Jump to content

Recommended Posts

I read this post and it said if I couldn't complete the steps that I could still post here:

http://forums.malwarebytes.org/index.php?showtopic=84616&view=findpost&p=428978

Anyway, I just cleaned a computer of the Windows Recovery virus, un-hid all the files, but the Start->All Programs list is still showing mostly empty. The post I linked to also said these viruses are moving the program links to a temp directory, can someone here just tell me what directory that is and how to restore it to default? I don't have enough time with it to run all sorts of programs and post logs because it's being used 8 hours a day, so any advice would be appreciated. The system is using Windows XP.

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Link to post
Share on other sites

OTL logfile created on: 5/20/2011 11:20:32 AM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Amy\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 33.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 32.97 Gb Free Space | 58.99% Space Free | Partition Type: NTFS

Drive H: | 232.88 Gb Total Space | 2.13 Gb Free Space | 0.91% Space Free | Partition Type: NTFS

Computer Name: TBL-LT8 | User Name: Amy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Amy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

PRC - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe (Sprint Spectrum, L.L.C)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Amy\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (SPCSUtilityService) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe (Sprint Spectrum, L.L.C)

========== Driver Services (SafeList) ==========

DRV - (MpKslfdc4fa4a) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41684A63-D29E-441C-94B6-EE8D13113065}\MpKslfdc4fa4a.sys (Microsoft Corporation)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (SWMX00) Sierra Wireless USB MUX Driver (#00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)

DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)

DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (pnetmdm) -- C:\WINDOWS\system32\drivers\pnetmdm.sys (June Fabrics Technology)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (MLPTDR_B) -- C:\WINDOWS\system32\MLPTDR_B.SYS (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thinktbl.com/tblhome.html

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.thinktbl.com/tblhome.html"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 11:43:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/01 09:13:24 | 000,000,000 | ---D | M]

[2009/04/29 12:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amy\Application Data\Mozilla\Extensions

[2010/12/08 17:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\u0yzqnlr.default\extensions

[2009/06/25 12:39:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\u0yzqnlr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/08 17:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/08 15:31:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2009/05/22 14:33:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Documents and Settings\Amy\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} http://www.thinktbl.biz:89/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=2weihejeekga1h55vcgy0455&ControlID=1129574fcd814ce18031dfc0a826e76f&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab (RSClientPrint 2005 Class)

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)

O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)

O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://giant.coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236744461687 (WUWebControl Class)

O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab (Jeopardy Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245339792734 (MUWebControl Class)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab (DinerDash Control)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop WallPaper: C:\Documents and Settings\Amy\My Documents\My Pictures\meadowlands4.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amy\My Documents\My Pictures\meadowlands4.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/11 00:03:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{ab6a1dc9-0da8-11de-8666-0015c56219af}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476521-1645641927-702000330-1542\redmond.exe

O33 - MountPoints2\{ab6a1dc9-0da8-11de-8666-0015c56219af}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476521-1645641927-702000330-1542\redmond.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 11:19:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amy\Desktop\OTL.exe

[2011/05/20 09:04:07 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr80.dll

[2011/05/20 08:37:14 | 005,073,240 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Amy\Desktop\vcredist_x86.exe

[2011/05/20 08:34:01 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll

[2011/05/20 08:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy\Desktop\msvcr80

[2011/05/20 08:19:09 | 000,408,936 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Amy\Desktop\WINWORD.EXE

[2011/05/20 08:17:52 | 012,993,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Amy\Desktop\OUTLOOK.EXE

[2011/05/20 08:17:46 | 000,521,080 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Amy\Desktop\POWERPNT.EXE

[2011/05/20 08:17:29 | 018,362,216 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Amy\Desktop\EXCEL.EXE

[2011/05/19 16:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/05/19 16:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy\Application Data\SUPERAntiSpyware.com

[2011/05/19 16:30:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amy\Recent

[2011/05/19 16:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2011/05/19 16:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/05/19 16:29:51 | 011,181,896 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Amy\Desktop\SUPERAntiSpywarePro.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 11:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/20 11:19:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amy\Desktop\OTL.exe

[2011/05/20 10:52:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2011/05/20 09:52:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2011/05/20 09:11:54 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/05/20 09:07:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/20 09:07:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2011/05/20 09:06:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/20 08:54:26 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/05/20 08:37:18 | 005,073,240 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Amy\Desktop\vcredist_x86.exe

