SMART HDD

I acquired the SMART HDD virus yesterday. I found several posts on how to fake the virus into submission, and did so. I ran everything that all posts told me too. Malwarebytes, Kapersky TDSSKiller, HitmanPro, tried ComboFix which didn’t work after the scan. I found this site and ran the OTL as instructed. I am posting the logs. SMART HDD is still in the program menu, and has slowed down the starting of the computer big time. Here’s both OTL logs. I have to post in several posts since there’s a 10000 character limit. I also will post RogueKiller and aswMBR logs.

OTL logfile created on: 4/7/2012 11:31:32 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.84% Memory free
3.84 Gb Paging File | 3.29 Gb Available in Paging File | 85.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 89.75 Gb Free Space | 61.28% Space Free | Partition Type: NTFS

Computer Name: ALLAN-LAPPY | User Name: Allan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 11:30:25 | 000,593,920 | ---- | M] (OldTimer Tools) – C:\Program Files\OTL.exe
PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/13 07:20:00 | 000,041,296 | ---- | M] (AOL Inc.) – C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 07:19:58 | 000,045,392 | ---- | M] (AOL Inc.) – C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/11/22 18:19:45 | 002,201,936 | ---- | M] (AOL Inc.) – C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
PRC - [2010/10/18 15:08:40 | 000,039,240 | ---- | M] (AOL Inc.) – C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) – C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) – C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) – C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2007/05/14 14:23:32 | 001,191,936 | ---- | M] (Dell Inc) – C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/06 18:10:52 | 000,405,504 | ---- | M] (SigmaTel, Inc.) – C:\WINDOWS\stsystra.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) – C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R— | M] (AOL LLC) – C:\Program Files\Common Files\aol\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/15 17:12:02 | 000,212,992 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 17:10:16 | 000,971,264 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/15 11:39:53 | 005,450,752 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 11:36:04 | 007,953,408 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/14 19:23:42 | 000,303,104 | ---- | M] () – C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/01/31 08:57:08 | 000,398,288 | ---- | M] () – C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/13 17:31:19 | 011,490,816 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () – C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () – C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 07:20:01 | 000,048,640 | ---- | M] () – C:\Program Files\AOL Desktop 9.6\zlib.dll
MOD - [2011/01/13 07:19:49 | 000,094,208 | ---- | M] () – C:\Program Files\AOL Desktop 9.6\components\Tier2Svc.dll
MOD - [2011/01/13 07:19:49 | 000,060,928 | ---- | M] () – C:\Program Files\AOL Desktop 9.6\components\DataSvcs.dll
MOD - [2009/01/09 17:10:52 | 000,139,264 | ---- | M] () – C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/05/14 14:24:00 | 000,098,304 | ---- | M] () – C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/03/16 18:10:54 | 000,086,016 | ---- | M] () – C:\WINDOWS\system32\preflib.dll
MOD - [2007/03/16 18:10:48 | 000,757,760 | ---- | M] () – C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/10/13 13:53:36 | 000,090,223 | ---- | M] () – C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () – C:\WINDOWS\system32\BrMuSNMP.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] – %SystemRoot%\System32\hidserv.dll – (HidServ)
SRV - File not found [On_Demand | Stopped] – %SystemRoot%\System32\appmgmts.dll – (AppMgmt)
SRV - [2012/03/30 09:09:08 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files\Skype\Updater\Updater.exe – (SkypeUpdate)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\sched.exe – (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\avguard.exe – (AntiVirService)
SRV - [2012/01/18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] – C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe – (SpyHunter 4 Service)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] – C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe – (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] – C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe – (WDSmartWareBackgroundService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] – C:\Program Files\Canon\CAL\CALMAIN.exe – (CCALib8)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R— | M] (AOL LLC) [On_Demand | Running] – C:\Program Files\Common Files\aol\acs\AOLacsd.exe – (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – – (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] – system32\DRIVERS\s24trans.sys – (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDCOMP)
DRV - File not found [Kernel | System | Stopped] – – (PCIDump)
DRV - File not found [Kernel | System | Stopped] – – (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] – – (i2omgmt)
DRV - File not found [Kernel | System | Stopped] – – (Changer)
DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\avipbb.sys – (avipbb)
DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\avgntflt.sys – (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\avkmgr.sys – (avkmgr)
DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys – (esgiguard)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\ssmdrv.sys – (ssmdrv)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wdcsam.sys – (WDC_SAM)
DRV - [2007/07/23 09:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\lgusbmodem.sys – (USBModem)
DRV - [2007/07/23 09:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\lgusbdiag.sys – (UsbDiag)
DRV - [2007/07/23 09:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\lgusbbus.sys – (usbbus)
DRV - [2007/05/06 18:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\sthda.sys – (STHDA)
DRV - [2007/03/20 01:00:00 | 000,234,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\OEM02Dev.sys – (OEM02Dev)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\BCMWL5.SYS – (BCM43XX)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\OEM02Vfx.sys – (OEM02Vfx)
DRV - [2007/01/10 17:43:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\OEM02Afx.sys – (OEM02Afx)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R— | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\bcm4sbxp.sys – (bcm4sbxp)
DRV - [2006/11/02 19:47:36 | 000,989,696 | R— | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HSF_DPV.sys – (HSF_DPV)
DRV - [2006/11/02 19:47:00 | 000,209,152 | R— | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HSFHWAZL.sys – (HSFHWAZL)
DRV - [2006/11/02 19:46:56 | 000,730,112 | R— | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HSF_CNXT.sys – (winachsf)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\APPDRV.SYS – (APPDRV)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R— | M] (America Online, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\wanatw4.sys – (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.c…ferrer:source?}

IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004..\SearchScopes,DefaultScope = {13913002-EAD1-478A-957D-FA0A81787BA8}
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.c…Box&Form=IE8SRC
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004..\SearchScopes{13913002-EAD1-478A-957D-FA0A81787BA8}: “URL” = http://search.yahoo…p={searchTerms}
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004..\SearchScopes{CCF26F0D-6FDB-46E6-9660-137D3CE470B2}: “URL” = http://search.aol.co…ionType=msie70a
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js…extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/17 17:02:02 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 17:01:53 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/17 17:02:21 | 000,000,000 | —D | M]

[2011/08/22 23:28:32 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Allan\Application Data\Mozilla\Extensions
[2011/08/22 23:28:43 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\extensions
[2011/08/22 23:28:43 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\extensions{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/22 23:28:43 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\7bwbxg1r.default\extensions\staged-xpis
[2011/01/12 20:05:01 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions
[2012/03/11 22:22:52 | 000,000,000 | —D | M] (Skype Click to Call) – C:\Program Files\Mozilla Firefox\extensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/10 15:25:48 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/24 20:29:10 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 22:09:59 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 16:05:32 | 000,000,000 | —D | M] (Java Quick Starter) – C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) – C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011/01/05 16:05:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM…\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM…\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM…\Run: [HostManager] C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM…\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004…\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra ‘Tools’ menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m…ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{FF55C92A-2521-474E-B530-6BDBAB4FA25B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/29 22:32:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk )
O35 - HKLM..comfile [open] – “%1” %

