Free Malware Removal Forum

[dunangibb]

Please an you help. My kids installed some software which brought the bogus "Control Centre" fake AV software onto my pc [AKA CCmain.exe] I also got hit with a worm W32.Ackantta!gen. I used Norton to find and remove the worm. I scanned and removed a load of stuff with MalawareBytes. But, still when I goggle web pages, if I click any results I am re-directed. Where is the little bugger hiding and how do I get rid? Malaware and Norton now find nothing.

I have have tried to attach the Hyjack this log but the page gives an error.
[Note, I raised this from another PC because both IE and Google Chrome give an error (page not connected) at the time of 'submitting' the post to this site.. but the same text is here copied from an e-mail.... subject connected??]
Help MUCH appreciated!!

Uninstall Log
32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Reader 9.3
Adobe Shockwave Player
Ahead Nero - Burning Rom
Auto Gordian Knot 2.45
AviSynth 2.5
AVS Audio Converter version 5.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Belarc Advisor 7.2
Big Fish Games Client
Critical Update for Windows Media Player 11 (KB959772)
Curse of the Pharaoh: Tears of Sekhmet
dBpowerAMP Music Converter
dBpoweramp Windows Media Audio 10 Codec
dBpowerAMP WMA V9 Codec
Delaware St. John: The Town with No Name
Department 42: The Mystery of the Nine
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
doPDF 6.3 printer
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Egg vs. Chicken
Egg vs. Chicken
Fiesta Download Manager
Free Download Manager 3.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hidden in Time: Mirror Mirror
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Product Detection
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
IBM RecordNow
IBM RecordNow Update Manager
ImageMixer for Sony DVD Handycam
Java(TM) 6 Update 11
KODAK Gallery Upload Software
LimeWire 5.0.11
LiveUpdate 1.6 (Symantec Corporation)
Magic Encyclopedia: Moon Light
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
Motorola Driver Installation
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MWSnap 3
Norton AntiVirus Corporate Edition
Picasa 3
Plants vs Zombies
Plants vs. Zombies Deluxe
QuickTime Alternative 1.69
Reincarnations: Awakening
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Skype™ 4.0
Software Informer 1.0 BETA
Sony DVD Handycam USB Driver
SPMP3050 Transcoding Tool
Spyware Doctor 6.0
Storm Codec
Surround Mp4 Tool 3.0.4
SyncBack
TeamViewer 5
The Hardy Boys - The Perfect Crime
ULi USB2.0 Driver
Unknown Device Identifier 6.01
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VobSub v2.23 (Remove Only)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
Zulu's Zoo

Hijack Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:14, on 06/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MP3Bar - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &MP3Bar - res://C:\Program Files\Fiesta Download Manager\mp3bar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2029630921
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Update Service (gupdate1c9dc723dc56960) (gupdate1c9dc723dc56960) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 6504 bytes

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[shinybeast]

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.

• Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
• Perform all instructions in the order given.
• Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
• Do not run any other tools to remove malware while we are working.
• If your security software throws up warnings about some of these tools, please allow these tools to run.
• If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules and How to get help at this forum where the conditions for receiving help at this forum are explained.

Be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before we start.


If you still require assistance, please perform the following.


P2P Software

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.0.11
Free Download Manager 3.0

I'd like you to read P2P (Person to Person) File Sharing Programmes where this forum's policy is explained.

If you would like to continue, you must go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Warning: Any existing remnants of the program may be removed during cleaning.

NOTE: Free Download Manager can be used for scheduling downloads from HTTP and FTP sources. However, it also has P2P functionality and is thus against this forum's policy.


Scan with OTL

Click here to download OTL by OldTimer and save it to your Desktop

• Close all other open windows, then double-click OTL to start the tool.
• Under Output, ensure that Minimal Output is selected
• Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
  

  Code: Select all

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  CREATERESTOREPOINT

• Click Run Scan in upper left of window.
• When the scan is finished, two logs will open:
  OTL.Txt <-- Will be opened
  Extras.Txt <-- Will be minimized
• Please post the contents of these two logs in your next reply.

[dunangibb]

Many thanks.... I have done exactly what you said.....

