IE8 and Google Chrome redirects

Solved
By spanner monkey
Dec 24, 2011
  1. When using IE8 and google chrome if i use google search engine when i click on it it re-directs to a different page
  2. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    After running the malwarebytes scan

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 911122405

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    25/12/2011 08:22:59
    mbam-log-2011-12-25 (08-22-59).txt

    Scan type: Quick scan
    Objects scanned: 245883
    Time elapsed: 41 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 11

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4555A2F2-15C0-2878-0E2F-D670364F3080} (Trojan.ZbotR.Gen) -> Value: {4555A2F2-15C0-2878-0E2F-D670364F3080} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\RECYCLER\s-1-5-21-861567501-1659004503-1801674531-1004\Dc37.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\daddy (ipod)\local settings\Temp\tmp23ef0ab6.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    c:\documents and settings\daddy (ipod)\local settings\Temp\icreinstall_pdfreadersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\D7.tmp (Malware.Gen) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.06683929404814637.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.12677480397815566.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.23150276553479676.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.2121109062247032.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.3279306866598143.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.6101848792243324.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.711823672086316.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

    23:55:52 Daddy (ipod) MESSAGE Protection started successfully
    23:56:11 Daddy (ipod) MESSAGE IP Protection started successfully
    23:56:11 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:56:14 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:56:20 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:56:32 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:56:32 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:56:35 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:56:41 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:56:53 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:56:56 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:57:02 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:57:14 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    23:57:17 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)


    07:24:16 Daddy (ipod) ERROR Scheduled update failed: No address found failed with error code 11004
    08:26:31 Daddy (ipod) MESSAGE Protection started successfully
    08:27:04 Daddy (ipod) MESSAGE IP Protection started successfully
    08:28:09 Daddy (ipod) DETECTION C:\Program Files\PDFReader\Uninstall\Uninstall.exe Adware.Agent QUARANTINE
    08:28:09 Daddy (ipod) DETECTION C:\PROGRAM FILES\PDFREADER\UNINSTALL\UNINSTALL.EXE Adware.Agent DENY
    08:35:57 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    08:36:00 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    08:36:04 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    08:36:06 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
  4. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    After running GMER

    07:24:16 Daddy (ipod) ERROR Scheduled update failed: No address found failed with error code 11004
    08:26:31 Daddy (ipod) MESSAGE Protection started successfully
    08:27:04 Daddy (ipod) MESSAGE IP Protection started successfully
    08:28:09 Daddy (ipod) DETECTION C:\Program Files\PDFReader\Uninstall\Uninstall.exe Adware.Agent QUARANTINE
    08:28:09 Daddy (ipod) DETECTION C:\PROGRAM FILES\PDFREADER\UNINSTALL\UNINSTALL.EXE Adware.Agent DENY
    08:35:57 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    08:36:00 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    08:36:04 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
    08:36:06 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
  5. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    DDS

    when i click run to start DDS it briefly flash's a notepad page that dissapears. Is this because i have a script blocker running? If so how do i find my script blocker?

    Thankyou
  6. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Skip DDS for now.
  7. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    Ok. I have posted the scan results on the thread after each scan & skipped DDS. Anything else now?

    Thank you
  8. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    I still need GMER log.
  9. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-26 16:41:38
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC74P
    Running: 8ced8uv8.exe; Driver: C:\DOCUME~1\DADDY(~1\LOCALS~1\Temp\pxxyikow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 84AA331B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 84AA331B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 84AA331B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 84AA331B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 84AA331B

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
  10. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  11. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    TDSSKiller log