[2011/05/20 08:33:07 | 000,316,623 | ---- | M] () -- C:\Documents and Settings\Amy\Desktop\msvcr80.zip

[2011/05/19 17:17:29 | 000,465,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/05/19 17:17:28 | 000,079,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/05/19 17:12:29 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2011/05/19 17:12:29 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2011/05/19 17:12:29 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2011/05/19 17:12:29 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2011/05/19 17:12:29 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2011/05/19 16:39:51 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2011/05/19 16:29:51 | 011,181,896 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Amy\Desktop\SUPERAntiSpywarePro.exe

[2011/05/19 16:22:37 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18865956r

[2011/05/19 16:22:37 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18865956

[2011/05/19 16:22:20 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18865956

[2011/05/19 00:00:39 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2011/05/03 14:16:10 | 000,123,292 | ---- | M] () -- C:\Documents and Settings\Amy\My Documents\ShipEx.pdf

[2011/04/22 20:15:04 | 012,993,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Amy\Desktop\OUTLOOK.EXE

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 08:33:06 | 000,316,623 | ---- | C] () -- C:\Documents and Settings\Amy\Desktop\msvcr80.zip

[2011/05/19 16:39:51 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2011/05/19 16:22:37 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865956r

[2011/05/19 16:22:37 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865956

[2011/05/19 16:22:20 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18865956

[2011/05/03 14:16:10 | 000,123,292 | ---- | C] () -- C:\Documents and Settings\Amy\My Documents\ShipEx.pdf

[2010/12/03 15:25:45 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Amy\Application Data\start

[2010/10/08 11:07:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/11/10 09:17:46 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2009/09/22 17:03:23 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Amy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2009/04/29 12:30:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/11 15:32:14 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Amy\Local Settings\Application Data\fusioncache.dat

[2009/03/11 09:09:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2009/03/11 00:06:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/11 00:00:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/10 23:56:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/03/10 23:56:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2009/03/10 23:56:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2009/03/10 21:55:55 | 000,000,147 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2009/03/10 21:55:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2009/03/10 21:55:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2009/03/10 21:55:44 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5250DN.INI

[2009/03/10 21:55:08 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2009/03/10 21:55:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5250DN.DAT

[2009/03/10 18:53:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/10 18:51:50 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 06:00:00 | 000,465,640 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 06:00:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/09/02 17:07:06 | 000,018,932 | ---- | C] () -- C:\WINDOWS\MSUMLT_B.INI

< End of report >

OTL Extras logfile created on: 5/20/2011 11:20:32 AM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Amy\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 33.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 32.97 Gb Free Space | 58.99% Space Free | Partition Type: NTFS

Drive H: | 232.88 Gb Total Space | 2.13 Gb Free Space | 0.91% Space Free | Partition Type: NTFS

Computer Name: TBL-LT8 | User Name: Amy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 22

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra)

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{83ED1E80-A1B7-4246-BCF1-AC4A88151A6B}" = Microsoft MapPoint North America 2006

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F0E587B0-BED6-4797-A913-871CD8EDD34E}" = Brother HL-5250DN

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"ENTERPRISER" = Microsoft Office Enterprise 2007

"Google Calendar Sync" = Google Calendar Sync

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"KeePass Password Safe_is1" = KeePass Password Safe 1.06

"magicolor 2300 DL" = magicolor 2300 DL

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PdaNet_is1" = PdaNet for Android 2.41

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"winusb0100" = Microsoft WinUsb 1.0

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/13/2011 8:21:41 AM | Computer Name = TBL-LT8 | Source = Windows Search Service | ID = 3050

Description = Unvisited items cannot be deleted from the history after a full update.

Context:

Application, SystemIndex Catalog Details: The I/O operation has been aborted because

of either a thread exit or an application request. (0x800703e3)

Error - 4/15/2011 10:17:13 AM | Computer Name = TBL-LT8 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 tbl_lading.exe, P2 2.1.17.0, P3 4d481ce8, P4

xceed.filesystem, P5 3.7.8516.10220, P6 48f752b0, P7 9a, P8 6b, P9 xceed.filesystem.filesystemio,

P10 NIL.