OLT.Txt
OTL logfile created on: 12/03/2010 16:32:37 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Duncan & Carole\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 59.69 Gb Free Space | 40.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 284.32 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive F: | 985.72 Mb Total Space | 984.67 Mb Free Space | 99.89% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2
Current User Name: Duncan & Carole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\MSGSYS.EXE (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Norton AntiVirus Server) -- C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100303.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100303.005\NAVENG.SYS (Symantec Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (aliroothub) -- C:\WINDOWS\system32\drivers\AliRtHub.sys (ULi Corporation)
DRV - (ALIEHCD) -- C:\WINDOWS\system32\drivers\AliEhci.sys (ULi Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (sonypvf2) -- C:\WINDOWS\system32\drivers\sonypvf2.sys (Sony Corporation)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (sonypvt2) -- C:\WINDOWS\system32\drivers\sonypvt2.sys (Sony Corporation)
DRV - (sonypvl2) -- C:\WINDOWS\system32\drivers\sonypvl2.sys (Sony Corporation)
DRV - (sonypvd2) -- C:\WINDOWS\system32\drivers\sonypvd2.sys (Sony Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVAPEL) -- C:\Program Files\NavNT\Navapel.sys ()
DRV - (NAVAP) -- C:\Program Files\NavNT\navap.sys ()
DRV - (MASPINT) -- C:\WINDOWS\system32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F3 20 E3 02 94 A7 37 4C A8 57 33 A2 2B 03 C5 0A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/01/31 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Mozilla\Extensions
[2009/01/31 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/06 12:18:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MP3Bar) - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MP3Bar) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &MP3Bar - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 2029630921 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/20 15:58:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{47df51c9-02b2-11df-889a-001921b3eb17}\Shell - "" = AutoRun
O33 - MountPoints2\{47df51c9-02b2-11df-889a-001921b3eb17}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{47df51c9-02b2-11df-889a-001921b3eb17}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/20 15:58:29 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 16:28:50 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe
[2010/03/07 09:27:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/06 15:40:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/05 20:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/05 19:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/05 19:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/28 11:52:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2056950031
[2010/02/28 11:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/16 18:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/11/15 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2009/06/02 19:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/24 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/12 09:37:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/21 20:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/20 15:58:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/04/11 00:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/12 16:40:23 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/12 16:38:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/12 16:27:58 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe
[2010/03/12 13:55:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/12 10:40:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/12 10:28:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/12 10:28:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/12 10:28:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/12 07:39:25 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Duncan & Carole\NTUSER.DAT
[2010/03/12 07:36:51 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Duncan & Carole\Desktop\Microsoft word.lnk
[2010/03/10 10:51:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/06 15:25:50 | 000,000,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/03/06 11:32:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\ntuser.ini
[2010/03/05 20:06:37 | 000,001,266 | ---- | M] () -- C:\WINDOWS\System32\731f25f1
[2010/03/05 20:03:16 | 000,002,729 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833P.manifest
[2010/03/05 20:03:11 | 000,000,344 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833C.manifest
[2010/03/05 20:00:02 | 000,000,422 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833O.manifest
[2010/03/05 19:39:05 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\1219032680
[2010/03/05 19:03:09 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833S.manifest
[2010/02/28 22:06:06 | 000,001,369 | -HS- | M] () -- C:\WINDOWS\System32\418948664
[2010/02/28 11:52:00 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/02/24 08:26:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/13 10:55:53 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/13 10:35:16 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/02/12 10:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/06 15:25:48 | 000,000,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/02/28 13:44:29 | 000,001,369 | -HS- | C] () -- C:\WINDOWS\System32\418948664
[2010/02/28 11:52:55 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\1219032680
[2010/02/28 11:52:00 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/02/28 11:51:54 | 000,001,266 | ---- | C] () -- C:\WINDOWS\System32\731f25f1
[2010/02/28 11:51:44 | 000,002,729 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833P.manifest
[2010/02/28 11:51:44 | 000,000,422 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833O.manifest
[2010/02/28 11:51:44 | 000,000,344 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833C.manifest
[2010/02/28 11:51:44 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833S.manifest
[2010/02/13 10:55:53 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/04/08 17:17:40 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2009/04/08 17:17:40 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2009/02/08 20:50:32 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/01/24 18:05:13 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Duncan & Carole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/20 21:53:52 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/18 11:28:46 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 16:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 16:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 16:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/27 17:57:49 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\AutoGK.ini
[2008/10/27 17:32:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/09/21 20:50:39 | 000,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/03 13:29:06 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/12/30 12:18:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/12/30 12:10:30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/24 16:56:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/09/01 15:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/07/08 13:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/05/15 06:39:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/11/08 17:10:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/15 04:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll
[2001/10/29 12:51:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/31 14:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/09/18 16:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[1999/01/23 01:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/20 10:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/02/20 10:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/20 10:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/02/20 10:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/03/10 10:51:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/10 10:51:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/09/16 12:47:15 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/16 12:47:15 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/16 12:47:15 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B4DA230
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D20FFA63
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extras.Txt
OTL Extras logfile created on: 12/03/2010 16:32:37 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Duncan & Carole\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 59.69 Gb Free Space | 40.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 284.32 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive F: | 985.72 Mb Total Space | 984.67 Mb Free Space | 99.89% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2
Current User Name: Duncan & Carole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\ISO Hunt\0. P2P Engines\utorrent-1.8.2.exe" = E:\ISO Hunt\0. P2P Engines\utorrent-1.8.2.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = IBM RecordNow Update Manager
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F845B05-8B76-4302-A808-7FB21E2BC5E6}" = Sony DVD Handycam USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}" = Motorola Driver Installation
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ULi USB2.0 Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DBF6F373-236E-49EE-9A07-0F67B4EAC8E8}" = SPMP3050 Transcoding Tool
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD350FC2-A972-427D-800B-A2D200ACFF41}" = ImageMixer for Sony DVD Handycam
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AutoGK" = Auto Gordian Knot 2.45
"AviSynth" = AviSynth 2.5
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Belarc Advisor" = Belarc Advisor 7.2
"BFGC" = Big Fish Games Client
"BFG-Curse of the Pharaoh - Tears of Sekhmet" = Curse of the Pharaoh: Tears of Sekhmet
"BFG-Delaware St. John - The Town with No Name" = Delaware St. John: The Town with No Name
"BFG-Department 42 - The Mystery of the Nine" = Department 42: The Mystery of the Nine
"BFG-Egg vs. Chicken" = Egg vs. Chicken
"BFG-Hidden in Time - Mirror Mirror" = Hidden in Time: Mirror Mirror
"BFG-Magic Encyclopedia - Moon Light" = Magic Encyclopedia: Moon Light
"BFG-Reincarnations - Awakening" = Reincarnations: Awakening
"BFG-The Hardy Boys - The Perfect Crime" = The Hardy Boys - The Perfect Crime
"BFG-Zulu's Zoo" = Zulu's Zoo
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"dBpowerAMP WMA V9 Codec" = dBpowerAMP WMA V9 Codec
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doPDF 6 printer_is1" = doPDF 6.3 printer
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Egg vs. Chicken_is1" = Egg vs. Chicken
"F-Manager" = Fiesta Download Manager
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"MWSnap 3" = MWSnap 3
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Plants vs. Zombies Deluxe" = Plants vs. Zombies Deluxe
"QuicktimeAlt_is1" = QuickTime Alternative 1.69
"Software Informer_is1" = Software Informer 1.0 BETA
"Spyware Doctor" = Spyware Doctor 6.0
"Storm Codec 5" = Storm Codec
"Surround Mp4 Tool" = Surround Mp4 Tool 3.0.4
"SyncBack_is1" = SyncBack
"TeamViewer 5" = TeamViewer 5
"Unknown Device Identifier_is1" = Unknown Device Identifier 6.01
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2010 17:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 10/03/2010 18:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 06:26:46 | Computer Name = HOME-2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shdocvw.dll, version 6.0.2900.5512, fault address 0x00017d54.

Error - 12/03/2010 06:40:06 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 07:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 08:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 09:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 10:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 11:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 12:40:17 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 08/03/2010 15:41:51 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/03/2010 06:29:38 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/03/2010 06:29:38 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/03/2010 15:42:41 | Computer Name = HOME-2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/03/2010 03:36:27 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/03/2010 03:36:27 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/03/2010 06:26:33 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/03/2010 06:26:33 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/03/2010 06:28:52 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/03/2010 06:28:52 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

[dunangibb]

Many thanks.... I have done exactly what you said.....