    17:02:35.0468 3504 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    17:02:35.0703 3504 ============================================================
    17:02:35.0703 3504 Current date / time: 2011/12/26 17:02:35.0703
    17:02:35.0703 3504 SystemInfo:
    17:02:35.0703 3504
    17:02:35.0703 3504 OS Version: 5.1.2600 ServicePack: 3.0
    17:02:35.0703 3504 Product type: Workstation
    17:02:35.0703 3504 ComputerName: USER-599DAAA9C5
    17:02:35.0734 3504 UserName: Daddy (ipod)
    17:02:35.0734 3504 Windows directory: C:\WINDOWS
    17:02:35.0734 3504 System windows directory: C:\WINDOWS
    17:02:35.0734 3504 Processor architecture: Intel x86
    17:02:35.0734 3504 Number of processors: 2
    17:02:35.0734 3504 Page size: 0x1000
    17:02:35.0734 3504 Boot type: Normal boot
    17:02:35.0734 3504 ============================================================
    17:02:38.0281 3504 Initialize success
    17:04:25.0343 1964 ============================================================
    17:04:25.0343 1964 Scan started
    17:04:25.0343 1964 Mode: Manual;
    17:04:25.0343 1964 ============================================================
    17:04:26.0671 1964 Abiosdsk - ok
    17:04:26.0687 1964 abp480n5 - ok
    17:04:26.0765 1964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:04:26.0781 1964 ACPI - ok
    17:04:26.0812 1964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    17:04:26.0828 1964 ACPIEC - ok
    17:04:26.0828 1964 adpu160m - ok
    17:04:26.0890 1964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    17:04:26.0890 1964 aec - ok
    17:04:26.0953 1964 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
    17:04:26.0953 1964 AFD - ok
    17:04:26.0968 1964 Aha154x - ok
    17:04:26.0984 1964 aic78u2 - ok
    17:04:26.0984 1964 aic78xx - ok
    17:04:27.0000 1964 AliIde - ok
    17:04:27.0015 1964 amsint - ok
    17:04:27.0078 1964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    17:04:27.0078 1964 Arp1394 - ok
    17:04:27.0093 1964 asc - ok
    17:04:27.0093 1964 asc3350p - ok
    17:04:27.0109 1964 asc3550 - ok
    17:04:27.0156 1964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:04:27.0156 1964 AsyncMac - ok
    17:04:27.0171 1964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    17:04:27.0171 1964 atapi - ok
    17:04:27.0171 1964 Atdisk - ok
    17:04:27.0328 1964 ati2mtag (3b88b6466896cc1a3a7e3287d72aca85) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    17:04:27.0437 1964 ati2mtag - ok
    17:04:27.0562 1964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:04:27.0562 1964 Atmarpc - ok
    17:04:27.0609 1964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:04:27.0609 1964 audstub - ok
    17:04:27.0671 1964 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    17:04:27.0671 1964 AVGIDSDriver - ok
    17:04:27.0734 1964 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    17:04:27.0734 1964 AVGIDSEH - ok
    17:04:27.0750 1964 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    17:04:27.0750 1964 AVGIDSFilter - ok
    17:04:27.0765 1964 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    17:04:27.0781 1964 AVGIDSShim - ok
    17:04:27.0828 1964 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    17:04:27.0843 1964 Avgldx86 - ok
    17:04:27.0921 1964 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    17:04:27.0921 1964 Avgmfx86 - ok
    17:04:27.0937 1964 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    17:04:27.0937 1964 Avgrkx86 - ok
    17:04:28.0000 1964 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    17:04:28.0015 1964 Avgtdix - ok
    17:04:28.0078 1964 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    17:04:28.0078 1964 b57w2k - ok
    17:04:28.0171 1964 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    17:04:28.0203 1964 BCM43XX - ok
    17:04:28.0343 1964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    17:04:28.0343 1964 Beep - ok
    17:04:28.0406 1964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:04:28.0406 1964 cbidf2k - ok
    17:04:28.0406 1964 cd20xrnt - ok
    17:04:28.0421 1964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:04:28.0421 1964 Cdaudio - ok
    17:04:28.0484 1964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    17:04:28.0484 1964 Cdfs - ok
    17:04:28.0515 1964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:04:28.0515 1964 Cdrom - ok
    17:04:28.0531 1964 Changer - ok
    17:04:28.0578 1964 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    17:04:28.0593 1964 CmBatt - ok
    17:04:28.0593 1964 CmdIde - ok
    17:04:28.0609 1964 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    17:04:28.0609 1964 Compbatt - ok
    17:04:28.0625 1964 Cpqarray - ok
    17:04:28.0640 1964 dac2w2k - ok
    17:04:28.0671 1964 dac960nt - ok
    17:04:28.0687 1964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    17:04:28.0687 1964 Disk - ok
    17:04:28.0734 1964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    17:04:28.0750 1964 dmboot - ok
    17:04:28.0859 1964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    17:04:28.0875 1964 dmio - ok
    17:04:28.0906 1964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    17:04:28.0906 1964 dmload - ok
    17:04:28.0953 1964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    17:04:28.0953 1964 DMusic - ok
    17:04:28.0968 1964 dpti2o - ok
    17:04:28.0968 1964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    17:04:28.0984 1964 drmkaud - ok
    17:04:29.0015 1964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    17:04:29.0031 1964 Fastfat - ok
    17:04:29.0062 1964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    17:04:29.0062 1964 Fdc - ok
    17:04:29.0078 1964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    17:04:29.0078 1964 Fips - ok
    17:04:29.0187 1964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    17:04:29.0187 1964 Flpydisk - ok
    17:04:29.0234 1964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    17:04:29.0234 1964 FltMgr - ok
    17:04:29.0265 1964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:04:29.0265 1964 Fs_Rec - ok
    17:04:29.0296 1964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:04:29.0312 1964 Ftdisk - ok
    17:04:29.0359 1964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    17:04:29.0375 1964 GEARAspiWDM - ok
    17:04:29.0390 1964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:04:29.0390 1964 Gpc - ok
    17:04:29.0421 1964 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    17:04:29.0421 1964 HDAudBus - ok
    17:04:29.0437 1964 hpn - ok
    17:04:29.0500 1964 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    17:04:29.0500 1964 HSFHWAZL - ok
    17:04:29.0640 1964 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    17:04:29.0656 1964 HSF_DPV - ok
    17:04:29.0781 1964 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
    17:04:29.0781 1964 HTTP - ok
    17:04:29.0796 1964 i2omgmt - ok
    17:04:29.0796 1964 i2omp - ok
    17:04:29.0843 1964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    17:04:29.0843 1964 i8042prt - ok
    17:04:29.0890 1964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:04:29.0890 1964 Imapi - ok
    17:04:29.0906 1964 ini910u - ok
    17:04:29.0921 1964 IntelIde - ok
    17:04:29.0968 1964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    17:04:29.0984 1964 Ip6Fw - ok
    17:04:30.0109 1964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:04:30.0109 1964 IpFilterDriver - ok
    17:04:30.0109 1964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:04:30.0125 1964 IpInIp - ok
    17:04:30.0171 1964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:04:30.0171 1964 IpNat - ok
    17:04:30.0203 1964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:04:30.0203 1964 IPSec - ok
    17:04:30.0250 1964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:04:30.0250 1964 IRENUM - ok
    17:04:30.0343 1964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:04:30.0343 1964 isapnp - ok
    17:04:30.0375 1964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:04:30.0375 1964 Kbdclass - ok
    17:04:30.0531 1964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    17:04:30.0531 1964 kmixer - ok
    17:04:30.0562 1964 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
    17:04:30.0562 1964 KSecDD - ok
    17:04:30.0578 1964 lbrtfdc - ok
    17:04:30.0640 1964 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
    17:04:30.0640 1964 LgBttPort - ok
    17:04:30.0656 1964 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
    17:04:30.0656 1964 lgbusenum - ok
    17:04:30.0687 1964 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
    17:04:30.0687 1964 LGVMODEM - ok
    17:04:30.0718 1964 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
    17:04:30.0718 1964 MBAMProtector - ok
    17:04:30.0734 1964 MBAMSwissArmy - ok
    17:04:30.0781 1964 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    17:04:30.0781 1964 mdmxsdk - ok
    17:04:30.0906 1964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    17:04:30.0906 1964 mnmdd - ok
    17:04:30.0921 1964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    17:04:30.0921 1964 Modem - ok
    17:04:30.0984 1964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:04:30.0984 1964 Mouclass - ok
    17:04:31.0046 1964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    17:04:31.0046 1964 MountMgr - ok
    17:04:31.0046 1964 mraid35x - ok
    17:04:31.0062 1964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:04:31.0078 1964 MRxDAV - ok
    17:04:31.0125 1964 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:04:31.0125 1964 MRxSmb - ok
    17:04:31.0218 1964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    17:04:31.0218 1964 Msfs - ok
    17:04:31.0281 1964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:04:31.0281 1964 MSKSSRV - ok
    17:04:31.0296 1964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:04:31.0296 1964 MSPCLOCK - ok
    17:04:31.0296 1964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    17:04:31.0296 1964 MSPQM - ok
    17:04:31.0343 1964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:04:31.0343 1964 mssmbios - ok
    17:04:31.0359 1964 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    17:04:31.0359 1964 Mup - ok
    17:04:31.0375 1964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    17:04:31.0390 1964 NDIS - ok
    17:04:31.0406 1964 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:04:31.0406 1964 NdisTapi - ok
    17:04:31.0453 1964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:04:31.0468 1964 Ndisuio - ok
    17:04:31.0500 1964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:04:31.0500 1964 NdisWan - ok
    17:04:31.0515 1964 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    17:04:31.0515 1964 NDProxy - ok
    17:04:31.0546 1964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    17:04:31.0546 1964 NetBIOS - ok
    17:04:31.0656 1964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    17:04:31.0656 1964 NetBT - ok
    17:04:31.0687 1964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    17:04:31.0687 1964 NIC1394 - ok
    17:04:31.0703 1964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    17:04:31.0703 1964 Npfs - ok
    17:04:31.0781 1964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    17:04:31.0812 1964 Ntfs - ok
    17:04:31.0953 1964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    17:04:31.0953 1964 Null - ok
    17:04:32.0000 1964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:04:32.0000 1964 NwlnkFlt - ok
    17:04:32.0015 1964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:04:32.0015 1964 NwlnkFwd - ok
    17:04:32.0062 1964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    17:04:32.0062 1964 ohci1394 - ok
    17:04:32.0109 1964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    17:04:32.0109 1964 Parport - ok
    17:04:32.0125 1964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    17:04:32.0125 1964 PartMgr - ok
    17:04:32.0156 1964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    17:04:32.0156 1964 ParVdm - ok
    17:04:32.0171 1964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    17:04:32.0171 1964 PCI - ok
    17:04:32.0187 1964 PCIDump - ok
    17:04:32.0203 1964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    17:04:32.0203 1964 PCIIde - ok
    17:04:32.0218 1964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    17:04:32.0218 1964 Pcmcia - ok
    17:04:32.0281 1964 PDCOMP - ok
    17:04:32.0296 1964 PDFRAME - ok
    17:04:32.0312 1964 PDRELI - ok
    17:04:32.0312 1964 PDRFRAME - ok
    17:04:32.0328 1964 perc2 - ok
    17:04:32.0343 1964 perc2hib - ok
    17:04:32.0390 1964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:04:32.0390 1964 PptpMiniport - ok
    17:04:32.0437 1964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    17:04:32.0437 1964 Processor - ok
    17:04:32.0453 1964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    17:04:32.0453 1964 PSched - ok
    17:04:32.0484 1964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:04:32.0484 1964 Ptilink - ok
    17:04:32.0515 1964 ql1080 - ok
    17:04:32.0531 1964 Ql10wnt - ok
    17:04:32.0531 1964 ql12160 - ok
    17:04:32.0546 1964 ql1240 - ok
    17:04:32.0562 1964 ql1280 - ok
    17:04:32.0593 1964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:04:32.0593 1964 RasAcd - ok
    17:04:32.0656 1964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:04:32.0656 1964 Rasl2tp - ok
    17:04:32.0671 1964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:04:32.0671 1964 RasPppoe - ok
    17:04:32.0687 1964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:04:32.0687 1964 Raspti - ok
    17:04:32.0781 1964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:04:32.0781 1964 Rdbss - ok
    17:04:32.0796 1964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:04:32.0796 1964 RDPCDD - ok
    17:04:32.0843 1964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    17:04:32.0843 1964 rdpdr - ok
    17:04:32.0875 1964 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    17:04:32.0875 1964 RDPWD - ok
    17:04:32.0921 1964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:04:32.0921 1964 redbook - ok
    17:04:32.0984 1964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:04:32.0984 1964 Secdrv - ok
    17:04:33.0031 1964 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    17:04:33.0031 1964 serenum - ok
    17:04:33.0046 1964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    17:04:33.0046 1964 Serial - ok
    17:04:33.0078 1964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    17:04:33.0078 1964 Sfloppy - ok
    17:04:33.0171 1964 Simbad - ok
    17:04:33.0171 1964 Sparrow - ok
    17:04:33.0234 1964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    17:04:33.0250 1964 splitter - ok
    17:04:33.0312 1964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    17:04:33.0312 1964 sr - ok
    17:04:33.0328 1964 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
    17:04:33.0328 1964 Srv - ok
    17:04:33.0484 1964 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
    17:04:33.0515 1964 STHDA - ok
    17:04:33.0562 1964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:04:33.0562 1964 swenum - ok
    17:04:33.0625 1964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    17:04:33.0625 1964 swmidi - ok
    17:04:33.0640 1964 symc810 - ok
    17:04:33.0656 1964 symc8xx - ok
    17:04:33.0656 1964 sym_hi - ok
    17:04:33.0671 1964 sym_u3 - ok
    17:04:33.0703 1964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    17:04:33.0703 1964 sysaudio - ok
    17:04:33.0812 1964 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:04:33.0828 1964 Tcpip - ok
    17:04:33.0859 1964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:04:33.0859 1964 TDPIPE - ok
    17:04:33.0875 1964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    17:04:33.0875 1964 TDTCP - ok
    17:04:33.0921 1964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:04:33.0921 1964 TermDD - ok
    17:04:33.0937 1964 TosIde - ok
    17:04:34.0000 1964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    17:04:34.0000 1964 Udfs - ok
    17:04:34.0015 1964 ultra - ok
    17:04:34.0031 1964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    17:04:34.0046 1964 Update - ok
    17:04:34.0093 1964 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    17:04:34.0109 1964 USBAAPL - ok
    17:04:34.0218 1964 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    17:04:34.0234 1964 usbaudio - ok
    17:04:34.0281 1964 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
    17:04:34.0515 1964 usbbus - ok
    17:04:34.0812 1964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:04:34.0828 1964 usbccgp - ok
    17:04:35.0046 1964 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
    17:04:35.0093 1964 UsbDiag - ok
    17:04:35.0140 1964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:04:35.0140 1964 usbehci - ok
    17:04:35.0203 1964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:04:35.0218 1964 usbhub - ok
    17:04:35.0328 1964 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
    17:04:35.0375 1964 USBModem - ok
    17:04:35.0406 1964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    17:04:35.0406 1964 usbohci - ok
    17:04:35.0468 1964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    17:04:35.0468 1964 usbprint - ok
    17:04:35.0546 1964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:04:35.0546 1964 usbscan - ok
    17:04:35.0640 1964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:04:35.0656 1964 USBSTOR - ok
    17:04:35.0703 1964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    17:04:35.0703 1964 VgaSave - ok
    17:04:35.0718 1964 ViaIde - ok
    17:04:35.0812 1964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    17:04:35.0812 1964 VolSnap - ok
    17:04:35.0875 1964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:04:35.0875 1964 Wanarp - ok
    17:04:35.0890 1964 WDICA - ok
    17:04:35.0968 1964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    17:04:35.0968 1964 wdmaud - ok
    17:04:36.0187 1964 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    17:04:36.0203 1964 winachsf - ok
    17:04:36.0359 1964 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    17:04:36.0359 1964 WmiAcpi - ok
    17:04:36.0406 1964 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    17:04:36.0562 1964 \Device\Harddisk0\DR0 - ok
    17:04:36.0562 1964 Boot (0x1200) (f9397b558ded31345b4f381a3da3a64f) \Device\Harddisk0\DR0\Partition0
    17:04:36.0562 1964 \Device\Harddisk0\DR0\Partition0 - ok
    17:04:36.0562 1964 ============================================================
    17:04:36.0562 1964 Scan finished
    17:04:36.0562 1964 ============================================================
    17:04:36.0578 2108 Detected object count: 0
    17:04:36.0578 2108 Actual detected object count: 0
    17:04:43.0234 2024 Deinitialize success
  12. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  13. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    MBR log

    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-26 17:22:10
    -----------------------------
    17:22:10.562 OS Version: Windows 5.1.2600 Service Pack 3
    17:22:10.562 Number of processors: 2 586 0x4802
    17:22:10.562 ComputerName: USER-599DAAA9C5 UserName: Daddy (ipod)
    17:22:13.328 Initialize success
    17:24:33.265 AVAST engine defs: 11122501
    17:24:36.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    17:24:36.234 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC74P Size: 76319MB BusType: 3
    17:24:38.343 Disk 0 MBR read successfully
    17:24:38.343 Disk 0 MBR scan
    17:24:38.750 Disk 0 Windows XP default MBR code
    17:24:38.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
    17:24:38.796 Disk 0 scanning sectors +156296385
    17:24:39.250 Disk 0 scanning C:\WINDOWS\system32\drivers
    17:24:55.234 Service scanning
    17:24:56.437 Modules scanning
    17:25:05.765 Disk 0 trace - called modules:
    17:25:05.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    17:25:05.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bc6ab8]
    17:25:05.812 3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\0000007c[0x84b7ef18]
    17:25:05.812 5 ACPI.sys[f73a9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b7dd98]
    17:25:06.687 AVAST engine scan C:\WINDOWS
    17:25:12.093 AVAST engine scan C:\WINDOWS\system32
    17:26:59.296 AVAST engine scan C:\WINDOWS\system32\drivers
    17:27:11.843 AVAST engine scan C:\Documents and Settings\Daddy (ipod)
    17:27:40.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daddy (ipod)\My Documents\MBR.dat"
    17:27:40.109 The log file has been saved successfully to "C:\Documents and Settings\Daddy (ipod)\My Documents\aswMBR.txt"
     