O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*
O37 - HKU\S-1-5-21-1214440339-1035525444-839522115-1004.…exe [@ = exefile] – Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 11:30:24 | 000,593,920 | ---- | C] (OldTimer Tools) – C:\Program Files\OTL.exe
[2012/04/07 11:12:03 | 000,000,000 | —D | C] – C:\Documents and Settings\Allan\Desktop\RK_Quarantine
[2012/04/07 10:48:26 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/04/07 10:48:24 | 000,000,000 | —D | C] – C:\Program Files\HitmanPro
[2012/04/07 10:35:04 | 000,000,000 | --SD | C] – C:\32788R22FWJFW
[2012/04/07 10:34:41 | 004,452,287 | R— | C] (Swearware) – C:\Program Files\PCHelpForum.exe
[2012/04/07 10:33:24 | 004,452,287 | ---- | C] (Swearware) – C:\Program Files\ComboFix.exe
[2012/04/06 16:56:57 | 000,012,872 | ---- | C] (SurfRight B.V.) – C:\WINDOWS\System32\bootdelete.exe
[2012/04/06 15:02:14 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/04/06 15:02:06 | 007,156,360 | ---- | C] (SurfRight B.V.) – C:\Program Files\HitmanPro36.exe
[2012/04/06 14:56:33 | 000,397,728 | ---- | C] (Bleeping Computer, LLC) – C:\Program Files\unhide.exe
[2012/04/06 11:34:59 | 000,000,000 | —D | C] – C:\Documents and Settings\Allan\Desktop\tdsskiller
[2012/04/06 11:34:06 | 000,000,000 | —D | C] – C:\Program Files\BucksBee Loyalty Plugin - Softonic
[2012/04/06 10:48:32 | 000,000,000 | —D | C] – C:\Documents and Settings\Allan\Start Menu\Programs\SpyHunter
[2012/04/06 10:48:24 | 000,000,000 | —D | C] – C:\sh4ldr
[2012/04/06 10:48:24 | 000,000,000 | —D | C] – C:\Program Files\Enigma Software Group
[2012/04/06 10:47:22 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Wise Installation Wizard
[2012/04/06 10:46:10 | 000,725,408 | ---- | C] (Enigma Software Group USA, LLC.) – C:\Program Files\SpyHunter-Installer.exe
[2012/04/06 10:41:06 | 000,000,000 | R–D | C] – C:\Documents and Settings\Allan\Recent
[2012/04/06 09:29:40 | 000,000,000 | —D | C] – C:\Documents and Settings\Allan\Start Menu\Programs\SMART HDD
[2012/03/30 09:09:08 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) – C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/28 19:43:55 | 000,000,000 | —D | C] – C:\Documents and Settings\Allan\Application Data\Avira
[2012/03/28 19:38:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/03/28 19:38:13 | 000,028,520 | ---- | C] (Avira GmbH) – C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/03/28 19:38:10 | 000,137,416 | ---- | C] (Avira GmbH) – C:\WINDOWS\System32\drivers\avipbb.sys
[2012/03/28 19:38:10 | 000,036,000 | ---- | C] (Avira GmbH) – C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/03/28 19:38:09 | 000,074,640 | ---- | C] (Avira GmbH) – C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/03/28 19:38:02 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Avira
[2012/03/11 22:22:19 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Skype
[2012/03/11 22:22:19 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/02/29 22:27:55 | 000,493,520 | ---- | C] (Facebook Inc.) – C:\Program Files\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/02/17 16:59:43 | 000,692,480 | ---- | C] (RealNetworks, Inc.) – C:\Program Files\RealPlayer.exe
[2012/01/24 12:10:12 | 001,070,488 | ---- | C] (Lenovo Group Limited ) – C:\Program Files\68md01ww.exe
[2012/01/24 12:10:06 | 002,438,952 | ---- | C] (Lenovo Group Limited ) – C:\Program Files\68cr04ww.exe
[2012/01/24 12:09:37 | 036,927,832 | ---- | C] (Lenovo Group Limited ) – C:\Program Files\68ar04ww.exe
[2012/01/24 11:51:27 | 002,443,048 | ---- | C] (Lenovo Group Limited ) – C:\Program Files\68cs06ww.exe
[2011/12/09 15:16:45 | 001,630,912 | ---- | C] (W3i, LLC) – C:\Program Files\gimp_app_1201.exe
[2011/04/13 15:01:22 | 048,536,984 | ---- | C] (Adobe Systems Incorporated) – C:\Program Files\AdbeRdr1001_en_US.exe
[2011/04/01 09:26:36 | 000,231,224 | ---- | C] (Trusteer Ltd.) – C:\Program Files\RapportSetup.exe
[2011/02/27 14:02:24 | 000,509,440 | ---- | C] (iS3, Inc.) – C:\Program Files\STOPzilla_Setup.exe
[2011/02/27 13:59:13 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) – C:\Program Files\mbam-setup-1.50.1.1100.exe
[2011/02/27 13:50:44 | 006,623,888 | ---- | C] (Malwarebytes Corporation ) – C:\Program Files\Malwarebytes.exe
[2010/08/26 17:32:44 | 001,704,744 | ---- | C] (Skype Technologies S.A.) – C:\Program Files\SkypeSetup.exe
[2010/04/29 23:57:19 | 002,959,376 | ---- | C] (Microsoft Corporation) – C:\Program Files\dotnetfx35setup.exe
[7 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[3 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2012/04/07 11:38:16 | 000,000,830 | ---- | M] () – C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/07 11:30:25 | 000,593,920 | ---- | M] (OldTimer Tools) – C:\Program Files\OTL.exe
[2012/04/07 11:11:06 | 001,261,568 | ---- | M] () – C:\Program Files\winlogon.exe
[2012/04/07 10:48:26 | 000,001,610 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/04/07 10:33:35 | 004,452,287 | R— | M] (Swearware) – C:\Program Files\PCHelpForum.exe
[2012/04/07 10:33:35 | 004,452,287 | ---- | M] (Swearware) – C:\Program Files\ComboFix.exe
[2012/04/07 10:28:15 | 000,464,324 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2012/04/07 10:28:15 | 000,080,884 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2012/04/07 10:14:32 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2012/04/07 01:29:55 | 000,015,360 | ---- | M] () – C:\Documents and Settings\Allan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 00:36:29 | 000,000,998 | ---- | M] () – C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004UA.job
[2012/04/06 16:56:57 | 000,012,872 | ---- | M] (SurfRight B.V.) – C:\WINDOWS\System32\bootdelete.exe
[2012/04/06 15:02:06 | 007,156,360 | ---- | M] (SurfRight B.V.) – C:\Program Files\HitmanPro36.exe
[2012/04/06 14:56:34 | 000,397,728 | ---- | M] (Bleeping Computer, LLC) – C:\Program Files\unhide.exe
[2012/04/06 12:16:23 | 000,000,284 | ---- | M] () – C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/06 11:40:04 | 002,053,661 | ---- | M] () – C:\Program Files\tdsskiller.zip
[2012/04/06 11:34:02 | 002,886,784 | ---- | M] () – C:\Documents and Settings\Allan\Desktop\Toolbar_production_100709.exe
[2012/04/06 11:33:52 | 001,954,684 | ---- | M] () – C:\Documents and Settings\Allan\Desktop\tdsskiller.zip
[2012/04/06 11:22:51 | 000,000,784 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 10:48:33 | 000,001,973 | ---- | M] () – C:\Documents and Settings\Allan\Desktop\SpyHunter.lnk
[2012/04/06 10:46:14 | 000,725,408 | ---- | M] (Enigma Software Group USA, LLC.) – C:\Program Files\SpyHunter-Installer.exe
[2012/04/06 09:34:33 | 000,000,256 | ---- | M] () – C:\Documents and Settings\All Users\Application Data\FKDCSB2HMaDCw4
[2012/04/06 09:29:43 | 000,000,168 | ---- | M] () – C:\Documents and Settings\All Users\Application Data-FKDCSB2HMaDCw4r
[2012/04/06 09:29:43 | 000,000,000 | ---- | M] () – C:\Documents and Settings\All Users\Application Data-FKDCSB2HMaDCw4
[2012/04/03 17:10:28 | 000,012,567 | ---- | M] () – C:\Documents and Settings\Allan\My Documents\Customer Sales Log Sheet.ods
[2012/04/02 09:39:11 | 000,016,651 | ---- | M] () – C:\Documents and Settings\Allan\My Documents\Michael Georgalas letter.odt
[2012/04/01 14:54:48 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2012/03/30 09:09:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) – C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/30 09:09:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) – C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/28 19:38:31 | 000,001,707 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/26 21:34:00 | 000,000,976 | ---- | M] () – C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-1035525444-839522115-1004Core.job
[2012/03/26 20:00:50 | 000,002,265 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/24 14:11:14 | 000,404,718 | ---- | M] () – C:\Documents and Settings\Allan\My Documents\George Flugrad pdf.pdf
[2012/03/14 15:14:15 | 000,011,796 | ---- | M] () – C:\Documents and Settings\Allan\My Documents\William Travis Police Letter.odt
[2012/03/14 15:13:43 | 000,010,932 | ---- | M] () – C:\Documents and Settings\Allan\My Documents\William Travis Occupancy Letter.odt
[2012/03/14 11:49:21 | 000,119,744 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 11:10:15 | 000,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[3 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files Created - No Company Name ==========

[2012/04/07 11:10:52 | 001,261,568 | ---- | C] () – C:\Program Files\winlogon.exe
[2012/04/07 10:48:26 | 000,001,610 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/04/06 11:40:04 | 002,053,661 | ---- | C] () – C:\Program Files\tdsskiller.zip
[2012/04/06 11:33:49 | 002,886,784 | ---- | C] () – C:\Documents and Settings\Allan\Desktop\Toolbar_production_100709.exe
[2012/04/06 11:33:49 | 001,954,684 | ---- | C] () – C:\Documents and Settings\Allan\Desktop\tdsskiller.zip
[2012/04/06 11:22:51 | 000,000,784 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 10:48:33 | 000,001,973 | ---- | C] () – C:\Documents and Settings\Allan\Desktop\SpyHunter.lnk
[2012/04/06 09:29:43 | 000,000,168 | ---- | C] () – C:\Documents and Settings\All Users\Application Data-FKDCSB2HMaDCw4r
[2012/04/06 09:29:43 | 000,000,000 | ---- | C] () – C:\Documents and Settings\All Users\Application Data-FKDCSB2HMaDCw4
[2012/04/06 09:29:35 | 000,000,256 | ---- | C] () – C:\Documents and Settings\All Users\Application Data\FKDCSB2HMaDCw4
[2012/04/02 09:30:04 | 000,016,651 | ---- | C] () – C:\Documents and Settings\Allan\My Documents\Michael Georgalas letter.odt
[2012/03/30 09:09:09 | 000,000,830 | ---- | C] () – C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/28 19:38:31 | 000,001,707 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/03/24 14:11:14 | 000,404,718 | ---- | C] () – C:\Documents and Settings\Allan\My Documents\George Flugrad pdf.pdf
[2012/03/14 15:12:48 | 000,010,932 | ---- | C] () – C:\Documents and Settings\Allan\My Documents\William Travis Occupancy Letter.odt
[2012/03/14 15:07:59 | 000,011,796 | ---- | C] () – C:\Documents and Settings\Allan\My Documents\William Travis Police Letter.odt
[2012/03/11 22:22:19 | 000,002,265 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/02/14 17:37:34 | 000,003,072 | ---- | C] () – C:\WINDOWS\System32\iacenc.dll
[2012/01/24 12:07:43 | 008,556,672 | ---- | C] () – C:\Program Files\Lenovo_Download_Manager_Installer.exe
[2011/06/03 12:38:32 | 000,000,242 | ---- | C] () – C:\WINDOWS\Brpfx04a.ini
[2011/06/03 12:38:32 | 000,000,093 | ---- | C] () – C:\WINDOWS\brpcfx.ini
[2011/06/03 12:38:17 | 000,000,419 | ---- | C] () – C:\WINDOWS\BRWMARK.INI
[2011/06/03 12:37:49 | 000,000,050 | ---- | C] () – C:\WINDOWS\System32\bridf08c.dat
[2011/06/03 12:37:42 | 000,000,086 | ---- | C] () – C:\WINDOWS\Brfaxrx.ini
[2011/06/03 12:37:42 | 000,000,000 | ---- | C] () – C:\WINDOWS\brdfxspd.dat
[2011/06/03 12:37:41 | 000,106,496 | ---- | C] () – C:\WINDOWS\System32\BrMuSNMP.dll
[2011/06/03 12:33:03 | 000,031,767 | ---- | C] () – C:\WINDOWS\maxlink.ini
[2011/04/13 11:44:41 | 021,058,523 | ---- | C] () – C:\Program Files\FullTiltSetup.exe
[2010/11/07 13:55:01 | 000,015,360 | ---- | C] () – C:\Documents and Settings\Allan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 17:41:49 | 000,000,056 | ---- | C] () – C:\WINDOWS\System32\ezsidmv.dat
[2010/08/26 08:59:53 | 000,680,340 | ---- | C] () – C:\Program Files\StarterSetup.zip
[2010/07/11 15:55:48 | 000,198,144 | ---- | C] () – C:\WINDOWS\System32_psisdecd.dll
[2010/06/06 23:52:30 | 000,018,632 | ---- | C] () – C:\WINDOWS\System32\mlfcache.dat
[2010/05/14 10:21:41 | 156,607,328 | ---- | C] () – C:\Program Files\OOo_3.2.0_Win_x86_install-wJRE_en-US.exe
[2010/05/06 09:49:05 | 000,734,286 | ---- | C] () – C:\Program Files\Starter.zip
[2010/05/03 16:53:06 | 027,386,256 | ---- | C] ( ) – C:\Program Files\AdbeRdr930_en_US.exe
[2010/04/30 11:06:24 | 000,000,335 | ---- | C] () – C:\WINDOWS\nsreg.dat
[2010/04/29 23:56:12 | 000,009,523 | ---- | C] () – C:\Program Files\DellDriverDownloadManager.application
[2010/04/29 23:38:22 | 044,089,904 | ---- | C] () – C:\Program Files\avira_antivir_personal_en.exe
[2010/04/29 23:08:09 | 000,319,488 | ---- | C] () – C:\WINDOWS\System32\AegisI5Installer.exe
[2010/04/29 23:01:04 | 000,910,304 | ---- | C] () – C:\WINDOWS\System32\igmedkrn.dll
[2010/04/29 23:01:04 | 000,204,800 | ---- | C] () – C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2010/04/29 22:59:10 | 000,086,016 | ---- | C] () – C:\WINDOWS\System32\preflib.dll
[2010/04/29 22:59:08 | 000,020,480 | ---- | C] () – C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/04/29 22:59:07 | 000,757,760 | ---- | C] () – C:\WINDOWS\System32\bcm1xsup.dll
[2010/04/29 22:42:04 | 000,000,664 | ---- | C] () – C:\WINDOWS\System32\d3d9caps.dat
[2010/04/29 22:35:48 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat
[2010/04/29 22:29:10 | 000,021,640 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat
[2010/04/29 18:19:46 | 000,004,161 | ---- | C] () – C:\WINDOWS\ODBCINST.INI
[2010/04/29 18:18:07 | 000,119,744 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========

< %SYSTEMDRIVE%*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 – C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 – C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 – C:\WINDOWS$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 – C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 – C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 – C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 – C:\WINDOWS$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF – C:\WINDOWS$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 – C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 – C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE – C:\WINDOWS$NtServicePackUninstall$\winlogon.exe
[2012/04/07 11:11:06 | 001,261,568 | ---- | M] () MD5=445AC2F54B1CFC1EE110329E68FA61A0 – C:\Program Files\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 – C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U*.* /s >

< %Temp%\smtmp\1*.* >

< %Temp%\smtmp\2*.* >
[2012/04/06 09:29:41 | 000,000,847 | ---- | M] () – C:\DOCUME~1\Allan\LOCALS~1\Temp\smtmp\2\SMART_HDD.lnk

< %Temp%\smtmp\3*.* >

< %Temp%\smtmp\4*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: ALLAN-LAPPY
Volume ### Ltr Label Fs Type Size Status Info


Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 146 GB Healthy System

< >

< End of report >

OTL Extras logfile created on: 4/7/2012 11:31:32 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.84% Memory free
3.84 Gb Paging File | 3.29 Gb Available in Paging File | 85.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 89.75 Gb Free Space | 61.28% Space Free | Partition Type: NTFS

Computer Name: ALLAN-LAPPY | User Name: Allan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.html [@ = aolfile_HTM] – C:\Program Files\AOL 9.5\aol.exe (AOL Inc.)

