17:19:55.750 Disk 0 scanning C:\WINDOWS\system32\drivers
17:20:10.968 Service scanning
17:20:31.390 Modules scanning
17:20:36.390 Disk 0 trace - called modules:
17:20:36.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
17:20:36.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ae7030]
17:20:36.484 3 CLASSPNP.SYS[f7588fd7] -> nt!IofCallDriver -> \Device\0000008e[0x86b25998]
17:20:36.500 5 ACPI.sys[f73ff620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86b4a028]
17:20:37.250 AVAST engine scan C:\WINDOWS
17:20:42.218 AVAST engine scan C:\WINDOWS\system32
17:26:41.015 AVAST engine scan C:\WINDOWS\system32\drivers
17:26:56.500 AVAST engine scan C:\Documents and Settings\T
17:36:56.953 AVAST engine scan C:\Documents and Settings\All Users
17:37:47.812 Scan finished successfully
17:42:41.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\T\Desktop\MBR.dat"
17:42:41.281 The log file has been saved successfully to "C:\Documents and Settings\T\Desktop\aswMBR.txt"
  • 0

#6
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
We will now run a scan with Malwarebytes' Anti-Malware. Afterwards try your computer out for a couple hours and see if any symptoms persist.

  • Start MBAM
  • Go to the Update tab
  • Click Check for Updates
  • Go to the Scanner tab
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#7
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi Craig,

My computer seems to be running fine. Below is the MBAM log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
T :: T-HP [administrator]

4/24/2012 6:15:18 PM
mbam-log-2012-04-24 (18-15-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188172
Time elapsed: 10 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
It looks as if your computer is clean and we are done here. I am curious - did you run any utilities on your own before we started our disinfection procedure?

Now that we're done scanning for and disinfecting malware it's time to clean up. Please use your computer a couple hours at least and make sure there are no remaining symptoms. If there are no symptoms proceed with the following instructions. One final step to take in disinfecting your computer is to purge all system restore points. This ensures that you will not get reinfected by files hiding in the system restore points. To do this follow these instructions:

  • Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [ClearAllRestorePoints]
  • Then click the Run Fix button at the top
  • OTL may ask to reboot the machine. Please do so if asked.
  • Post the log it produces in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. Make sure to grab the contents of this file before following the cleanup procedure described next.
You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus or the paid programs Bit Defender Anti-Virus and Kaspersky Anti-Virus. Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall as free solutions or Outpost Firewall Pro as a paid solution.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly and do Windows Updates as well. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated. Instructions for automating Windows Updates follow:

1. Right click My Computer and select properties
2. Select the automatic updates tab
3. Select the automatic option and configure appropriately

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#9
360nourishment

360nourishment

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi Craig,

Here is the OTL log:

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.40.0 log created on 04252012_145803


Yes, after you sent me your reply on Monday, I followed your instructions and immediately ran MBAM & Avira on my computer. Ironically I had both Avira and the paid (trial) version of MBAM already installed on my computer at the time I was infected. However, I hadn't ran an Avira scan in over a week.

Thank you for all of your help, and I will be sure to run both Avira and MBAM every single day!

Take care.

Edited by 360nourishment, 25 April 2012 - 01:03 PM.

  • 0

#10
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

Thank you for all of your help, and I will be sure to run both Avira and MBAM every single day!

I donno if every day is really necessary... maybe more like once a week :thumbsup:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP