Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Windows XP Recovery and TDSS


  • This topic is locked This topic is locked
21 replies to this topic

#1 leatherman

leatherman

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 17 May 2011 - 06:25 PM

There was a photo spread from the Yahoo main page last night for an artist named Edward Mueller who does sidewalk art. It listed his website, www.metanmorph.com, which my wife visited and infected my computer (pop ups started immediately). Your uninstall guide said it would not help if I was infected with the TDSS rootkit, which I have as my google searches are being redirected. My desktop has disappeared completely, and I had to unhide all the files to access them. My desktop is black. Additionally, although Yahoo messenger is running, no received messages appear in the message boxes.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David Branson at 22:49:31.85 on Mon 05/16/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.586 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [qNHRkYKMBL] c:\documents and settings\all users\application data\qNHRkYKMBL.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\davidb~1.dav\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\davidb~1.dav\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289812069182
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\davidb~1.dav\applic~1\mozilla\firefox\profiles\z70gzbj7.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\david branson.david\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-15 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-15 40384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-15 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-15 40384]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 gupdate1c9e6efc1f988d5;Google Update Service (gupdate1c9e6efc1f988d5);c:\program files\google\update\GoogleUpdate.exe [2009-6-6 133104]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2010-8-31 91830]
.
=============== Created Last 30 ================
.
2011-05-17 00:51:26 350208 ---ha-w- c:\docume~1\alluse~1\applic~1\15916836.exe
2011-05-17 00:41:20 4224 ---ha-w- c:\windows\system32\beep.sys
2011-05-17 00:40:12 462848 ---ha-w- c:\docume~1\alluse~1\applic~1\qNHRkYKMBL.exe
2011-05-17 00:39:40 64000 ---ha-w- c:\program files\outlook express\rasadhlp.dll
2011-05-17 00:39:40 64000 ---ha-w- c:\program files\mozilla firefox\rasadhlp.dll
2011-05-17 00:39:40 64000 ---ha-w- c:\program files\internet explorer\rasadhlp.dll
2011-05-08 17:49:34 -------- d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJEGV
2011-05-08 17:49:00 -------- d--h--w- c:\docume~1\davidb~1.dav\locals~1\applic~1\Canon Easy-PhotoPrint EX
2011-05-08 17:18:40 307200 ---ha-w- c:\windows\system32\CNC870L.dll
2011-05-08 17:18:40 1310720 ---ha-w- c:\windows\system32\CNC870C.dll
2011-05-08 17:18:40 110592 ---ha-w- c:\windows\system32\CNC870I.dll
2011-05-08 17:18:39 15872 ---ha-w- c:\windows\system32\CNHMCA.dll
2011-05-08 17:18:39 102400 ---ha-w- c:\windows\system32\CNC870U.dll
2011-05-08 17:09:04 -------- d--h--w- c:\program files\common files\CANON
2011-05-08 17:03:55 354816 ---ha-w- c:\windows\system32\CNMNPPM.DLL
2011-05-08 17:03:55 137216 ---ha-w- c:\windows\system32\CNMNPUI.DLL
2011-05-08 17:03:55 -------- d--h--w- c:\windows\system32\STRING
2011-05-08 17:03:54 -------- d--h--w- c:\windows\system32\CHM
2011-05-08 17:02:36 -------- d--h--w- c:\program files\Canon
2011-05-02 16:45:49 -------- d--h--w- c:\docume~1\davidb~1.dav\locals~1\applic~1\Thunderbird
2011-04-27 13:48:07 -------- d--h--w- c:\program files\TimezAttackLauncher
2011-04-27 13:47:21 -------- d--h--w- C:\BigBrainz
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ---ha-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ---ha-w- c:\windows\system32\win32k.sys
2011-02-17 13:51:57 81920 ---ha-w- c:\windows\system32\ieencode.dll
2011-02-17 13:51:57 667136 ---ha-w- c:\windows\system32\wininet.dll
2011-02-17 13:51:57 61952 ---ha-w- c:\windows\system32\tdc.ocx
2011-02-17 12:37:38 369664 ---ha-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ---ha-w- c:\windows\system32\xpsp4res.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2080BH_PL rev.892C -> Harddisk0\DR0 -> \Device\00000085
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A43F6F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a445a10]; MOV EAX, [0x8a445a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A4C4AB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000084[0x8A4EFAC0]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A4EE030]
\Driver\nvata[0x8A4EBD10] -> IRP_MJ_CREATE -> 0x8A43F6F0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000083 -> \??\IDE#DiskFUJITSU_MHV2080BH_PL____________________892C____#574E5A3936543241475550312020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 22:50:05.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:33 AM

Posted 20 May 2011 - 10:18 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 leatherman

leatherman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 21 May 2011 - 06:35 AM

Thank you so much for helping. Here is the TDSSKiler log:


2011/05/21 07:26:20.0906 3668 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 07:26:21.0234 3668 ================================================================================
2011/05/21 07:26:21.0234 3668 SystemInfo:
2011/05/21 07:26:21.0234 3668
2011/05/21 07:26:21.0234 3668 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/21 07:26:21.0234 3668 Product type: Workstation
2011/05/21 07:26:21.0234 3668 ComputerName: DAVID
2011/05/21 07:26:21.0234 3668 UserName: David Branson
2011/05/21 07:26:21.0234 3668 Windows directory: C:\WINDOWS
2011/05/21 07:26:21.0234 3668 System windows directory: C:\WINDOWS
2011/05/21 07:26:21.0234 3668 Processor architecture: Intel x86
2011/05/21 07:26:21.0234 3668 Number of processors: 2
2011/05/21 07:26:21.0234 3668 Page size: 0x1000
2011/05/21 07:26:21.0234 3668 Boot type: Normal boot
2011/05/21 07:26:21.0234 3668 ================================================================================
2011/05/21 07:26:23.0906 3668 Initialize success
2011/05/21 07:26:33.0375 3900 ================================================================================
2011/05/21 07:26:33.0375 3900 Scan started
2011/05/21 07:26:33.0375 3900 Mode: Manual;
2011/05/21 07:26:33.0375 3900 ================================================================================
2011/05/21 07:26:33.0593 3900 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
2011/05/21 07:26:33.0671 3900 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/21 07:26:33.0781 3900 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/21 07:26:33.0906 3900 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/21 07:26:34.0015 3900 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/21 07:26:34.0109 3900 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/21 07:26:34.0187 3900 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/21 07:26:34.0265 3900 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/21 07:26:34.0343 3900 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/21 07:26:34.0421 3900 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/21 07:26:34.0500 3900 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/21 07:26:34.0578 3900 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/21 07:26:34.0625 3900 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/21 07:26:34.0718 3900 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/21 07:26:34.0843 3900 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/21 07:26:34.0968 3900 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/21 07:26:35.0031 3900 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/05/21 07:26:35.0078 3900 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/21 07:26:35.0156 3900 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/21 07:26:35.0218 3900 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/21 07:26:35.0281 3900 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/21 07:26:35.0406 3900 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/21 07:26:35.0500 3900 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/21 07:26:35.0578 3900 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/21 07:26:35.0640 3900 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/21 07:26:35.0750 3900 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/21 07:26:35.0890 3900 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/21 07:26:35.0921 3900 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/21 07:26:36.0000 3900 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/21 07:26:36.0046 3900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/21 07:26:36.0125 3900 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/21 07:26:36.0171 3900 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/21 07:26:36.0359 3900 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/21 07:26:36.0562 3900 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/05/21 07:26:36.0640 3900 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/21 07:26:36.0687 3900 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/21 07:26:36.0812 3900 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/21 07:26:36.0890 3900 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/21 07:26:36.0953 3900 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/21 07:26:37.0078 3900 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/21 07:26:37.0125 3900 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/21 07:26:37.0265 3900 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/21 07:26:37.0312 3900 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/21 07:26:37.0421 3900 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/21 07:26:37.0500 3900 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/21 07:26:37.0578 3900 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/21 07:26:37.0640 3900 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/21 07:26:37.0718 3900 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/21 07:26:37.0875 3900 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/21 07:26:37.0984 3900 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/21 07:26:38.0031 3900 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/21 07:26:38.0093 3900 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/21 07:26:38.0171 3900 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/21 07:26:38.0281 3900 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/21 07:26:38.0328 3900 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/05/21 07:26:38.0421 3900 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
2011/05/21 07:26:38.0531 3900 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/21 07:26:38.0593 3900 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/21 07:26:38.0687 3900 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/21 07:26:38.0765 3900 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/21 07:26:38.0906 3900 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/21 07:26:38.0953 3900 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/21 07:26:39.0000 3900 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/21 07:26:39.0109 3900 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/21 07:26:39.0187 3900 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/05/21 07:26:39.0250 3900 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/05/21 07:26:39.0359 3900 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/21 07:26:39.0437 3900 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/21 07:26:39.0562 3900 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/21 07:26:39.0656 3900 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/21 07:26:39.0734 3900 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/21 07:26:39.0812 3900 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/21 07:26:39.0906 3900 HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/21 07:26:40.0031 3900 HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/21 07:26:40.0156 3900 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/21 07:26:40.0250 3900 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/21 07:26:40.0312 3900 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/21 07:26:40.0359 3900 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/21 07:26:40.0500 3900 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/21 07:26:40.0593 3900 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/21 07:26:40.0687 3900 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/21 07:26:40.0812 3900 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/21 07:26:40.0921 3900 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/21 07:26:41.0015 3900 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/21 07:26:41.0093 3900 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/21 07:26:41.0171 3900 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/21 07:26:41.0218 3900 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/21 07:26:41.0312 3900 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/21 07:26:41.0390 3900 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/21 07:26:41.0484 3900 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/21 07:26:41.0531 3900 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/21 07:26:41.0625 3900 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/21 07:26:41.0750 3900 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/21 07:26:41.0984 3900 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/21 07:26:42.0062 3900 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/21 07:26:42.0156 3900 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/21 07:26:42.0218 3900 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/21 07:26:42.0296 3900 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/21 07:26:42.0375 3900 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/21 07:26:42.0453 3900 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/21 07:26:42.0531 3900 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2011/05/21 07:26:42.0609 3900 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/21 07:26:42.0718 3900 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/21 07:26:42.0890 3900 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/21 07:26:43.0015 3900 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/21 07:26:43.0109 3900 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/21 07:26:43.0187 3900 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/21 07:26:43.0265 3900 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/21 07:26:43.0359 3900 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/21 07:26:43.0406 3900 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/21 07:26:43.0500 3900 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/21 07:26:43.0593 3900 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/21 07:26:43.0703 3900 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/21 07:26:43.0828 3900 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/21 07:26:43.0921 3900 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/21 07:26:44.0000 3900 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/21 07:26:44.0046 3900 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/21 07:26:44.0156 3900 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/21 07:26:44.0234 3900 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/21 07:26:44.0265 3900 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/21 07:26:44.0343 3900 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/21 07:26:44.0375 3900 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/21 07:26:44.0421 3900 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/21 07:26:44.0531 3900 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/21 07:26:44.0734 3900 nv (bbb8ab2ffd7a79cd9d7751008e3de579) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/21 07:26:44.0921 3900 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/05/21 07:26:45.0000 3900 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/05/21 07:26:45.0093 3900 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/05/21 07:26:45.0171 3900 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/05/21 07:26:45.0234 3900 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/21 07:26:45.0312 3900 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/21 07:26:45.0421 3900 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/21 07:26:45.0515 3900 P0630VID (68cb569ede9cfb3b0bf17966428df025) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
2011/05/21 07:26:45.0609 3900 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/21 07:26:45.0703 3900 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/21 07:26:45.0781 3900 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/21 07:26:45.0890 3900 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/21 07:26:46.0031 3900 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/21 07:26:46.0078 3900 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/21 07:26:46.0593 3900 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/21 07:26:46.0640 3900 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/21 07:26:46.0906 3900 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/21 07:26:47.0093 3900 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/21 07:26:47.0234 3900 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/21 07:26:47.0328 3900 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/21 07:26:47.0531 3900 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/21 07:26:47.0687 3900 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/21 07:26:47.0968 3900 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/21 07:26:48.0125 3900 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/21 07:26:48.0328 3900 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/21 07:26:48.0421 3900 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/21 07:26:48.0562 3900 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/21 07:26:48.0765 3900 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/21 07:26:48.0875 3900 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/21 07:26:49.0015 3900 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/21 07:26:49.0234 3900 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/21 07:26:49.0390 3900 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/21 07:26:49.0609 3900 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/21 07:26:49.0843 3900 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/21 07:26:50.0203 3900 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/21 07:26:50.0343 3900 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/21 07:26:50.0500 3900 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/21 07:26:50.0718 3900 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2011/05/21 07:26:50.0937 3900 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/21 07:26:51.0203 3900 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/21 07:26:51.0343 3900 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/21 07:26:51.0453 3900 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/21 07:26:51.0734 3900 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/21 07:26:51.0875 3900 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/21 07:26:52.0015 3900 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/21 07:26:52.0375 3900 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/21 07:26:52.0546 3900 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/21 07:26:52.0812 3900 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/21 07:26:52.0968 3900 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/21 07:26:53.0140 3900 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/21 07:26:53.0406 3900 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/21 07:26:53.0640 3900 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/21 07:26:53.0875 3900 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/21 07:26:54.0000 3900 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/21 07:26:54.0234 3900 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/21 07:26:54.0390 3900 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/21 07:26:54.0671 3900 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/21 07:26:54.0890 3900 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/21 07:26:54.0984 3900 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/21 07:26:55.0156 3900 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/21 07:26:55.0437 3900 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/21 07:26:55.0625 3900 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/21 07:26:55.0859 3900 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/21 07:26:56.0031 3900 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/21 07:26:56.0203 3900 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/21 07:26:56.0421 3900 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/21 07:26:56.0640 3900 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/21 07:26:56.0921 3900 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/21 07:26:57.0218 3900 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/21 07:26:57.0421 3900 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/21 07:26:57.0515 3900 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/21 07:26:57.0687 3900 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/21 07:26:57.0875 3900 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/21 07:26:58.0031 3900 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/21 07:26:58.0171 3900 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/21 07:26:58.0296 3900 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/21 07:26:58.0421 3900 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/21 07:26:58.0546 3900 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/21 07:26:58.0593 3900 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/21 07:26:58.0703 3900 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/21 07:26:58.0906 3900 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/21 07:26:59.0187 3900 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/21 07:26:59.0359 3900 winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/21 07:26:59.0531 3900 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/21 07:26:59.0640 3900 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/21 07:26:59.0843 3900 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/21 07:26:59.0984 3900 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/21 07:27:00.0109 3900 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/21 07:27:00.0203 3900 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/21 07:27:00.0218 3900 ================================================================================
2011/05/21 07:27:00.0234 3900 Scan finished
2011/05/21 07:27:00.0234 3900 ================================================================================
2011/05/21 07:27:00.0250 2412 Detected object count: 1
2011/05/21 07:27:17.0625 2412 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/21 07:27:17.0687 2412 \HardDisk0 - ok
2011/05/21 07:27:17.0687 2412 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/21 07:28:14.0031 3384 Deinitialize success

#4 leatherman

leatherman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 21 May 2011 - 07:00 AM

I now see all of the files which were hidden in the start menu. The Desktop option is still not in my quick launch options, but the other icons are there. I am still getting an error message when I try to play DVDs that says a compatible DVD decoder is not on my computer. I didn't know if that might be to the defogger program, but I wasn't going to do anything unless you instructed me. Yahoo Messenger still is not showing any messages that are sent or received in the message box. Still no access to gmail, but it looks like the google searches are no longer redirecting.

Here is the OTL.txt log:

OTL logfile created on: 5/21/2011 7:46:08 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.03 Gb Total Space | 24.93 Gb Free Space | 40.19% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 74.45 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive E: | 11.46 Gb Total Space | 1.22 Gb Free Space | 10.63% Space Free | Partition Type: FAT32
Drive F: | 7.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVID | User Name: David Branson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/21 07:45:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/28 21:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/01 22:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/09/28 17:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2009/03/18 18:50:30 | 004,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/30 11:04:22 | 000,245,760 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 07:45:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/08/29 15:12:28 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/08/29 15:11:08 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/08/29 15:10:56 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/19 08:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/01 20:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/03/05 19:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 20:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 20:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 20:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 00:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 22:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 21:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/29 21:55:48 | 000,091,830 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/11 14:22:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 20:05:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 14:30:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/02 12:45:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/05/02 12:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Branson.DAVID\Application Data\Mozilla\Extensions
[2011/05/02 12:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Branson.DAVID\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/25 12:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Branson.DAVID\Application Data\Mozilla\Firefox\Profiles\z70gzbj7.default\extensions
[2009/04/19 18:41:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\David Branson.DAVID\Application Data\Mozilla\Firefox\Profiles\z70gzbj7.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/04/29 20:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 11:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/17 08:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/22 00:21:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/15 04:57:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}(2)
File not found (No name found) --
[2008/12/10 23:00:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/05/18 13:26:38 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005..\Run: [qNHRkYKMBL] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Ahissa\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Branson Children\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\David Branson.DAVID\Start Menu\Programs\StartUp\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\David Branson.DAVID\Start Menu\Programs\StartUp\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\The Branson Girls\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289812069182 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\itlnfw32: DllName - Reg Error: Key error. - File not found
O20 - Winlogon\Notify\itlntfy: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 07:16:17 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/18 13:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/05/17 18:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Application Data\whitesmoketoolbar
[2011/05/17 18:44:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Branson.DAVID\Recent
[2011/05/17 10:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/17 09:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/05/17 09:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2011/05/17 09:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/05/16 22:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/05/16 22:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/16 20:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Start Menu\Programs\Windows XP Recovery
[2011/05/16 20:41:20 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/05/16 20:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/16 20:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/16 15:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/16 15:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/08 13:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/05/08 13:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2011/05/08 13:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Application Data\Canon
[2011/05/08 13:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon IJ Network Utilities
[2011/05/08 13:18:40 | 001,310,720 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC870C.dll
[2011/05/08 13:18:40 | 000,307,200 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC870L.dll
[2011/05/08 13:18:40 | 000,110,592 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC870I.dll
[2011/05/08 13:18:39 | 000,102,400 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC870U.dll
[2011/05/08 13:18:39 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll
[2011/05/08 13:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX870 series User Registration
[2011/05/08 13:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/05/08 13:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2011/05/08 13:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX870 series Manual
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmSE.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmRU.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmPT.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmPL.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmNL.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmIT.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmID.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmGR.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmFR.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmFI.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmES.DLL
[2011/05/08 13:04:59 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmDE.DLL
[2011/05/08 13:04:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmUS.DLL
[2011/05/08 13:04:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmTR.DLL
[2011/05/08 13:04:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmTH.DLL
[2011/05/08 13:04:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmNO.DLL
[2011/05/08 13:04:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmKR.DLL
[2011/05/08 13:04:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmHU.DLL
[2011/05/08 13:04:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmDK.DLL
[2011/05/08 13:04:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmCZ.DLL
[2011/05/08 13:04:59 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmAR.DLL
[2011/05/08 13:04:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmTW.DLL
[2011/05/08 13:04:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmJP.DLL
[2011/05/08 13:04:59 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmCN.DLL
[2011/05/08 13:04:58 | 000,296,960 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCF2Lm.DLL
[2011/05/08 13:04:58 | 000,168,448 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFMSm.EXE
[2011/05/08 13:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/08 13:04:38 | 000,276,992 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMA7.DLL
[2011/05/08 13:04:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/05/08 13:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX870 series
[2011/05/08 13:04:20 | 000,179,200 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUA7.DLL
[2011/05/08 13:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\CanonBJ
[2011/05/08 13:03:55 | 000,354,816 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPPM.DLL
[2011/05/08 13:03:55 | 000,137,216 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPUI.DLL
[2011/05/08 13:03:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING
[2011/05/08 13:03:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CHM
[2011/05/08 13:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/05/07 11:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/05/02 12:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\Thunderbird
[2011/05/02 12:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Application Data\Thunderbird
[2011/05/02 12:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird
[2011/05/02 12:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/04/27 09:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Timez Attack Launcher
[2011/04/27 09:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\TimezAttackLauncher
[2011/04/27 09:47:21 | 000,000,000 | ---D | C] -- C:\BigBrainz
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/21 07:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/21 07:29:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/21 07:29:56 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2641056170-3905291606-2290624400-1005.job
[2011/05/21 07:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/21 07:29:30 | 2078,912,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/20 22:21:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2641056170-3905291606-2290624400-1005.job
[2011/05/20 22:13:56 | 000,000,032 | --S- | M] () -- C:\WINDOWS\System32\743401878.dat
[2011/05/19 19:23:57 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\mcs.rma
[2011/05/16 21:51:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vlcifkvc1avm.ini
[2011/05/16 20:51:39 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15916836r
[2011/05/16 20:51:39 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15916836
[2011/05/16 20:51:38 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Desktop\Windows XP Recovery.lnk
[2011/05/16 20:51:34 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15916836
[2011/05/16 20:39:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\2gweorjqjutp92vjy9gake
[2011/05/16 20:03:14 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/14 11:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/13 13:58:22 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\B94F0B
[2011/05/12 09:51:37 | 000,001,183 | ---- | M] () -- C:\hpqp.ini
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 08:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/09 11:45:49 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 13:19:21 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2011/05/08 13:08:54 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2011/05/08 13:08:43 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/05/08 13:06:46 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.1.lnk
[2011/05/08 13:06:13 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2011/05/08 13:05:55 | 000,001,969 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX870 series On-screen Manual.lnk
[2011/05/08 09:39:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 10:38:02 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/05/02 12:45:40 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/05/02 12:45:40 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/04/29 20:05:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 20:05:11 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/27 09:49:02 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Timez Attack.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/21 07:43:18 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/05/21 07:43:18 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
[2011/05/21 07:43:18 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/21 07:43:18 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/21 07:43:18 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/21 07:43:18 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/21 07:43:17 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2011/05/21 07:43:17 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Timez Attack.lnk
[2011/05/21 07:43:17 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/21 07:43:17 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Warner Bros. Digital Copy Manager.lnk
[2011/05/21 07:43:17 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2011/05/21 07:43:17 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/21 07:43:17 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2011/05/21 07:43:16 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office 2003 Edition 60 Days Trial Welcome Tour.lnk
[2011/05/21 07:43:16 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk
[2011/05/21 07:43:16 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/05/21 07:43:16 | 000,001,462 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2011/05/21 07:43:16 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2011/05/21 07:43:16 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/21 07:43:15 | 000,001,974 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2011/05/21 07:43:15 | 000,001,969 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX870 series On-screen Manual.lnk
[2011/05/21 07:43:15 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.1.lnk
[2011/05/21 07:43:15 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2011/05/21 07:43:15 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2011/05/21 07:43:15 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2011/05/21 07:43:14 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/05/21 07:43:14 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/21 07:43:14 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/21 07:43:14 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/21 07:43:14 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2011/05/19 16:06:53 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\743401878.dat
[2011/05/19 12:15:41 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\mcs.rma
[2011/05/16 21:51:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vlcifkvc1avm.ini
[2011/05/16 20:51:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15916836r
[2011/05/16 20:51:38 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Desktop\Windows XP Recovery.lnk
[2011/05/16 20:51:38 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15916836
[2011/05/16 20:51:34 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15916836
[2011/05/16 20:39:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\2gweorjqjutp92vjy9gake
[2011/05/08 13:18:40 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\CNC1743D.TBL
[2011/03/23 10:21:38 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\B94F0B
[2010/10/29 14:11:24 | 000,097,975 | ---- | C] () -- C:\WINDOWS\Publix Preschool Pals Uninstaller.exe
[2010/07/12 18:43:06 | 000,163,150 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2010/07/12 18:43:06 | 000,000,795 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2010/06/29 19:22:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\prvlcl.dat
[2009/08/30 12:37:20 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/05/15 15:52:27 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/07 11:56:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/11 16:29:06 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\fusioncache.dat
[2006/12/09 19:07:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/09 19:05:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/25 11:18:30 | 000,001,955 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/20 02:31:07 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/20 02:27:17 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/09/20 02:27:17 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/20 02:14:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/20 02:04:20 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/18 04:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 04:00:00 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/18 04:00:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 04:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/18 04:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 04:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 04:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/18 04:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/18 04:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,391,638 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,056,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

< End of report >




And here is the extras.txt log:

OTL Extras logfile created on: 5/21/2011 7:46:09 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.03 Gb Total Space | 24.93 Gb Free Space | 40.19% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 74.45 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive E: | 11.46 Gb Total Space | 1.22 Gb Free Space | 10.63% Space Free | Partition Type: FAT32
Drive F: | 7.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVID | User Name: David Branson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2641056170-3905291606-2290624400-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java™ Web Start Launcher -- (Sun Microsystems, Inc.)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 22
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E276E05A-FFE8-485B-A005-42E76EA72AC4}" = HP User Guides 0032
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast" = avast! Free Antivirus
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Creative PD0630" = Creative WebCam Live! Driver (1.01.01.0730)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Live! User's Guide English" = Creative WebCam Live! User's Guide (English)
"dcmsvc_is1" = dcmsvc 1.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"HP Game Console" = HP Game Console and games
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.90
"Rhapsody" = Rhapsody
"Search Toolbar" = Search Toolbar
"Sight Words Buddy_is1" = Sight Words Buddy 1.1
"Speed Dial Utility" = Canon Speed Dial Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Timez Attack Launcher O" = Timez Attack Launcher
"whitesmoketoolbar" = WhiteSmoke Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2641056170-3905291606-2290624400-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/20/2011 11:09:42 PM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/20/2011 11:09:42 PM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/20/2011 11:11:46 PM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/20/2011 11:11:46 PM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2011 7:09:32 AM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/21/2011 7:09:32 AM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2011 7:19:00 AM | Computer Name = DAVID | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 5/21/2011 7:19:29 AM | Computer Name = DAVID | Source = Media Center Scheduler | ID = 0
Description =

Error - 5/21/2011 7:30:06 AM | Computer Name = DAVID | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 5/21/2011 7:30:18 AM | Computer Name = DAVID | Source = Media Center Scheduler | ID = 0
Description =

[ System Events ]
Error - 5/19/2011 11:23:44 AM | Computer Name = DAVID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 AvgTdiX

Error - 5/19/2011 12:13:48 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/19/2011 12:15:11 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/19/2011 12:15:30 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/19/2011 12:15:30 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/19/2011 12:15:38 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/19/2011 12:15:39 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/19/2011 12:16:52 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/20/2011 11:59:48 AM | Computer Name = DAVID | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.

Error - 5/20/2011 11:59:48 AM | Computer Name = DAVID | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.


< End of report >

Edited by leatherman, 21 May 2011 - 08:11 AM.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:33 AM

Posted 21 May 2011 - 11:55 AM

Hi!

Looks like TDSSKiller found the main culprit!

The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/05/21 07:27:00.0250 2412 Detected object count: 1
2011/05/21 07:27:17.0625 2412 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/21 07:27:17.0687 2412 \HardDisk0 - ok
2011/05/21 07:27:17.0687 2412 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/21 07:28:14.0031 3384 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



The Desktop option is still not in my quick launch options, but the other icons are there.

Can you please elaborate a little more on this? I'm not sure I understand what the issue is.

I am still getting an error message when I try to play DVDs that says a compatible DVD decoder is not on my computer. I didn't know if that might be to the defogger program, but I wasn't going to do anything unless you instructed me.

That is a possibility.

Yahoo Messenger still is not showing any messages that are sent or received in the message box. Still no access to gmail, but it looks like the google searches are no longer redirecting.

That's interesting. We may need to uninstall Yahoo Messenger and re-install it to see if that solves the issues you are experiencing.




NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    IE - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
    O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
    O3 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKU\S-1-5-21-2641056170-3905291606-2290624400-1005..\Run: [qNHRkYKMBL] File not found
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Ahissa\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Branson Children\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O4 - Startup: C:\Documents and Settings\The Branson Girls\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
    O20 - Winlogon\Notify\itlnfw32: DllName - Reg Error: Key error. - File not found
    O20 - Winlogon\Notify\itlntfy: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
    [2011/05/17 18:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Application Data\whitesmoketoolbar
    [2011/05/17 09:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
    [2011/05/17 09:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
    [2011/05/16 20:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Start Menu\Programs\Windows XP Recovery
    [2011/05/20 22:13:56 | 000,000,032 | --S- | M] () -- C:\WINDOWS\System32\743401878.dat
    [2011/05/16 21:51:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vlcifkvc1avm.ini
    [2011/05/16 20:51:39 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15916836r
    [2011/05/16 20:51:39 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~15916836
    [2011/05/16 20:51:38 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Desktop\Windows XP Recovery.lnk
    [2011/05/16 20:51:34 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\15916836
    [2011/05/16 20:39:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\2gweorjqjutp92vjy9gake
    [2011/05/13 13:58:22 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\B94F0B
    [2011/05/19 16:06:53 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\743401878.dat
    [2011/05/16 21:51:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vlcifkvc1avm.ini
    [2011/05/16 20:51:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15916836r
    [2011/05/16 20:51:38 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Desktop\Windows XP Recovery.lnk
    [2011/05/16 20:51:38 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~15916836
    [2011/05/16 20:51:34 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\15916836
    [2011/05/16 20:39:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\2gweorjqjutp92vjy9gake
    [2011/03/23 10:21:38 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\B94F0B
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



What issues are you currently experiencing right now?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 leatherman

leatherman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 21 May 2011 - 01:06 PM

Yahoo Messenger is now showing sent and received messages.
Gmail is now working.
Still getting the error message when I try to play DVDs.
The desktop quick launch icon is still gone. In my quick launch area of the taskbar, I have icons for Internet Explorer, Mozilla Firefox, and Ebay Turbo Lister. I used to have an icon which took me to the desktop, but it disappeared when the virus hit and has yet to return.

My wife says "Thank you" for all your help so far, and she is very grateful that you volunteer your time to help others. Thank you from me too.

OTL Fix log:

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2641056170-3905291606-2290624400-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
File C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll not found.
Registry value HKEY_USERS\S-1-5-21-2641056170-3905291606-2290624400-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-2641056170-3905291606-2290624400-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-2641056170-3905291606-2290624400-1005\Software\Microsoft\Windows\CurrentVersion\Run\\qNHRkYKMBL deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk moved successfully.
C:\Documents and Settings\Ahissa\Start Menu\Programs\StartUp\Vongo Tray.lnk moved successfully.
C:\Documents and Settings\Branson Children\Start Menu\Programs\StartUp\Vongo Tray.lnk moved successfully.
C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk moved successfully.
C:\Documents and Settings\The Branson Girls\Start Menu\Programs\StartUp\Vongo Tray.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlntfy\ deleted successfully.
C:\Documents and Settings\David Branson.DAVID\Application Data\whitesmoketoolbar folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\components folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\options folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\weather folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\search folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\rss folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\modules folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome folder moved successfully.
C:\Program Files\whitesmoketoolbar folder moved successfully.
C:\Documents and Settings\David Branson.DAVID\Start Menu\Programs\Windows XP Recovery folder moved successfully.
C:\WINDOWS\system32\743401878.dat moved successfully.
C:\WINDOWS\vlcifkvc1avm.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\~15916836r moved successfully.
C:\Documents and Settings\All Users\Application Data\~15916836 moved successfully.
C:\Documents and Settings\David Branson.DAVID\Desktop\Windows XP Recovery.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\15916836 moved successfully.
C:\Documents and Settings\David Branson.DAVID\2gweorjqjutp92vjy9gake moved successfully.
C:\Documents and Settings\David Branson.DAVID\Application Data\B94F0B moved successfully.
File C:\WINDOWS\System32\743401878.dat not found.
File C:\WINDOWS\vlcifkvc1avm.ini not found.
File C:\Documents and Settings\All Users\Application Data\~15916836r not found.
File C:\Documents and Settings\David Branson.DAVID\Desktop\Windows XP Recovery.lnk not found.
File C:\Documents and Settings\All Users\Application Data\~15916836 not found.
File C:\Documents and Settings\All Users\Application Data\15916836 not found.
File C:\Documents and Settings\David Branson.DAVID\2gweorjqjutp92vjy9gake not found.
File C:\Documents and Settings\David Branson.DAVID\Application Data\B94F0B not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05212011_133605




Malwarebytes log file:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6634

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/21/2011 2:02:18 PM
mbam-log-2011-05-21 (14-02-18).txt

Scan type: Quick scan
Objects scanned: 220578
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 7
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\mozilla firefox\rasadhlp.dll (Spyware.Passwords.XGen) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\microsoft common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mozilla firefox\rasadhlp.dll (Spyware.Passwords.XGen) -> Delete on reboot.
c:\documents and settings\branson children\my documents\downloads\myfuncards(2).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\branson children\my documents\downloads\myfuncards.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\branson children\my documents\downloads\setupplaysushi.exe (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\internet explorer\rasadhlp.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\outlook express\rasadhlp.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\branson children\local settings\Temp\giy9rcs.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\slujtof.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\ykarmpd.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\fas5sl1.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\fr6vc7h.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\fvvj9co.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\gf8husy.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\gsfcjpp.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\izh2fcr.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\jjj2lc1.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\m4fccfv.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\ma5n75b.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\bmu0dlm.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\c8pv0l4.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\dzv6ptt.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\e6a0bun.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\temp\0.24925955996198224.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\1suvy46.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\2c7rha8.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\2pjnp2o.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\4d0imhk.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\8ifmelf.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\8tmr6sr.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\aicgc2n.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\local settings\Temp\aj8n9rf.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\3748 (Adware.WebSearch) -> Quarantined and deleted successfully.
c:\windows\temp\svbt\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\irwx\int5sd.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\irwx\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\david branson.david\application data\Adobe\plugs\mmc135.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.

Edited by leatherman, 21 May 2011 - 01:20 PM.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:33 AM

Posted 21 May 2011 - 02:09 PM

Hi!

Yahoo Messenger is now showing sent and received messages.
Gmail is now working.

Great to hear they are now working.

Still getting the error message when I try to play DVDs.

I'd like to hold off on addressing this issue for now, I'm hoping that maybe it'll fix itself.

My wife says "Thank you" for all your help so far, and she is very grateful that you volunteer your time to help others. Thank you from me too.

You both are very welcome! I'm glad to lend my expertise to help get your computer issues solved.

The desktop quick launch icon is still gone. In my quick launch area of the taskbar, I have icons for Internet Explorer, Mozilla Firefox, and Ebay Turbo Lister. I used to have an icon which took me to the desktop, but it disappeared when the virus hit and has yet to return.

Ahh. Okay, thanks for the clarification there. I know what you're referring to now.

I need to look into the best way to fix that.

I'd like to have you run a more powerful tool, and see what it finds.

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 leatherman

leatherman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 21 May 2011 - 04:11 PM

Still unable to play DVDs on Windows Media Player (getting the same error message), and the quick launch button is still gone. I found Microsoft links to fixing both of these issues, so I'm not that concerned about those. I will refrain from fixing either of them until I get the green light from you. Defogger still has the emulators disabled.

Here is the Combofix log:


ComboFix 11-05-21.03 - David Branson 05/21/2011 16:38:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1393 [GMT -4:00]
Running from: c:\documents and settings\David Branson.DAVID\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ahissa\Local Settings\Application Data\{25252F61-672A-46B4-8F4A-922272A41E8D}
c:\documents and settings\Ahissa\Local Settings\Application Data\{25252F61-672A-46B4-8F4A-922272A41E8D}\chrome.manifest
c:\documents and settings\Ahissa\Local Settings\Application Data\{25252F61-672A-46B4-8F4A-922272A41E8D}\chrome\content\_cfg.js
c:\documents and settings\Ahissa\Local Settings\Application Data\{25252F61-672A-46B4-8F4A-922272A41E8D}\chrome\content\c.js
c:\documents and settings\Ahissa\Local Settings\Application Data\{25252F61-672A-46B4-8F4A-922272A41E8D}\chrome\content\overlay.xul
c:\documents and settings\Ahissa\Local Settings\Application Data\{25252F61-672A-46B4-8F4A-922272A41E8D}\install.rdf
c:\documents and settings\All Users\invokesi.exe
c:\documents and settings\David Branson.DAVID\Application Data\Adobe\plugs
c:\documents and settings\David Branson.DAVID\Application Data\Adobe\plugs\mmc2546406.txt
c:\documents and settings\David Branson.DAVID\Application Data\Adobe\shed
c:\documents and settings\David Branson.DAVID\Application Data\Adobe\shed\thr1.chm
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
E:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_ITLPERF
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 20:14 . 2011-05-21 20:14 -------- d-----w- c:\documents and settings\David Branson.DAVID\Application Data\AVG10
2011-05-21 20:10 . 2011-05-21 20:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-05-21 20:09 . 2011-05-21 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-05-21 17:45 . 2011-05-21 17:45 -------- d-----w- c:\documents and settings\David Branson.DAVID\Application Data\Malwarebytes
2011-05-21 17:45 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 17:45 . 2011-05-21 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-21 17:45 . 2011-05-21 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 17:45 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 17:36 . 2011-05-21 17:36 -------- d-----w- C:\_OTL
2011-05-21 11:16 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-17 17:50 . 2011-05-17 17:50 -------- d-s---w- c:\documents and settings\Branson Children\UserData
2011-05-17 17:49 . 2011-05-17 17:50 -------- d-----w- c:\documents and settings\Branson Children\Application Data\whitesmoketoolbar
2011-05-17 14:55 . 2011-05-17 14:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-05-17 02:56 . 2011-05-17 02:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-05-17 02:56 . 2011-05-17 02:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-17 00:41 . 2006-03-16 04:00 4224 ----a-w- c:\windows\system32\beep.sys
2011-05-17 00:27 . 2011-05-17 00:27 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-05-14 15:53 . 2011-05-14 15:53 -------- d-----w- c:\documents and settings\Branson Children\Local Settings\Application Data\Apple
2011-05-08 17:49 . 2011-05-08 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJEGV
2011-05-08 17:49 . 2011-05-08 18:13 -------- d-----w- c:\documents and settings\David Branson.DAVID\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2011-05-08 17:48 . 2011-05-08 17:48 -------- d-----w- c:\documents and settings\David Branson.DAVID\Application Data\Canon
2011-05-08 17:18 . 2009-10-19 20:29 307200 ----a-w- c:\windows\system32\CNC870L.dll
2011-05-08 17:18 . 2009-10-05 22:09 1310720 ----a-w- c:\windows\system32\CNC870C.dll
2011-05-08 17:18 . 2009-10-05 22:08 110592 ----a-w- c:\windows\system32\CNC870I.dll
2011-05-08 17:18 . 2009-10-05 22:05 102400 ----a-w- c:\windows\system32\CNC870U.dll
2011-05-08 17:18 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-05-08 17:09 . 2011-05-08 17:09 -------- d-----w- c:\program files\Common Files\CANON
2011-05-08 17:03 . 2011-05-08 17:03 -------- d-----w- c:\windows\system32\STRING
2011-05-08 17:03 . 2009-10-09 15:01 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2011-05-08 17:03 . 2009-10-09 15:01 354816 ----a-w- c:\windows\system32\CNMNPPM.DLL
2011-05-08 17:03 . 2011-05-08 17:03 -------- d-----w- c:\windows\system32\CHM
2011-05-08 17:02 . 2011-05-08 17:22 -------- d-----w- c:\program files\Canon
2011-05-07 15:53 . 2011-05-07 15:53 -------- d-s---w- c:\documents and settings\NetworkService\Temporary Internet Files
2011-05-07 15:53 . 2011-05-07 15:53 -------- d-s---w- c:\documents and settings\NetworkService\History
2011-05-07 15:53 . 2011-05-07 15:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-05-02 16:45 . 2011-05-02 16:45 -------- d-----w- c:\documents and settings\David Branson.DAVID\Local Settings\Application Data\Thunderbird
2011-05-02 16:45 . 2011-05-02 16:45 -------- d-----w- c:\documents and settings\David Branson.DAVID\Application Data\Thunderbird
2011-05-02 16:45 . 2011-05-02 20:20 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-04-27 13:48 . 2011-04-27 13:49 -------- d-----w- c:\program files\TimezAttackLauncher
2011-04-27 13:47 . 2011-04-29 19:52 -------- d-----w- C:\BigBrainz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-11-15 10:06 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-11-15 10:06 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-11-15 10:06 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-11-15 10:06 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-11-15 10:06 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-11-15 10:06 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-11-15 10:06 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-11-15 10:06 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-11-15 10:06 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-07 05:33 . 2006-03-16 04:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2006-03-16 04:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-03-16 04:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 16:26 . 2011-03-28 15:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\David Branson.DAVID\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2011-4-9 142848]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/21/2011 7:16 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/15/2010 6:06 AM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/15/2010 6:06 AM 19544]
S2 gupdate1c9e6efc1f988d5;Google Update Service (gupdate1c9e6efc1f988d5);c:\program files\Google\Update\GoogleUpdate.exe [6/6/2009 5:42 PM 133104]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [8/31/2010 7:29 PM 91830]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 21:42]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 21:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\David Branson.DAVID\Application Data\Mozilla\Firefox\Profiles\z70gzbj7.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-whitesmoketoolbar - c:\program files\whitesmoketoolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 16:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2080BH_PL rev.892C -> Harddisk0\DR0 -> \Device\00000085
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3844)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\msdtc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2011-05-21 17:08:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-21 21:08
.
Pre-Run: 27,818,528,768 bytes free
Post-Run: 28,401,311,744 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - 17C1DE1827DDE3674DF48C01F2F770AE

Edited by leatherman, 21 May 2011 - 04:24 PM.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:33 AM

Posted 21 May 2011 - 04:39 PM

Hi!

Still unable to play DVDs on Windows Media Player (getting the same error message), and the quick launch button is still gone. I found Microsoft links to fixing both of these issues, so I'm not that concerned about those. I will refrain from fixing either of them until I get the green light from you. Defogger still has the emulators disabled.

Lets hold up on that for now.

____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    c:\documents and settings\Branson Children\Application Data\whitesmoketoolbar
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it.


Click the "Scan" button to start scan.


Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply.


Posted Image



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 leatherman

leatherman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 22 May 2011 - 06:44 AM

OTL Fix log file:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
c:\documents and settings\Branson Children\Application Data\whitesmoketoolbar\weather folder moved successfully.
c:\documents and settings\Branson Children\Application Data\whitesmoketoolbar folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Ahissa
->Temp folder emptied: 577763166 bytes
->Java cache emptied: 7821 bytes
->FireFox cache emptied: 55729583 bytes
->Flash cache emptied: 13057 bytes

User: All Users

User: Branson Children
->Temp folder emptied: 28532752 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 95829537 bytes
->FireFox cache emptied: 222863667 bytes
->Flash cache emptied: 297929 bytes

User: David Branson

User: David Branson.DAVID
->Temp folder emptied: 84657 bytes
->Temporary Internet Files folder emptied: 7807817 bytes
->Java cache emptied: 62506 bytes
->FireFox cache emptied: 258261201 bytes
->Flash cache emptied: 119681 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 16384 bytes
->Flash cache emptied: 2415 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Flash cache emptied: 21022 bytes

User: The Branson Girls
->Temp folder emptied: 6189951 bytes
->Java cache emptied: 26563 bytes
->FireFox cache emptied: 54509740 bytes
->Flash cache emptied: 23224 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,248.00 mb


[EMPTYFLASH]

User: Administrator

User: Ahissa
->Flash cache emptied: 0 bytes

User: All Users

User: Branson Children
->Flash cache emptied: 0 bytes

User: David Branson

User: David Branson.DAVID
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: The Branson Girls
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05212011_212055

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_824.dat moved successfully.

Registry entries deleted on Reboot...



aswMBR log file:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-21 21:33:34
-----------------------------
21:33:34.375 OS Version: Windows 5.1.2600 Service Pack 3
21:33:34.375 Number of processors: 2 586 0x4802
21:33:34.375 ComputerName: DAVID UserName:
21:33:35.156 Initialize success
21:33:47.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000083
21:33:47.703 Disk 0 Vendor: FUJITSU_MHV2080BH_PL 892C Size: 76319MB BusType: 3
21:33:47.718 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000085
21:33:47.718 Disk 1 Vendor: FUJITSU_MHV2080BH_PL 892C Size: 76319MB BusType: 3
21:33:47.750 Disk 0 MBR read successfully
21:33:47.765 Disk 0 MBR scan
21:33:47.765 Disk 0 unknown MBR code
21:33:47.781 Disk 0 scanning sectors +156296385
21:33:47.812 Disk 0 scanning C:\WINDOWS\system32\drivers
21:33:55.734 Service scanning
21:33:56.875 Disk 0 trace - called modules:
21:33:56.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
21:33:56.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4b3ab8]
21:33:56.906 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000084[0x8a47fac0]
21:33:56.906 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\00000083[0x8a4ca030]
21:33:56.906 Scan finished successfully
21:34:26.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Branson.DAVID\Desktop\MBR.dat"
21:34:26.796 The log file has been saved successfully to "C:\Documents and Settings\David Branson.DAVID\Desktop\aswMBR.txt"


ESET Scan log:

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP567\A0091715.exe a variant of Win32/Kryptik.NVC trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP568\A0091756.dll a variant of Win32/Routmo.N trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP568\snapshot\MFEX-1.DAT a variant of Win32/Kryptik.NTI trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP569\A0091841.exe a variant of Win32/Kryptik.NVC trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP569\snapshot\MFEX-1.DAT a variant of Win32/Kryptik.NTI trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP570\A0092060.exe a variant of Win32/Kryptik.NTI trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP570\A0092080.dll a variant of Win32/Koblu.A trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP570\snapshot\MFEX-1.DAT a variant of Win32/Kryptik.NTI trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP571\snapshot\MFEX-1.DAT a variant of Win32/Kryptik.NTI trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP575\A0093112.dll Win32/Toolbar.Zugo application


Security Check log:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Adobe Flash Player 10.2.159.1
Adobe Reader 9.3.4
Adobe Reader X (10.0.1)
Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:33 AM

Posted 22 May 2011 - 09:21 AM

Hi!

The threats found by ESET are currently in Quarantine/System Rstore, and will be dealt with once we clean-up our tools.

OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 leatherman

leatherman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 22 May 2011 - 05:54 PM

We are still unable to play DVDs on Windows Media Player. All other issues seem to be resolved.

Incidentally, Rhapsody was NOT working before our fixes, but it is working now.



OTL logfile created on: 5/22/2011 6:49:13 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.03 Gb Total Space | 27.20 Gb Free Space | 43.84% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 74.45 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive E: | 11.46 Gb Total Space | 1.22 Gb Free Space | 10.63% Space Free | Partition Type: FAT32
Drive F: | 7.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVID | User Name: David Branson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/21 07:45:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/09 21:48:17 | 000,142,848 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2010/09/28 21:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/11/01 22:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2009/03/18 18:50:30 | 004,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/30 11:04:22 | 000,245,760 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 07:45:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Branson.DAVID\My Documents\Downloads\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/08/29 15:12:28 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/08/29 15:11:08 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/08/29 15:10:56 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/19 08:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/01 20:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/03/05 19:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 20:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 20:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 20:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 00:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 22:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 21:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/29 21:55:48 | 000,091,830 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/11 14:22:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 20:05:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 14:30:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/02 12:45:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/05/02 12:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Branson.DAVID\Application Data\Mozilla\Extensions
[2011/05/02 12:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Branson.DAVID\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/25 12:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Branson.DAVID\Application Data\Mozilla\Firefox\Profiles\z70gzbj7.default\extensions
[2009/04/19 18:41:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\David Branson.DAVID\Application Data\Mozilla\Firefox\Profiles\z70gzbj7.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/04/29 20:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 11:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/17 08:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/22 00:21:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/15 04:57:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}(2)
File not found (No name found) --
[2008/12/10 23:00:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/05/18 13:26:38 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/21 16:58:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\David Branson.DAVID\Start Menu\Programs\StartUp\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\David Branson.DAVID\Start Menu\Programs\StartUp\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289812069182 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 21:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/21 16:35:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/21 16:25:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/21 16:25:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/21 16:25:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/21 16:24:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/21 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Application Data\AVG10
[2011/05/21 16:10:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/21 16:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/21 15:57:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/21 15:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Start Menu\Programs\Revo Uninstaller
[2011/05/21 13:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Application Data\Malwarebytes
[2011/05/21 13:45:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/21 13:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/21 13:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/21 13:45:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/21 13:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/21 13:36:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/21 07:16:17 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/17 18:44:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Branson.DAVID\Recent
[2011/05/17 10:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/17 09:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2011/05/16 22:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/05/16 22:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/16 20:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/16 20:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/16 15:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/16 15:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/08 13:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/05/08 13:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2011/05/08 13:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Application Data\Canon
[2011/05/08 13:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon IJ Network Utilities
[2011/05/08 13:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX870 series User Registration
[2011/05/08 13:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/05/08 13:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2011/05/08 13:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX870 series Manual
[2011/05/08 13:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/08 13:04:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/05/08 13:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX870 series
[2011/05/08 13:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\CanonBJ
[2011/05/08 13:03:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING
[2011/05/08 13:03:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CHM
[2011/05/08 13:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/05/07 11:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/05/02 12:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\Thunderbird
[2011/05/02 12:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Branson.DAVID\Application Data\Thunderbird
[2011/05/02 12:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird
[2011/05/02 12:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/04/27 09:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Timez Attack Launcher
[2011/04/27 09:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\TimezAttackLauncher
[2011/04/27 09:47:21 | 000,000,000 | ---D | C] -- C:\BigBrainz

========== Files - Modified Within 30 Days ==========

[2011/05/22 18:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 15:08:36 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/22 07:47:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/22 07:46:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 07:46:28 | 2078,912,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/21 21:34:26 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Desktop\MBR.dat
[2011/05/21 16:58:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/21 15:57:03 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Desktop\Revo Uninstaller.lnk
[2011/05/21 15:12:12 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\mcs.rma
[2011/05/21 15:12:12 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\B94F0B
[2011/05/21 13:45:43 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 11:53:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/12 09:51:37 | 000,001,183 | ---- | M] () -- C:\hpqp.ini
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 08:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/09 11:45:49 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 13:19:21 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2011/05/08 13:08:54 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2011/05/08 13:08:43 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/05/08 13:06:46 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.1.lnk
[2011/05/08 13:06:13 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2011/05/08 13:05:55 | 000,001,969 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX870 series On-screen Manual.lnk
[2011/05/08 09:39:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 10:38:02 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/05/02 12:45:40 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/05/02 12:45:40 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/04/29 20:05:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 20:05:11 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/27 09:49:02 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Timez Attack.lnk

========== Files Created - No Company Name ==========

[2011/05/21 21:34:26 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Desktop\MBR.dat
[2011/05/21 16:45:51 | 000,001,011 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2011/05/21 16:45:51 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/21 16:45:51 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/21 16:45:50 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/05/21 16:45:50 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickPlay.lnk
[2011/05/21 16:45:50 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Warner Bros. Digital Copy Manager.lnk
[2011/05/21 16:45:49 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/05/21 16:45:49 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/05/21 16:45:49 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/21 16:45:48 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/05/21 16:45:48 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/21 16:45:48 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2011/05/21 16:45:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/05/21 16:29:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/21 16:25:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/21 16:25:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/21 16:25:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/21 16:25:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/21 16:25:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/21 15:12:07 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\mcs.rma
[2011/05/21 14:59:38 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\B94F0B
[2011/05/21 13:45:43 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 07:43:18 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/05/21 07:43:18 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
[2011/05/21 07:43:18 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/05/21 07:43:18 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/21 07:43:18 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/21 07:43:18 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/21 07:43:17 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2011/05/21 07:43:17 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Timez Attack.lnk
[2011/05/21 07:43:17 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/21 07:43:17 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Warner Bros. Digital Copy Manager.lnk
[2011/05/21 07:43:17 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2011/05/21 07:43:17 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/05/21 07:43:17 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2011/05/21 07:43:16 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office 2003 Edition 60 Days Trial Welcome Tour.lnk
[2011/05/21 07:43:16 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk
[2011/05/21 07:43:16 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/05/21 07:43:16 | 000,001,462 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2011/05/21 07:43:16 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2011/05/21 07:43:16 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/21 07:43:15 | 000,001,974 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2011/05/21 07:43:15 | 000,001,969 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX870 series On-screen Manual.lnk
[2011/05/21 07:43:15 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.1.lnk
[2011/05/21 07:43:15 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2011/05/21 07:43:15 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2011/05/21 07:43:15 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2011/05/21 07:43:14 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/05/21 07:43:14 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/21 07:43:14 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/21 07:43:14 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/21 07:43:14 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2011/05/08 13:18:40 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\CNC1743D.TBL
[2010/10/29 14:11:24 | 000,097,975 | ---- | C] () -- C:\WINDOWS\Publix Preschool Pals Uninstaller.exe
[2010/07/12 18:43:06 | 000,163,150 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2010/07/12 18:43:06 | 000,000,795 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2010/06/29 19:22:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\prvlcl.dat
[2009/08/30 12:37:20 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/05/15 15:52:27 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/07 11:56:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/11 16:29:06 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\David Branson.DAVID\Local Settings\Application Data\fusioncache.dat
[2006/12/09 19:07:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/09 19:05:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/25 11:18:30 | 000,001,955 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/20 02:31:07 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/20 02:27:17 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/09/20 02:27:17 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/20 02:14:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/20 02:04:20 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/18 04:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 04:00:00 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/18 04:00:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 04:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/18 04:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 04:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 04:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/18 04:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/18 04:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,391,638 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,056,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/11/15 06:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/21 16:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/15 05:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/08 13:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/08 13:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/05/21 16:10:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/21 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/03/06 21:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/21 16:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Branson.DAVID\Application Data\AVG10
[2011/05/08 13:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Branson.DAVID\Application Data\Canon
[2011/02/07 22:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Branson.DAVID\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/09/13 20:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Branson.DAVID\Application Data\IObit
[2010/08/16 21:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Branson.DAVID\Application Data\OpenOffice.org
[2011/02/09 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Branson.DAVID\Application Data\SoftGrid Client
[2011/05/02 12:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Branson.DAVID\Application Data\Thunderbird
[2011/02/09 16:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Branson.DAVID\Application Data\TP
[2011/04/04 10:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Branson.DAVID\Application Data\Unity

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-12 13:55:56

< End of report >

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:33 AM

Posted 23 May 2011 - 08:33 AM

Hi!

See if this fixes the issue with DVDs not playing:

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 leatherman

leatherman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 24 May 2011 - 04:59 PM

I am still getting the error message "Windows Media Player cannot play the DVD because a compatible DVD decoder is not installed on your computer."

Windows MP's help link shows some sites where I can buy a decoder. Any good free downloads to play DVDs? I don't care if WMP works, just as long as we can watch DVDs on my computer again, as we often use our computer at night to watch movies in bed.

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:33 AM

Posted 24 May 2011 - 05:57 PM

Windows MP's help link shows some sites where I can buy a decoder. Any good free downloads to play DVDs? I don't care if WMP works, just as long as we can watch DVDs on my computer again, as we often use our computer at night to watch movies in bed.

You may want to give this program a try: http://www.videolan.org/vlc/ It's a free program, and I use it on my own computer. :)

Why don't you try downloading that, and post back with the results, and if all goes well and you like it, we can proceed with the clean-up procedure.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users