[HKEY_USERS\S-1-5-21-1214440339-1035525444-839522115-1004\SOFTWARE\Classes<extension>]
.exe [@ = exefile] – Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
exefile [open] – “%1” %*
htafile [open] – “%1” %*
htmlfile [edit] – Reg Error: Key error.
http [open] – C:\PROGRA~1\AOL9~1.5\aol.exe -z"%1" (AOL Inc.)
https [open] – C:\PROGRA~1\AOL9~1.5\aol.exe -z"%1" (AOL Inc.)
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 1
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
“Start” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
“Start” = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DoNotAllowExceptions” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“54925:UDP” = 54925:UDP:*:Enabled:BrotherNetwork Scanner

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Program Files\Common Files\aol\acs\AOLDial.exe” = C:\Program Files\Common Files\aol\acs\AOLDial.exe::Enabled:AOL Connectivity Service Dialer – (America Online)
“C:\Program Files\Common Files\aol\acs\AOLacsd.exe” = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:
:Enabled:AOL Connectivity Service – (AOL LLC)
“C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe” = C:\Program Files\Common Files\aol\1272640394\ee\aolsoftware.exe::Enabled:AOL Shared Components – (AOL Inc.)
“C:\Program Files\AOL 9.5\waol.exe” = C:\Program Files\AOL 9.5\waol.exe:
:Enabled:AOL – (AOL Inc.)
“C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe” = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe::Enabled:AOL TopSpeed – (AOL Inc.)
“C:\Program Files\Common Files\aol\Loader\aolload.exe” = C:\Program Files\Common Files\aol\Loader\aolload.exe:
:Enabled:AOL Loader – (AOL Inc.)
“C:\Program Files\Common Files\aol\System Information\sinf.exe” = C:\Program Files\Common Files\aol\System Information\sinf.exe::Enabled:AOL System Information – (AOL Inc.)
“C:\Program Files\AIM\aim.exe” = C:\Program Files\AIM\aim.exe:
:Enabled:AIM – (AOL Inc.)
“C:\Program Files\Electronic Arts\EADM\Core.exe” = C:\Program Files\Electronic Arts\EADM\Core.exe::Disabled:EA Download Manager – (Electronic Arts)
“C:\Program Files\Skype\Plugin Manager\skypePM.exe” = C:\Program Files\Skype\Plugin Manager\skypePM.exe:
:Enabled:Skype Extras Manager
“C:\Program Files\AOL Desktop 9.6\waol.exe” = C:\Program Files\AOL Desktop 9.6\waol.exe::Enabled:AOL Software – (AOL Inc.)
“C:\Program Files\Brother\Brmfl08l\FAXRX.exe” = C:\Program Files\Brother\Brmfl08l\FAXRX.exe:
:Enabled:FAXRX.EXE – (Brother Industries Ltd.)
“C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe” = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe::Enabled:WebKit – (Apple Inc.)
“C:\Documents and Settings\Allan\Local Settings\Application Data\Akamai\netsession_win.exe” = C:\Documents and Settings\Allan\Local Settings\Application Data\Akamai\netsession_win.exe:
:Enabled:Akamai NetSession Client – (Akamai Technologies, Inc)
“C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe” = C:\Documents and Settings\Allan\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin – (Skype Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}” = ScanSoft PaperPort 11
“{0A02D347-5E53-48A5-BC49-1469393103FA}” = Brother MFL-Pro Suite MFC-495CW
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
“{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}” = WD SmartWare
“{26A24AE4-039D-4CA4-87B4-2F83216018F0}” = Java™ 6 Update 18
“{26A24AE4-039D-4CA4-87B4-2F83216022FF}” = Java™ 6 Update 22
“{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}” = RealUpgrade 1.1
“{29ED20C9-5E15-4969-9279-25BF3727A3DA}” = iTunes
“{2BC2781A-F7F6-452E-95EB-018A522F1B2C}” = PaperPort Image Printer
“{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{42929F0F-CE14-47AF-9FC7-FF297A603021}” = Dell Resource CD
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}” = SpyHunter
“{612B9183-67A9-4B44-9877-2F059E35B86A}” = Broadcom 440x 10/100 Integrated Controller
“{6ADD0603-16EF-400D-9F9E-486432835002}” = OpenOffice.org 3.2
“{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
“{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
“{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}” = RealNetworks - Microsoft Visual C++ 2008 Runtime
“{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}” = MobileMe Control Panel
“{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update
“{79155F2B-9895-49D7-8612-D92580E0DE5B}” = Bonjour
“{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}” = Microsoft VC9 runtime libraries
“{7CAC6A44-C3DE-4153-ACA6-7524602C789E}” = Facebook Video Calling 1.2.0.159
“{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}” = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}” = OutlookAddinSetup
“{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
“{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}” = MediaDirect
“{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}” = Apple Mobile Device Support
“{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2
“{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}” = SigmaTel Audio
“{A83279FD-CA4B-4206-9535-90974DE76654}” = Apple Application Support
“{AA027AE9-DD20-4677-AA72-D760A358320B}” = Microsoft VC9 runtime libraries
“{AC76BA86-7AD7-1033-7B44-AA1000000001}” = Adobe Reader X (10.1.2)
“{B6CF2967-C81E-40C0-9815-C05774FEF120}” = Skype Click to Call
“{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}” = The Sims™ 3
“{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2
“{C5074CC4-0E26-4716-A307-960272A90040}” = QuickSet
“{C9E14402-3631-4182-B377-6B0DFB1C0339}” = QuickTime
“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1
“{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}” = Full Tilt Poker
“{E3E71D07-CD27-46CB-8448-16D4FB29AA13}” = Microsoft WSE 3.0 Runtime
“{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}” = Skype™ 5.8
“{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}” = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
“{FA02ACAC-9E14-4878-A257-92A22A647C2C}” = LG USB Modem Drivers
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin
“AIM_7” = AIM 7
“AOL Emergency Connect Utility 1.0” = Uninstall AOL Emergency Connect Utility 1.0
“AOL Toolbar” = AOL Toolbar
“AOL Uninstaller” = AOL Uninstaller (Choose which Products to Remove)
“Avira AntiVir Desktop” = Avira Free Antivirus
“Broadcom 802.11b Network Adapter” = Dell Wireless WLAN Card
“CAL” = Canon Camera Access Library
“CameraWindowDC” = Canon Utilities CameraWindow DC
“CameraWindowDVC5” = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
“CameraWindowDVC6” = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
“CameraWindowLauncher” = Canon Utilities CameraWindow
“Canon G.726 WMP-Decoder” = Canon G.726 WMP-Decoder
“CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F” = Conexant HDA D330 MDC V.92 Modem
“CodeStuff Starter” = CodeStuff Starter
“Creative OEM002” = Laptop Integrated Webcam Driver (1.00.10.0320)
“CSCLIB” = Canon Camera Support Core Library
“EADM” = EA Download Manager
“EOS Utility” = Canon Utilities EOS Utility
“HDMI” = Intel® Graphics Media Accelerator Driver
“HitmanPro36” = HitmanPro 3.6
“ie8” = Windows Internet Explorer 8
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.60.1.1000
“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1
“MovieEditTask” = Canon MovieEdit Task for ZoomBrowser EX
“Mozilla Firefox (3.6.8)” = Mozilla Firefox (3.6.8)
“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP
“MyCamera” = Canon Utilities MyCamera
“MyCameraDC” = Canon Utilities MyCamera DC
“PhotoStitch” = Canon Utilities PhotoStitch
“RAW Image Task” = Canon RAW Image Task for ZoomBrowser EX
“RealPlayer 15.0” = RealPlayer
“RemoteCaptureTask” = Canon Utilities RemoteCapture Task for ZoomBrowser EX
“SoftwareUpdUtility” = Download Updater (AOL LLC)
“SynTPDeinstKey” = Dell Touchpad
“ViewpointMediaPlayer” = Viewpoint Media Player
“Windows Media Format Runtime” = Windows Media Format 11 runtime
“Windows Media Player” = Windows Media Player 11
“Windows XP Service Pack” = Windows XP Service Pack 3
“WMFDist11” = Windows Media Format 11 runtime
“wmp11” = Windows Media Player 11
“Wudf01000” = Microsoft User-Mode Driver Framework Feature Pack 1.0
“ZoomBrowser EX” = Canon Utilities ZoomBrowser EX
“ZoomBrowser EX Memory Card Utility” = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-1035525444-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“Akamai” = Akamai NetSession Interface
“GoToMeeting” = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2012 11:44:21 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:44:21.921]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:44:56 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:44:56.437]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:45:30 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:45:30.937]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:46:05 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:46:05.468]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:46:39 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:46:39.984]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:47:14 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:47:14.515]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:47:49 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:47:49.062]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:48:23 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:48:23.609]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:48:58 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:48:58.125]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

Error - 4/7/2012 11:49:36 AM | Computer Name = ALLAN-LAPPY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/07 11:49:36.984]: [00000272]: GetDeviceIpAddress:
GetAddressByName [BRWC417FEB4E154] Error

[ System Events ]
Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/7/2012 12:14:05 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