Error - 5/5/2011 10:57:51 AM | Computer Name = TBL-LT8 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 tbl_lading.exe, P2 2.1.17.0, P3 4d481ce8, P4

xceed.filesystem, P5 3.7.8516.10220, P6 48f752b0, P7 9a, P8 6b, P9 xceed.filesystem.filesystemio,

P10 NIL.

Error - 5/18/2011 8:15:25 AM | Computer Name = TBL-LT8 | Source = Application Hang | ID = 1002

Description = Hanging application TBL_LADING.exe, version 2.1.17.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2011 11:57:28 AM | Computer Name = TBL-LT8 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 tbl_lading.exe, P2 2.1.17.0, P3 4d481ce8, P4

xceed.filesystem, P5 3.7.8516.10220, P6 48f752b0, P7 9a, P8 6b, P9 xceed.filesystem.filesystemio,

P10 NIL.

Error - 5/19/2011 4:26:23 PM | Computer Name = TBL-LT8 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2011 5:17:52 PM | Computer Name = TBL-LT8 | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\AMY\RECENT\DESKTOP.INI> in the

hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A

device attached to the system is not functioning. (0x8007001f)

Error - 5/19/2011 5:19:00 PM | Computer Name = TBL-LT8 | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\AMY\RECENT\DESKTOP.INI> in the

hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A

device attached to the system is not functioning. (0x8007001f)

Error - 5/19/2011 5:21:53 PM | Computer Name = TBL-LT8 | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\AMY\RECENT\DESKTOP.INI> in the

hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A

device attached to the system is not functioning. (0x8007001f)

Error - 5/20/2011 9:12:48 AM | Computer Name = TBL-LT8 | Source = Application Hang | ID = 1002

Description = Hanging application POWERPNT.EXE, version 12.0.6545.5000, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]

Error - 5/7/2009 8:16:36 AM | Computer Name = TBL-LT8 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 244579

seconds with 10080 seconds of active time. This session ended with a crash.

Error - 12/13/2010 2:12:58 PM | Computer Name = TBL-LT8 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12632

seconds with 1080 seconds of active time. This session ended with a crash.

Error - 2/10/2011 3:45:21 PM | Computer Name = TBL-LT8 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21111

seconds with 2160 seconds of active time. This session ended with a crash.

Error - 2/17/2011 5:57:59 PM | Computer Name = TBL-LT8 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18418

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/17/2011 5:58:00 PM | Computer Name = TBL-LT8 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18278

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 5/20/2011 8:57:22 AM | Computer Name = TBL-LT8 | Source = Service Control Manager | ID = 7001

Description = The Messenger service depends on the NetBIOS Interface service which

failed to start because of the following error: %%31

Error - 5/20/2011 8:57:22 AM | Computer Name = TBL-LT8 | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 5/20/2011 8:57:22 AM | Computer Name = TBL-LT8 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

Error - 5/20/2011 8:59:36 AM | Computer Name = TBL-LT8 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/20/2011 8:59:47 AM | Computer Name = TBL-LT8 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/20/2011 8:59:47 AM | Computer Name = TBL-LT8 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/20/2011 9:01:50 AM | Computer Name = TBL-LT8 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service WSearch with

arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 5/20/2011 9:05:27 AM | Computer Name = TBL-LT8 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/20/2011 9:05:30 AM | Computer Name = TBL-LT8 | Source = DCOM | ID = 10010

Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register

with DCOM within the required timeout.

Error - 5/20/2011 9:07:09 AM | Computer Name = TBL-LT8 | Source = Service Control Manager | ID = 7002

Description = The MLPTDR_B service depends on the Parallel arbitrator group and

no member of this group started.

< End of report >

Link to post
Share on other sites

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    [2011/05/19 16:22:37 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865956r
    [2011/05/19 16:22:37 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18865956
    [2011/05/19 16:22:20 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18865956
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2011/05/20 09:06:53 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2011/05/20 10:52:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2011/05/20 09:52:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At5.job


    :Files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


    :Commands
    [EmptyFlash]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Link to post
Share on other sites

When will it produce this log, after the reboot? Nothing popped up when I rebooted and I don't see a log file on the desktop anywhere, which is where the first two went.

At any rate I pasted the code in there and ran it and all the programs appear under Start again, so that much is working. I don't see any other instance of the virus either, the hidden programs was pretty much the last of the issues. Thanks.

Link to post
Share on other sites

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.