OLT.Txt
OTL logfile created on: 12/03/2010 16:32:37 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Duncan & Carole\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 59.69 Gb Free Space | 40.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 284.32 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive F: | 985.72 Mb Total Space | 984.67 Mb Free Space | 99.89% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2
Current User Name: Duncan & Carole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\MSGSYS.EXE (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Norton AntiVirus Server) -- C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100303.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100303.005\NAVENG.SYS (Symantec Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (aliroothub) -- C:\WINDOWS\system32\drivers\AliRtHub.sys (ULi Corporation)
DRV - (ALIEHCD) -- C:\WINDOWS\system32\drivers\AliEhci.sys (ULi Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (sonypvf2) -- C:\WINDOWS\system32\drivers\sonypvf2.sys (Sony Corporation)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (sonypvt2) -- C:\WINDOWS\system32\drivers\sonypvt2.sys (Sony Corporation)
DRV - (sonypvl2) -- C:\WINDOWS\system32\drivers\sonypvl2.sys (Sony Corporation)
DRV - (sonypvd2) -- C:\WINDOWS\system32\drivers\sonypvd2.sys (Sony Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVAPEL) -- C:\Program Files\NavNT\Navapel.sys ()
DRV - (NAVAP) -- C:\Program Files\NavNT\navap.sys ()
DRV - (MASPINT) -- C:\WINDOWS\system32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F3 20 E3 02 94 A7 37 4C A8 57 33 A2 2B 03 C5 0A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/01/31 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Mozilla\Extensions
[2009/01/31 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/06 12:18:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MP3Bar) - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MP3Bar) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &MP3Bar - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 2029630921 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/20 15:58:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{47df51c9-02b2-11df-889a-001921b3eb17}\Shell - "" = AutoRun
O33 - MountPoints2\{47df51c9-02b2-11df-889a-001921b3eb17}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{47df51c9-02b2-11df-889a-001921b3eb17}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/20 15:58:29 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 16:28:50 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe
[2010/03/07 09:27:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/06 15:40:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/05 20:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/05 19:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/05 19:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/28 11:52:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2056950031
[2010/02/28 11:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/16 18:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/11/15 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2009/06/02 19:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/24 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/12 09:37:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/21 20:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/20 15:58:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/04/11 00:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/12 16:40:23 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/12 16:38:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/12 16:27:58 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe
[2010/03/12 13:55:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/12 10:40:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/12 10:28:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/12 10:28:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/12 10:28:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/12 07:39:25 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Duncan & Carole\NTUSER.DAT
[2010/03/12 07:36:51 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Duncan & Carole\Desktop\Microsoft word.lnk
[2010/03/10 10:51:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/06 15:25:50 | 000,000,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/03/06 11:32:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\ntuser.ini
[2010/03/05 20:06:37 | 000,001,266 | ---- | M] () -- C:\WINDOWS\System32\731f25f1
[2010/03/05 20:03:16 | 000,002,729 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833P.manifest
[2010/03/05 20:03:11 | 000,000,344 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833C.manifest
[2010/03/05 20:00:02 | 000,000,422 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833O.manifest
[2010/03/05 19:39:05 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\1219032680
[2010/03/05 19:03:09 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833S.manifest
[2010/02/28 22:06:06 | 000,001,369 | -HS- | M] () -- C:\WINDOWS\System32\418948664
[2010/02/28 11:52:00 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/02/24 08:26:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/13 10:55:53 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/13 10:35:16 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/02/12 10:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/06 15:25:48 | 000,000,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/02/28 13:44:29 | 000,001,369 | -HS- | C] () -- C:\WINDOWS\System32\418948664
[2010/02/28 11:52:55 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\1219032680
[2010/02/28 11:52:00 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/02/28 11:51:54 | 000,001,266 | ---- | C] () -- C:\WINDOWS\System32\731f25f1
[2010/02/28 11:51:44 | 000,002,729 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833P.manifest
[2010/02/28 11:51:44 | 000,000,422 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833O.manifest
[2010/02/28 11:51:44 | 000,000,344 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833C.manifest
[2010/02/28 11:51:44 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833S.manifest
[2010/02/13 10:55:53 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/04/08 17:17:40 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2009/04/08 17:17:40 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2009/02/08 20:50:32 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/01/24 18:05:13 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Duncan & Carole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/20 21:53:52 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/18 11:28:46 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 16:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 16:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 16:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/27 17:57:49 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\AutoGK.ini
[2008/10/27 17:32:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/09/21 20:50:39 | 000,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/03 13:29:06 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/12/30 12:18:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/12/30 12:10:30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/24 16:56:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/09/01 15:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/07/08 13:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/05/15 06:39:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/11/08 17:10:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/15 04:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll
[2001/10/29 12:51:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/31 14:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/09/18 16:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[1999/01/23 01:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/20 10:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/02/20 10:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/20 10:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 02:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/02/20 10:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/03/10 10:51:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/10 10:51:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/09/16 12:47:15 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/16 12:47:15 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/16 12:47:15 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B4DA230
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D20FFA63
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extras.Txt
OTL Extras logfile created on: 12/03/2010 16:32:37 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Duncan & Carole\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 59.69 Gb Free Space | 40.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 284.32 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive F: | 985.72 Mb Total Space | 984.67 Mb Free Space | 99.89% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2
Current User Name: Duncan & Carole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\ISO Hunt\0. P2P Engines\utorrent-1.8.2.exe" = E:\ISO Hunt\0. P2P Engines\utorrent-1.8.2.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = IBM RecordNow Update Manager
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F845B05-8B76-4302-A808-7FB21E2BC5E6}" = Sony DVD Handycam USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}" = Motorola Driver Installation
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ULi USB2.0 Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DBF6F373-236E-49EE-9A07-0F67B4EAC8E8}" = SPMP3050 Transcoding Tool
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD350FC2-A972-427D-800B-A2D200ACFF41}" = ImageMixer for Sony DVD Handycam
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AutoGK" = Auto Gordian Knot 2.45
"AviSynth" = AviSynth 2.5
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Belarc Advisor" = Belarc Advisor 7.2
"BFGC" = Big Fish Games Client
"BFG-Curse of the Pharaoh - Tears of Sekhmet" = Curse of the Pharaoh: Tears of Sekhmet
"BFG-Delaware St. John - The Town with No Name" = Delaware St. John: The Town with No Name
"BFG-Department 42 - The Mystery of the Nine" = Department 42: The Mystery of the Nine
"BFG-Egg vs. Chicken" = Egg vs. Chicken
"BFG-Hidden in Time - Mirror Mirror" = Hidden in Time: Mirror Mirror
"BFG-Magic Encyclopedia - Moon Light" = Magic Encyclopedia: Moon Light
"BFG-Reincarnations - Awakening" = Reincarnations: Awakening
"BFG-The Hardy Boys - The Perfect Crime" = The Hardy Boys - The Perfect Crime
"BFG-Zulu's Zoo" = Zulu's Zoo
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"dBpowerAMP WMA V9 Codec" = dBpowerAMP WMA V9 Codec
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doPDF 6 printer_is1" = doPDF 6.3 printer
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Egg vs. Chicken_is1" = Egg vs. Chicken
"F-Manager" = Fiesta Download Manager
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"MWSnap 3" = MWSnap 3
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Plants vs. Zombies Deluxe" = Plants vs. Zombies Deluxe
"QuicktimeAlt_is1" = QuickTime Alternative 1.69
"Software Informer_is1" = Software Informer 1.0 BETA
"Spyware Doctor" = Spyware Doctor 6.0
"Storm Codec 5" = Storm Codec
"Surround Mp4 Tool" = Surround Mp4 Tool 3.0.4
"SyncBack_is1" = SyncBack
"TeamViewer 5" = TeamViewer 5
"Unknown Device Identifier_is1" = Unknown Device Identifier 6.01
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2010 17:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 10/03/2010 18:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 06:26:46 | Computer Name = HOME-2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shdocvw.dll, version 6.0.2900.5512, fault address 0x00017d54.

Error - 12/03/2010 06:40:06 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 07:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 08:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 09:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 10:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 11:40:05 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

Error - 12/03/2010 12:40:17 | Computer Name = HOME-2 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 08/03/2010 15:41:51 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/03/2010 06:29:38 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/03/2010 06:29:38 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/03/2010 15:42:41 | Computer Name = HOME-2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/03/2010 03:36:27 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/03/2010 03:36:27 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/03/2010 06:26:33 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/03/2010 06:26:33 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/03/2010 06:28:52 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/03/2010 06:28:52 | Computer Name = HOME-2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

[shinybeast]

Hello dunangibb,


Please uninstall µTorrent as well.

Uninstall P2P

Click Start, click Run...
Type appwiz.cpl and press Enter to open Add or Remove Programs
For each of the programs listed below, highlight them in the list and click Remove

µTorrent

Once finished, close Add or Remove Programs window


Scan with GMER

Click here to download GMER Rootkit Scanner and save it to your desktop.

• Disconnect your computer from the internet and disable all security software before starting the scan.
  A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.
• Double click the randomly named GMER file. If asked to allow gmer to run, please allow it.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following boxes:
  
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All
• Then click the Scan button and wait for it to finish
• Once done click on the Save.. button at lower right, and in the File name area, type in "ark.txt" (include the quotes or it will save as a .log file)
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

[dunangibb]

Actions followed as requested...
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-13 17:59:07
Windows 5.1.2600 Service Pack 3
Running: fp22ehum.exe; Driver: C:\DOCUME~1\DUNCAN~1\LOCALS~1\Temp\kftdipow.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF768B514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF767A282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF767A474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF768BD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF768BFB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF768A3FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF768C422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF768B7D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7679F32]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 83AAFCA1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[shinybeast]

Hi dunangibb,

Looks like your computer is infected with a rootkit. Please perform the following.


TDSSKiller

• Click here to download TDSSKiller to your desktop.
• Extract TDSSKiller.zip to your desktop so that TDSSKiller.exe is on your desktop (not in a folder).
  NOTE: Close all running programs as a reboot may be necessary.
• Copy the text in code box below (including quotes).
  

  Code: Select all

  "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"

• Click Start, click Run... and paste the above command in the Open: box and click OK.
• If TDSSKiller finds something, allow it to delete what it finds.
• Once the tool is finished, press any key to continue and allow the computer to reboot if necessary.
• Locate the log, tdskiller.txt, on your desktop and post the contents of that log in your next reply.

Backup Registry With ERUNT

Modifying the Windows Registry can occasionally create problems, so it is imperative we back it up first.

• Please download ERUNT (Emergency Recovery Utility NT) by Lars Hederer from one of the links below and save it to a convenient location
  Link 1 | Link 2
• Double-click the file erunt-setup.exe that you downloaded to start the install
• After the language selection, click Next three times to choose the default location, folder name and start menu folder.
• You may choose to uncheck the desktop icons at the Select Additional Options window.
• IMPORTANT: After clicking Install, you will get a popup asking if you want to run ERUNT at each startup. Click No (Once we are finished, you may choose to enable this option).
• Keep the option to run ERUNT checked and click Finish
• Click OK at the Welcome dialog box
• Ensure the System Registry and Current User Registry boxes are checked and click OK to backup the registry to the default location and filename. You will be asked if you want to create the folder, click Yes
• A window should appear that says "Registry backup is complete!." Click OK in that window.

NOTE: If the "registry optimization tool" NTREGOPT is installed with ERUNT, do NOT, for any reason, run NTREGOPT.

IMPORTANT: If you do not complete ERUNT backup successfully, do not continue further and post back to let me know.


OTL

• Close all other open windows, then double-click OTL.exe to start OTL
• Copy all of the text in the code box below and paste it in the white area under Custom Scans/Fixes (under the cyan line at the bottom of the window)
  

  Code: Select all

  :OTL
  O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
  O4 - HKCU..\Run: [fsm] File not found
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
  [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B4DA230
  @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D20FFA63
  @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
  @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
  @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
  @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
  @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
  @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
  @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
  @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48
  @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
  @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
  
  :Files
  C:\WINDOWS\System32\drivers\kgpcpy.cfg
  C:\WINDOWS\System32\418948664
  C:\WINDOWS\System32\1219032680
  C:\WINDOWS\System32\unrar.exe
  C:\WINDOWS\System32\731f25f1
  C:\Program Files\LimeWire
  C:\Program Files\uTorrent
  E:\ISO Hunt
  C:\Program Files\Free Download Manager
  
  :reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  "C:\Program Files\LimeWire\LimeWire.exe" =-
  "C:\Program Files\uTorrent\uTorrent.exe" =-
  "E:\ISO Hunt\0. P2P Engines\utorrent-1.8.2.exe" =-
  "C:\Program Files\Free Download Manager\fdm.exe" =-
  
  :commands
  [emptytemp]

• Close all running programs except for OTL, including all browser windows.
• Then click Run Fix at the top of the window.
• Once done, OTL will require a reboot. Please allow it.
• After reboot, the log should open. Please save the log and post it in your next reply.

After performing the above steps, please test your browser and see if it is still being redirected.
Include the results of testing your browser along with the TDSSKiller log (tdsskiller.txt) and OTL log in your next reply.

[dunangibb]

TSSSkiller Log
20:21:55:859 3672 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
20:21:55:859 3672 ================================================================================
20:21:55:859 3672 SystemInfo:

20:21:55:859 3672 OS Version: 5.1.2600 ServicePack: 3.0
20:21:55:859 3672 Product type: Workstation
20:21:55:859 3672 ComputerName: HOME-2
20:21:55:859 3672 UserName: Duncan & Carole
20:21:55:859 3672 Windows directory: C:\WINDOWS
20:21:55:859 3672 Processor architecture: Intel x86
20:21:55:859 3672 Number of processors: 1
20:21:55:859 3672 Page size: 0x1000
20:21:55:875 3672 Boot type: Normal boot
20:21:55:875 3672 ================================================================================
20:21:55:875 3672 UnloadDriverW: NtUnloadDriver error 1
20:21:55:875 3672 ForceUnloadDriverW: UnloadDriverW(klmd21) error 1
20:21:55:875 3672 LoadDriverW: Driver already loaded
20:21:55:875 3672 KLMD_DropNLoadW: LoadDriverW(klmd21) error 1056
20:21:55:875 3672 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:21:55:875 3672 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:21:55:875 3672 wfopen_ex: Trying to KLMD file open
20:21:55:875 3672 wfopen_ex: File opened ok (Flags 2)
20:21:55:875 3672 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:21:55:875 3672 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:21:55:875 3672 wfopen_ex: Trying to KLMD file open
20:21:55:875 3672 wfopen_ex: File opened ok (Flags 2)
20:21:55:875 3672 Initialize success
20:21:55:875 3672
20:21:55:875 3672 Scanning Services ...
20:21:56:250 3672 GetAdvancedServicesInfo: Raw services enum returned 331 services
20:21:56:250 3672
20:21:56:250 3672 Scanning Kernel memory ...
20:21:56:250 3672 Devices to scan: 14
20:21:56:250 3672
20:21:56:250 3672 Driver Name: Disk
20:21:56:250 3672 IRP_MJ_CREATE : F77CBBB0
20:21:56:250 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:250 3672 IRP_MJ_CLOSE : F77CBBB0
20:21:56:250 3672 IRP_MJ_READ : F77C5D1F
20:21:56:250 3672 IRP_MJ_WRITE : F77C5D1F
20:21:56:250 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:250 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:250 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:250 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:250 3672 IRP_MJ_FLUSH_BUFFERS : F77C62E2
20:21:56:250 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:250 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:250 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:250 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:250 3672 IRP_MJ_DEVICE_CONTROL : F77C63BB
20:21:56:250 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77C9F28
20:21:56:250 3672 IRP_MJ_SHUTDOWN : F77C62E2
20:21:56:250 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:250 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:250 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:250 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:250 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:250 3672 IRP_MJ_POWER : F77C7C82
20:21:56:250 3672 IRP_MJ_SYSTEM_CONTROL : F77CC99E
20:21:56:250 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:250 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:250 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:265 3672 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:21:56:265 3672
20:21:56:265 3672 Driver Name: USBSTOR
20:21:56:265 3672 IRP_MJ_CREATE : B432D218
20:21:56:265 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:265 3672 IRP_MJ_CLOSE : B432D218
20:21:56:265 3672 IRP_MJ_READ : B432D23C
20:21:56:265 3672 IRP_MJ_WRITE : B432D23C
20:21:56:265 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:265 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:265 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:265 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:265 3672 IRP_MJ_FLUSH_BUFFERS : 804FA88E
20:21:56:265 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:265 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:265 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:265 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:265 3672 IRP_MJ_DEVICE_CONTROL : B432D180
20:21:56:265 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : B43289E6
20:21:56:265 3672 IRP_MJ_SHUTDOWN : 804FA88E
20:21:56:265 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:265 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:265 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:265 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:265 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:265 3672 IRP_MJ_POWER : B432C5F0
20:21:56:265 3672 IRP_MJ_SYSTEM_CONTROL : B432AA6E
20:21:56:265 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:265 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:265 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:265 3672 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:21:56:265 3672
20:21:56:265 3672 Driver Name: Disk
20:21:56:265 3672 IRP_MJ_CREATE : F77CBBB0
20:21:56:265 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:265 3672 IRP_MJ_CLOSE : F77CBBB0
20:21:56:265 3672 IRP_MJ_READ : F77C5D1F
20:21:56:265 3672 IRP_MJ_WRITE : F77C5D1F
20:21:56:265 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:265 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:265 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:265 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:265 3672 IRP_MJ_FLUSH_BUFFERS : F77C62E2
20:21:56:281 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:281 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:281 3672 IRP_MJ_DEVICE_CONTROL : F77C63BB
20:21:56:281 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77C9F28
20:21:56:281 3672 IRP_MJ_SHUTDOWN : F77C62E2
20:21:56:281 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:281 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:281 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:281 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:281 3672 IRP_MJ_POWER : F77C7C82
20:21:56:281 3672 IRP_MJ_SYSTEM_CONTROL : F77CC99E
20:21:56:281 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:281 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:281 3672 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:21:56:281 3672
20:21:56:281 3672 Driver Name: Disk
20:21:56:281 3672 IRP_MJ_CREATE : F77CBBB0
20:21:56:281 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:281 3672 IRP_MJ_CLOSE : F77CBBB0
20:21:56:281 3672 IRP_MJ_READ : F77C5D1F
20:21:56:281 3672 IRP_MJ_WRITE : F77C5D1F
20:21:56:281 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:281 3672 IRP_MJ_FLUSH_BUFFERS : F77C62E2
20:21:56:281 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:281 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:281 3672 IRP_MJ_DEVICE_CONTROL : F77C63BB
20:21:56:281 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77C9F28
20:21:56:281 3672 IRP_MJ_SHUTDOWN : F77C62E2
20:21:56:281 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:281 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:281 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:281 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:281 3672 IRP_MJ_POWER : F77C7C82
20:21:56:281 3672 IRP_MJ_SYSTEM_CONTROL : F77CC99E
20:21:56:281 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:281 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:281 3672 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:21:56:281 3672
20:21:56:281 3672 Driver Name: Disk
20:21:56:281 3672 IRP_MJ_CREATE : F77CBBB0
20:21:56:281 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:281 3672 IRP_MJ_CLOSE : F77CBBB0
20:21:56:281 3672 IRP_MJ_READ : F77C5D1F
20:21:56:281 3672 IRP_MJ_WRITE : F77C5D1F
20:21:56:281 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:281 3672 IRP_MJ_FLUSH_BUFFERS : F77C62E2
20:21:56:281 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:281 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:281 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:281 3672 IRP_MJ_DEVICE_CONTROL : F77C63BB
20:21:56:281 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77C9F28
20:21:56:281 3672 IRP_MJ_SHUTDOWN : F77C62E2
20:21:56:281 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:281 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:281 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:281 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:281 3672 IRP_MJ_POWER : F77C7C82
20:21:56:281 3672 IRP_MJ_SYSTEM_CONTROL : F77CC99E
20:21:56:281 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:281 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:281 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:296 3672 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:21:56:296 3672
20:21:56:296 3672 Driver Name: Disk
20:21:56:296 3672 IRP_MJ_CREATE : F77CBBB0
20:21:56:296 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:296 3672 IRP_MJ_CLOSE : F77CBBB0
20:21:56:296 3672 IRP_MJ_READ : F77C5D1F
20:21:56:296 3672 IRP_MJ_WRITE : F77C5D1F
20:21:56:296 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:296 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:296 3672 IRP_MJ_FLUSH_BUFFERS : F77C62E2
20:21:56:296 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:296 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:296 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:296 3672 IRP_MJ_DEVICE_CONTROL : F77C63BB
20:21:56:296 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77C9F28
20:21:56:296 3672 IRP_MJ_SHUTDOWN : F77C62E2
20:21:56:296 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:296 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:296 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:296 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:296 3672 IRP_MJ_POWER : F77C7C82
20:21:56:296 3672 IRP_MJ_SYSTEM_CONTROL : F77CC99E
20:21:56:296 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:296 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:296 3672 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:21:56:296 3672
20:21:56:296 3672 Driver Name: USBSTOR
20:21:56:296 3672 IRP_MJ_CREATE : B432D218
20:21:56:296 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:296 3672 IRP_MJ_CLOSE : B432D218
20:21:56:296 3672 IRP_MJ_READ : B432D23C
20:21:56:296 3672 IRP_MJ_WRITE : B432D23C
20:21:56:296 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:296 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:296 3672 IRP_MJ_FLUSH_BUFFERS : 804FA88E
20:21:56:296 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:296 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:296 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:296 3672 IRP_MJ_DEVICE_CONTROL : B432D180
20:21:56:296 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : B43289E6
20:21:56:296 3672 IRP_MJ_SHUTDOWN : 804FA88E
20:21:56:296 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:296 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:296 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:296 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:296 3672 IRP_MJ_POWER : B432C5F0
20:21:56:296 3672 IRP_MJ_SYSTEM_CONTROL : B432AA6E
20:21:56:296 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:296 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:296 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:312 3672 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:21:56:312 3672
20:21:56:312 3672 Driver Name: USBSTOR
20:21:56:312 3672 IRP_MJ_CREATE : B432D218
20:21:56:312 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:312 3672 IRP_MJ_CLOSE : B432D218
20:21:56:312 3672 IRP_MJ_READ : B432D23C
20:21:56:312 3672 IRP_MJ_WRITE : B432D23C
20:21:56:312 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:312 3672 IRP_MJ_FLUSH_BUFFERS : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:312 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:312 3672 IRP_MJ_DEVICE_CONTROL : B432D180
20:21:56:312 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : B43289E6
20:21:56:312 3672 IRP_MJ_SHUTDOWN : 804FA88E
20:21:56:312 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:312 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:312 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:312 3672 IRP_MJ_POWER : B432C5F0
20:21:56:312 3672 IRP_MJ_SYSTEM_CONTROL : B432AA6E
20:21:56:312 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:312 3672 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:21:56:312 3672
20:21:56:312 3672 Driver Name: USBSTOR
20:21:56:312 3672 IRP_MJ_CREATE : B432D218
20:21:56:312 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:312 3672 IRP_MJ_CLOSE : B432D218
20:21:56:312 3672 IRP_MJ_READ : B432D23C
20:21:56:312 3672 IRP_MJ_WRITE : B432D23C
20:21:56:312 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:312 3672 IRP_MJ_FLUSH_BUFFERS : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:312 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:312 3672 IRP_MJ_DEVICE_CONTROL : B432D180
20:21:56:312 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : B43289E6
20:21:56:312 3672 IRP_MJ_SHUTDOWN : 804FA88E
20:21:56:312 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:312 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:312 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:312 3672 IRP_MJ_POWER : B432C5F0
20:21:56:312 3672 IRP_MJ_SYSTEM_CONTROL : B432AA6E
20:21:56:312 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:312 3672 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:21:56:312 3672
20:21:56:312 3672 Driver Name: USBSTOR
20:21:56:312 3672 IRP_MJ_CREATE : B432D218
20:21:56:312 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:312 3672 IRP_MJ_CLOSE : B432D218
20:21:56:312 3672 IRP_MJ_READ : B432D23C
20:21:56:312 3672 IRP_MJ_WRITE : B432D23C
20:21:56:312 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:312 3672 IRP_MJ_FLUSH_BUFFERS : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:312 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:312 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:312 3672 IRP_MJ_DEVICE_CONTROL : B432D180
20:21:56:312 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : B43289E6
20:21:56:312 3672 IRP_MJ_SHUTDOWN : 804FA88E
20:21:56:312 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:312 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:312 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:312 3672 IRP_MJ_POWER : B432C5F0
20:21:56:312 3672 IRP_MJ_SYSTEM_CONTROL : B432AA6E
20:21:56:312 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:312 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:312 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:359 3672 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:21:56:359 3672
20:21:56:359 3672 Driver Name: Disk
20:21:56:359 3672 IRP_MJ_CREATE : F77CBBB0
20:21:56:359 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:359 3672 IRP_MJ_CLOSE : F77CBBB0
20:21:56:359 3672 IRP_MJ_READ : F77C5D1F
20:21:56:359 3672 IRP_MJ_WRITE : F77C5D1F
20:21:56:359 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:359 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:359 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:359 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:359 3672 IRP_MJ_FLUSH_BUFFERS : F77C62E2
20:21:56:359 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:359 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:359 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:359 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:359 3672 IRP_MJ_DEVICE_CONTROL : F77C63BB
20:21:56:359 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77C9F28
20:21:56:359 3672 IRP_MJ_SHUTDOWN : F77C62E2
20:21:56:359 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:359 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:359 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:359 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:359 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:359 3672 IRP_MJ_POWER : F77C7C82
20:21:56:359 3672 IRP_MJ_SYSTEM_CONTROL : F77CC99E
20:21:56:359 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:359 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:359 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:375 3672 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:21:56:375 3672
20:21:56:375 3672 Driver Name: Disk
20:21:56:375 3672 IRP_MJ_CREATE : F77CBBB0
20:21:56:375 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:375 3672 IRP_MJ_CLOSE : F77CBBB0
20:21:56:375 3672 IRP_MJ_READ : F77C5D1F
20:21:56:375 3672 IRP_MJ_WRITE : F77C5D1F
20:21:56:375 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:375 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:375 3672 IRP_MJ_FLUSH_BUFFERS : F77C62E2
20:21:56:375 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:375 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:375 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:375 3672 IRP_MJ_DEVICE_CONTROL : F77C63BB
20:21:56:375 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77C9F28
20:21:56:375 3672 IRP_MJ_SHUTDOWN : F77C62E2
20:21:56:375 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:375 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:375 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:375 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:375 3672 IRP_MJ_POWER : F77C7C82
20:21:56:375 3672 IRP_MJ_SYSTEM_CONTROL : F77CC99E
20:21:56:375 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:375 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:375 3672 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:21:56:375 3672
20:21:56:375 3672 Driver Name: atapi
20:21:56:375 3672 IRP_MJ_CREATE : F76D26F2
20:21:56:375 3672 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
20:21:56:375 3672 IRP_MJ_CLOSE : F76D26F2
20:21:56:375 3672 IRP_MJ_READ : 804FA88E
20:21:56:375 3672 IRP_MJ_WRITE : 804FA88E
20:21:56:375 3672 IRP_MJ_QUERY_INFORMATION : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_INFORMATION : 804FA88E
20:21:56:375 3672 IRP_MJ_QUERY_EA : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_EA : 804FA88E
20:21:56:375 3672 IRP_MJ_FLUSH_BUFFERS : 804FA88E
20:21:56:375 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
20:21:56:375 3672 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
20:21:56:375 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
20:21:56:375 3672 IRP_MJ_DEVICE_CONTROL : F76D2712
20:21:56:375 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76CE852
20:21:56:375 3672 IRP_MJ_SHUTDOWN : 804FA88E
20:21:56:375 3672 IRP_MJ_LOCK_CONTROL : 804FA88E
20:21:56:375 3672 IRP_MJ_CLEANUP : 804FA88E
20:21:56:375 3672 IRP_MJ_CREATE_MAILSLOT : 804FA88E
20:21:56:375 3672 IRP_MJ_QUERY_SECURITY : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_SECURITY : 804FA88E
20:21:56:375 3672 IRP_MJ_POWER : F76D273C
20:21:56:375 3672 IRP_MJ_SYSTEM_CONTROL : F76D9336
20:21:56:375 3672 IRP_MJ_DEVICE_CHANGE : 804FA88E
20:21:56:375 3672 IRP_MJ_QUERY_QUOTA : 804FA88E
20:21:56:375 3672 IRP_MJ_SET_QUOTA : 804FA88E
20:21:56:375 3672 C:\WINDOWS\system32\drivers\tsk8.tmp - Verdict: 3
20:21:56:375 3672
20:21:56:375 3672 Driver Name: atapi
20:21:56:375 3672 IRP_MJ_CREATE : 83AB7CA1
20:21:56:375 3672 IRP_MJ_CREATE_NAMED_PIPE : 83AB7CA1
20:21:56:375 3672 IRP_MJ_CLOSE : 83AB7CA1
20:21:56:375 3672 IRP_MJ_READ : 83AB7CA1
20:21:56:375 3672 IRP_MJ_WRITE : 83AB7CA1
20:21:56:375 3672 IRP_MJ_QUERY_INFORMATION : 83AB7CA1
20:21:56:375 3672 IRP_MJ_SET_INFORMATION : 83AB7CA1
20:21:56:375 3672 IRP_MJ_QUERY_EA : 83AB7CA1
20:21:56:375 3672 IRP_MJ_SET_EA : 83AB7CA1
20:21:56:375 3672 IRP_MJ_FLUSH_BUFFERS : 83AB7CA1
20:21:56:375 3672 IRP_MJ_QUERY_VOLUME_INFORMATION : 83AB7CA1
20:21:56:375 3672 IRP_MJ_SET_VOLUME_INFORMATION : 83AB7CA1
20:21:56:375 3672 IRP_MJ_DIRECTORY_CONTROL : 83AB7CA1
20:21:56:375 3672 IRP_MJ_FILE_SYSTEM_CONTROL : 83AB7CA1
20:21:56:375 3672 IRP_MJ_DEVICE_CONTROL : 83AB7CA1
20:21:56:375 3672 IRP_MJ_INTERNAL_DEVICE_CONTROL : 83AB7CA1
20:21:56:375 3672 IRP_MJ_SHUTDOWN : 83AB7CA1
20:21:56:375 3672 IRP_MJ_LOCK_CONTROL : 83AB7CA1
20:21:56:375 3672 IRP_MJ_CLEANUP : 83AB7CA1
20:21:56:375 3672 IRP_MJ_CREATE_MAILSLOT : 83AB7CA1
20:21:56:375 3672 IRP_MJ_QUERY_SECURITY : 83AB7CA1
20:21:56:375 3672 IRP_MJ_SET_SECURITY : 83AB7CA1
20:21:56:375 3672 IRP_MJ_POWER : 83AB7CA1
20:21:56:375 3672 IRP_MJ_SYSTEM_CONTROL : 83AB7CA1
20:21:56:375 3672 IRP_MJ_DEVICE_CHANGE : 83AB7CA1
20:21:56:375 3672 IRP_MJ_QUERY_QUOTA : 83AB7CA1
20:21:56:375 3672 IRP_MJ_SET_QUOTA : 83AB7CA1
20:21:56:375 3672 Driver "atapi" infected by TDSS rootkit!
20:21:56:375 3672 C:\WINDOWS\system32\drivers\tsk8.tmp - Verdict: 3
20:21:56:375 3672
20:21:56:375 3672 Completed
20:21:56:375 3672
20:21:56:390 3672 Results:
20:21:56:390 3672 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
20:21:56:390 3672 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:21:56:390 3672 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:21:56:390 3672
20:21:56:390 3672 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:21:56:390 3672 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:21:56:390 3672 UnloadDriverW: NtUnloadDriver error 1
20:21:56:390 3672 KLMD_Unload: UnloadDriverW(klmd21) error 1
20:21:56:390 3672 KLMD(ARK) unloaded successfully

03132010_202607.log is the log from "OTL"
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\002329_.tmp deleted successfully.
C:\WINDOWS\005495_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B4DA230 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D20FFA63 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6017A808 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\drivers\kgpcpy.cfg moved successfully.
C:\WINDOWS\System32\418948664 moved successfully.
C:\WINDOWS\System32\1219032680 moved successfully.
C:\WINDOWS\System32\unrar.exe moved successfully.
C:\WINDOWS\System32\731f25f1 moved successfully.
File\Folder C:\Program Files\LimeWire not found.
File\Folder C:\Program Files\uTorrent not found.
E:\ISO Hunt\NDS Downloads\2. Downloaded Games - WIP\Mario Kart folder moved successfully.
E:\ISO Hunt\NDS Downloads\2. Downloaded Games - WIP\emulateur Nds + 1 rom folder moved successfully.
E:\ISO Hunt\NDS Downloads\2. Downloaded Games - WIP folder moved successfully.
E:\ISO Hunt\NDS Downloads\1. Main Game Files folder moved successfully.
E:\ISO Hunt\NDS Downloads folder moved successfully.
E:\ISO Hunt\1. Torrent Descriptions folder moved successfully.
E:\ISO Hunt\0. P2P Engines folder moved successfully.
E:\ISO Hunt folder moved successfully.
File\Folder C:\Program Files\Free Download Manager not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\ISO Hunt\0. P2P Engines\utorrent-1.8.2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Free Download Manager\fdm.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 622596 bytes
->Temporary Internet Files folder emptied: 9414773 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Duncan & Carole
->Temp folder emptied: 10383943713 bytes
->Temporary Internet Files folder emptied: 69531504 bytes
->Java cache emptied: 1859730 bytes
->Google Chrome cache emptied: 95249762 bytes
->Flash cache emptied: 323285 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5322390 bytes
->Flash cache emptied: 4278 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 96512 bytes
Windows Temp folder emptied: 26059132 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23914534 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 2570321248 bytes

Total Files Cleaned = 12,577.00 mb


OTL by OldTimer - Version 3.1.37.0 log created on 03132010_202607

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\system32\drivers\tsk8.tmp not found!

Registry entries deleted on Reboot...
Overall Status - Seems Normal

I have done as described, no issues at any step.

Browsing seems completely normal as does PC.... to me I'd say it's resolved, based on the logs, do you agree?

Assuming this is resolved, is there anything you would recommend to avoid re-infection? It's a very impressive thing you have done without seeing the problem first-hand and I appreciate the help. How do you guys cover your costs, is there a way to donate to supporting your site?

[shinybeast]

Hi dunangibb,

We still have a bit of work to do to secure the computer and check for anything that might have been missed.

is there anything you would recommend to avoid re-infection?

I will have recommendations after the computer is clean and secure. Avoiding P2P use would be a great start.

It's a very impressive thing you have done without seeing the problem first-hand and I appreciate the help.

We have access to some great tools that "see" for us. Without them we wouldn't be able to accomplish much. You are very welcome.

How do you guys cover your costs, is there a way to donate to supporting your site?

I'm not privy to the "finances" so I cannot answer the first part of the question. The site does accept donations, and all donations go toward the costs of running the site.
Info can be found at: Donations For Malware Removal

Let's continue.


Update Java

Older versions of Java may have vulnerabilities that can be exploited by malware.
Please follow the steps below to update the Java Runtime Environment

Download and install newest version:

• Click here to visit Sun Java download page
• Under Java Platform, Standard Edition, click then red Download JRE button
• Select your platform and agree to the license agreement (after having read it, of course) by clicking the checkbox. Click Continue.
• Click the link (jre-6u18-windows-i586-p.exe) under Available Files and download the offline installer to your desktop.
• Close any programs you may have running, including web browsers.
• From your desktop, double-click on the download to install the newest version.
• Reboot your computer.

Remove older version(s):

• Click Start, click Run...
• Type appwiz.cpl and click OK
• For each of the Java installations listed below, highlight them in the list and click Remove
  
  Java(TM) 6 Update 11

Once finished, close Add or Remove Programs window



ESET Online Scan

Before you begin:

• Please use Internet Explorer for this scan.
• Disable your anti-virus to avoid conflicts. Click here for instructions.

Click here to visit ESET Online Scanner then click

• In the new tab/window that opens, check YES, I accept the Terms of Use then click the green Start button
• When prompted, allow the Add-On/Active X to install.
• Under Computer Scan Settings do the following:
  
  • Ensure that Remove found threats is NOT checked
  • Ensure that Scan archives is checked.
• Then click Advanced settings and ensure the following are checked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Start button.
• The signature database will then be downloaded and the scan will start.
  NOTE: Then scan will take quite some time; the more data to be scanned, the longer it will take. Please be patient.
• When it is finished, ensure the Uninstall application on close box is NOT checked and click Finish button.
  If you wish, you may uninstall the scanner through Add/Remove Progams after we are finished.
• Copy the whole line in the code box below.
  

  Code: Select all

  "%PROGRAMFILES%\ESET\ESET Online Scanner\log.txt"

• Click Start, click Run... and paste the above line in the Open: field, then click OK
• The log should open, if not, navigate to C:\Program Files\ESET\ESET Online Scanner\ and open the text file named log.
• Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


OTL Quick Scan

• Close all other open windows, then double-click OTL.exe to start OTL
• Click Quick Scan to start the scan
• Once it is finished, a log will open (OTL.txt)
• Please copy and paste the contents of OTL.txt in your next reply.

Please reply with ESET and OTL logs.

[shinybeast]

Hello dunangibb,

It has been 3 days since my last post to you.

• Do you still need help with this problem?
• Do you need more time?
• Are you having problems understanding or performing the instructions?

Please let me know how things are going otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!

[dunangibb]

Hi, I just need a bit more time please. I had to go to the Czech republic.. but I will be back at home tomorrow and I will follow-up on your last advice.

[shinybeast]

OK, thanks for letting me know.
I wouldn't mind having to go to the Czech Republic. But I've never been off of the North American continent.

[dunangibb]

Believe me, it's not that exciting... although beer is cheap!!

I have done as you requested
ESET Log - Detail from PGM
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1bc9851a11395a4882f8051181c63bd7
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-15 01:02:45
# local_time=2010-03-15 01:02:45 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 22413605 22413605 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3586 16764926 40 17 46576001 348644906 0 0
# compatibility_mode=8192 67108863 100 0 4022 4022 0 0
# scanned=78323
# found=3
# cleaned=0
# scan_time=8712
C:\Documents and Settings\Duncan & Carole\My Documents\5. Hattie\temp - opy of Hatties MP5 player\CD Drivers and AVI convertor\3050--3052\TranscodingSetupKit\StormCodec6.04.08.exe a variant of Win32/Adware.Boran.AA application 00000000000000000000000000000000 I
C:\Program Files\Egg vs. Chicken\Egg vs Chicken.exe a variant of Win32/ReflexiveArcade application 00000000000000000000000000000000 I
E:\UTILITIES\DVD\DVD Copy\dvdrnb5001.exe Win32/Adware.NavExcel application 00000000000000000000000000000000 I

OTL Log
OTL logfile created on: 16/03/2010 22:01:44 - Run 2
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Duncan & Carole\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 66.15 Gb Free Space | 44.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 289.50 Gb Free Space | 62.16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2
Current User Name: Duncan & Carole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\MSGSYS.EXE (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\TeamViewer\Version5\TV.dll (TeamViewer GmbH)


========== Win32 Services (SafeList) ==========

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Norton AntiVirus Server) -- C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F3 20 E3 02 94 A7 37 4C A8 57 33 A2 2B 03 C5 0A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/01/31 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Mozilla\Extensions
[2009/01/31 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/06 12:18:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MP3Bar) - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MP3Bar) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Duncan & Carole\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &MP3Bar - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 2029630921 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/20 15:58:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{47df51c9-02b2-11df-889a-001921b3eb17}\Shell - "" = AutoRun
O33 - MountPoints2\{47df51c9-02b2-11df-889a-001921b3eb17}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{47df51c9-02b2-11df-889a-001921b3eb17}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/14 22:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/14 22:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/14 22:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/14 22:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/13 20:26:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/13 20:24:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/13 20:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/13 20:21:47 | 000,181,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Duncan & Carole\Desktop\TDSSKiller.exe
[2010/03/12 16:28:50 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe
[2010/03/05 20:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/05 19:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/05 19:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/01/16 18:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/11/15 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2009/06/02 19:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/24 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/12 09:37:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/21 20:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/20 15:58:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/04/11 00:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 14 Days ==========

[2010/03/16 22:00:56 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/16 22:00:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/16 22:00:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/16 22:00:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/16 22:00:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 21:05:57 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Duncan & Carole\NTUSER.DAT
[2010/03/15 20:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/15 20:31:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/13 20:23:40 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Duncan & Carole\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/13 20:16:42 | 000,155,752 | ---- | M] () -- C:\Documents and Settings\Duncan & Carole\Desktop\tdsskiller.zip
[2010/03/13 13:42:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Duncan & Carole\Desktop\fp22ehum.exe
[2010/03/12 16:27:58 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Duncan & Carole\Desktop\OTL.exe
[2010/03/12 07:36:51 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Duncan & Carole\Desktop\Microsoft word.lnk
[2010/03/10 15:53:32 | 000,181,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Duncan & Carole\Desktop\TDSSKiller.exe
[2010/03/06 11:32:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\ntuser.ini
[2010/03/05 20:03:16 | 000,002,729 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833P.manifest
[2010/03/05 20:03:11 | 000,000,344 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833C.manifest
[2010/03/05 20:00:02 | 000,000,422 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833O.manifest
[2010/03/05 19:03:09 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833S.manifest
[2010/03/03 21:50:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/03/13 20:23:40 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Duncan & Carole\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/03/13 20:19:33 | 000,155,752 | ---- | C] () -- C:\Documents and Settings\Duncan & Carole\Desktop\tdsskiller.zip
[2010/03/13 13:44:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Duncan & Carole\Desktop\fp22ehum.exe
[2010/02/28 11:51:44 | 000,002,729 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833P.manifest
[2010/02/28 11:51:44 | 000,000,422 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833O.manifest
[2010/02/28 11:51:44 | 000,000,344 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833C.manifest
[2010/02/28 11:51:44 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\02000000b639a11a833S.manifest
[2009/04/08 17:17:40 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2009/04/08 17:17:40 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2009/02/08 20:50:32 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/01/24 18:05:13 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Duncan & Carole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/20 21:53:52 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/18 11:28:46 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 16:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 16:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 16:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/27 17:57:49 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\Duncan & Carole\Application Data\AutoGK.ini
[2008/10/27 17:32:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/09/21 20:50:39 | 000,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/03 13:29:06 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/12/30 12:18:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/12/30 12:10:30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/24 16:56:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/09/01 15:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/07/08 13:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/05/15 06:39:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/11/08 17:10:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/15 04:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll
[2001/10/29 12:51:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/31 14:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/09/18 16:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[1999/01/23 01:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/01/20 21:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/01/20 21:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/09/26 12:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fiesta Download Manager
[2009/07/16 14:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2009/01/18 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/06/08 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/06/19 18:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/03/06 15:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/11/04 17:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/16 18:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/11/04 15:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/06/08 19:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Artogon
[2009/01/20 21:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\DriverCure
[2009/07/16 16:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Games
[2009/09/20 10:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\gtk-2.0
[2009/06/08 19:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\HiT-MM
[2009/10/15 18:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\KlickTock
[2010/03/07 00:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\LimeWire
[2009/07/16 14:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Little Games Company
[2009/10/15 18:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Ph03nixNewMedia
[2009/10/14 17:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\PlayFirst
[2009/08/10 22:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\RecordNow
[2010/03/06 12:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Software Informer
[2009/12/06 21:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\TeamViewer
[2009/07/16 14:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Ubisoft
[2009/02/08 20:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\VERITAS
[2009/11/04 15:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Duncan & Carole\Application Data\Zylom

========== Purity Check ==========


< End of report >

[shinybeast]

Hello dunangibb,

From ESET log:

C:\Documents and Settings\Duncan & Carole\My Documents\5. Hattie\temp - opy of Hatties MP5 player\CD Drivers and AVI convertor\3050--3052\TranscodingSetupKit\StormCodec6.04.08.exe a variant of Win32/Adware.Boran.AA application
C:\Program Files\Egg vs. Chicken\Egg vs Chicken.exe a variant of Win32/ReflexiveArcade application
E:\UTILITIES\DVD\DVD Copy\dvdrnb5001.exe Win32/Adware.NavExcel application

DVD Rip N` Burn (dvdrnb5001.exe) is bundled with adware so I recommend that you delete it.

Old versions of Storm Codec (StormCodec6.04.08.exe) are bundled with adware. It seems there is questionable content in the new versions as well. Delete it as well.
I am wary of most "codec packs" and do not use them. VideoLan VLC plays most everything without additional codec packs.

If you bought/downloaded Chicken & Egg from Reflexive, it may be a false positive. If you acquired it through P2P, I strongly suggest you uninstall and delete it.


Otherwise, things look good.

Please delete TDSSKiller.exe and it's associated files from your Desktop along with the randomly named GMER file.


OTL Cleanup

Please run OTL which should still be on your desktop
In the upper right click CleanUp
This will delete OTL and will clean up after it.


Create a new System Restore point and clear old ones

Please clear old restore points in order to avoid reintroducing malware from a restore point in the future.

Create a new restore point

• Navigate to Start > All Programs > Accessories > System Tools and click System Restore
• On the right side of the welcome window, select (tick) Create a restore point, then click Next
• Under Restore point description, name the restore point (I suggest post-malware removal or something similar)
• Click Create, then click Close

Delete old restore points

• Click Start, click Run..., type cleanmgr and press Enter
• Select the drive XP is installed on (usually C: ) and click OK
• Once the Disk Cleanup dialog opens, click the More Options tab
• Under System Restore click Clean up...
• You will be asked if you are sure you want to clean all restore points but the most recent one, click Yes
• Close the Disk Cleanup dialog to finish.

Note: Do the above once. Restore points should not be routinely deleted.


Recommendations

Implementing the following suggestions will greatly reduce your chances of malware problems in the future.

Update Windows

It is important to keep Windows and Microsoft programs updated to close vulnerabilities as they are discovered.

I suggest that you occasionally visit Microsoft Update and install all important updates. Please visit Microsoft Update as soon as possible as described below.

Close all windows and temporarily disable your anti-virus (usually through a tray icon)

Use Internet Explorer to visit this site: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US

Once the page loads follow instructions to install all critical updates. You may need to repeat this process until fully updated.


Keep installed programs up to date

Anti-virus
Most important is keeping your anti-virus software up to date. An out of date anti-virus is not much better than no anti-virus. If your anti-virus is not set to update automatically (preferred), it is imperative that you occasionally update it manually. You usually can accomplish this through a tray icon.

Update Other Vulnerable Software
Malware writers are increasingly targeting vulnerabilities in commonly used applications. There are several online sites which will scan your computer for outdated software. I've listed two below. I recommend occasionally visiting and scanning your computer to detect vulnerable software that should be updated.
Secunia Online Software Inspector
F-Secure Health Check

Mozilla Firefox Plug-in Check
If using Firefox, Click here to visit Mozilla, check your plug-ins and update them as necessary.


Best Practices for Email and Downloaded Files.

• Do not read emails from unknown sources.
• Make it a habit to never open email attachments from anyone, including people you know, unless you absolutely have to. If you need to open an attachment, scan it with your anti-virus before you open it.
• Do not use Peer to Peer software to "share" media and software. You will get more than you expected and the "bonus" will not be something you want and will bring you back seeking help.
• Do not use keygens or hacked software. First, it is stealing. Second, it is almost always infected with something. If you cannot afford to buy something, there is likely a free alternative that will be a good substitute. Search around and seek out advice from a trusted forum. Most will be glad to tell you of their favorite free program that performs the job you want done.

Additional Protection Programs

The programs listed below are excellent for improving your computer's security.

WinPatrol by Bill Pytlovany - "WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes." Information on it's many features can be found here

MVPS Hosts file - A replacement HOSTS file that redirects known malicious and ad serving sites to the localhost, thus preventing connection to them.
Note: MVPS Hosts file can sometimes slow down the computer so read the information on the site to mitigate this effect.

I encourage you to check out miekiemoes' article "How to prevent Malware:"

If you have any questions about these suggestions, I would be happy to answer them.

Regards,
shinybeast

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.