Error - 4/7/2012 12:15:21 AM | Computer Name = ALLAN-LAPPY | Source = DCOM | ID = 10005
Description = DCOM got error “%1084” attempting to start the service EventSystem
with arguments “” in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/7/2012 2:17:22 AM | Computer Name = ALLAN-LAPPY | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 4/7/2012 10:35:29 AM | Computer Name = ALLAN-LAPPY | Source = Service Control Manager | ID = 7034
Description = The SpyHunter 4 Service service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo…13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Allan [Admin rights]
Mode: Scan – Date: 04/07/2012 11:14:36

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC530 → HOOKED (Unknown @ 0xA10950F4)
SSDT[41] : NtCreateKey @ 0x806240F0 → HOOKED (Unknown @ 0xA10950AE)
SSDT[50] : NtCreateSection @ 0x805AB3C8 → HOOKED (Unknown @ 0xA10950FE)
SSDT[53] : NtCreateThread @ 0x805D1018 → HOOKED (Unknown @ 0xA10950A4)
SSDT[63] : NtDeleteKey @ 0x8062458C → HOOKED (Unknown @ 0xA10950B3)
SSDT[65] : NtDeleteValueKey @ 0x8062475C → HOOKED (Unknown @ 0xA10950BD)
SSDT[68] : NtDuplicateObject @ 0x805BE008 → HOOKED (Unknown @ 0xA10950EF)
SSDT[98] : NtLoadKey @ 0x80626314 → HOOKED (Unknown @ 0xA10950C2)
SSDT[122] : NtOpenProcess @ 0x805CB440 → HOOKED (Unknown @ 0xA1095090)
SSDT[128] : NtOpenThread @ 0x805CB6CC → HOOKED (Unknown @ 0xA1095095)
SSDT[177] : NtQueryValueKey @ 0x80622314 → HOOKED (Unknown @ 0xA1095117)
SSDT[193] : NtReplaceKey @ 0x806261C4 → HOOKED (Unknown @ 0xA10950CC)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 → HOOKED (Unknown @ 0xA1095108)
SSDT[204] : NtRestoreKey @ 0x80625AD0 → HOOKED (Unknown @ 0xA10950C7)
SSDT[213] : NtSetContextThread @ 0x805D173A → HOOKED (Unknown @ 0xA1095103)
SSDT[237] : NtSetSecurityObject @ 0x805C062E → HOOKED (Unknown @ 0xA109510D)
SSDT[247] : NtSetValueKey @ 0x80622662 → HOOKED (Unknown @ 0xA10950B8)
SSDT[255] : NtSystemDebugControl @ 0x806180BA → HOOKED (Unknown @ 0xA1095112)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 → HOOKED (Unknown @ 0xA109509F)
S_SSDT[549] : Unknown → HOOKED (Unknown @ 0xA1095126)
S_SSDT[552] : Unknown → HOOKED (Unknown @ 0xA109512B)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS +++++
— User —
[MBR] da29546b4a01af59d6610379d03515ca
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 149989 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307339515 | Size: 2557 Mo
User = LL1 … OK!
User = LL2 … OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 12:16:57

12:16:57.000 OS Version: Windows 5.1.2600 Service Pack 3
12:16:57.000 Number of processors: 2 586 0xF0D
12:16:57.000 ComputerName: ALLAN-LAPPY UserName: Allan
12:17:01.921 Initialize success
12:17:28.171 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP1T0L0-e
12:17:28.171 Disk 0 Vendor: ST9160821AS 3.CDE Size: 152627MB BusType: 3
12:17:28.234 Disk 0 MBR read successfully
12:17:28.234 Disk 0 MBR scan
12:17:28.234 Disk 0 Windows XP default MBR code
12:17:28.234 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
12:17:28.250 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149989 MB offset 160650
12:17:28.265 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 307339515
12:17:28.328 Disk 0 Partition 3 00 DD MSDOS5.0 2557 MB offset 307339578
12:17:28.343 Disk 0 scanning sectors +312576705
12:17:28.515 Disk 0 scanning C:\WINDOWS\system32\drivers
12:17:54.109 Service scanning
12:18:34.968 Modules scanning
12:19:09.578 Disk 0 trace - called modules:
12:19:09.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
12:19:09.593 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x89dc3ab8]
12:19:09.593 3 CLASSPNP.SYS[ba108fd7] → nt!IofCallDriver → \Device\Ide\IdeDeviceP1T0L0-e[0x89dc5d98]
12:19:09.609 Scan finished successfully
12:19:19.375 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Allan\Desktop\MBR.dat”
12:19:19.375 The log file has been saved successfully to “C:\Documents and Settings\Allan\Desktop\aswMBR.txt”

Thanks for the help in advance.

We have something called attachments here. ;)… I think all forums have that, maken it a bit easyer

Anyway Essexboy is notified.

I have replied with a fix over at Geeks to Go http://www.geekstogo.com/forum/topic/316674-smart-hdd-virus/

Please do not post in multiple forums as you can get conflicting advice