  14. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  15. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    Boot cleaner

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  16. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  17. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    rkill log /combofix

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 28/12/2011 at 12:25:32.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


    Rkill completed on 28/12/2011 at 12:25:42.


    I have also run the combofix program but i cannot find the log? i run a search for combofix.txt it came up with lots of files but i can't find a txt log
  18. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    It should be here: "C:\ComboFix.txt"
    If it's not re-run it.
  19. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    I have tried now 3 or 4 times again after running comboFix - when it get's to the reboot it doesnt automatically reboot even after waiting half an hour. I have to got to the start menu & got to the restart option.

    The only log i can see when looking for "C:\ComboFix.txt" is ntblog (posted below in 2 parts)




    I will try again anyway
  20. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Is redirection still present?

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  21. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    rootkit unhooker

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xBFB05000 C:\WINDOWS\System32\ati3duag.dll 3067904 bytes (ATI Technologies Inc. , ati3duag.dll)
    0xF6F51000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2580480 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1847296 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xBFDF2000 C:\WINDOWS\System32\ativvaxx.dll 1552384 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
    0xEC638000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
    0xF6E2A000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1126400 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
    0xEC4EE000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
    0xEC43B000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0xF7267000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xBAE22000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xBFA1B000 C:\WINDOWS\System32\ati2cqag.dll 450560 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
    0xF6CB2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xBAF74000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB84FF000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
    0xBFA89000 C:\WINDOWS\System32\atikvmag.dll 331776 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
    0xBFF6D000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xBAF2D000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0xBF9D5000 C:\WINDOWS\System32\ati2dvag.dll 286720 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
    0xBAD1E000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0xEC5E0000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
    0xF6D10000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xF73A3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB85A1000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF723A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xBFADA000 C:\WINDOWS\System32\atiok3x2.dll 176128 bytes (ATI Technologies Inc., Ring 0 x2 component)
    0xF6DFF000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
    0xBAE92000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xF6D90000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xBAEDF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xBAF07000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xEC614000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF6DDB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF6DB8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xBAEBD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB81D4000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
    0xF731D000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF7355000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xF7374000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
    0xF7220000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xF733D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xBAD06000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xF72F4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF6D79000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB830A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xF6F3D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xBAFCD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xF730B000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xF7392000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF6D40000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xF7652000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF76F2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF7552000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xF74E2000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xF7722000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xF7632000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xF75E2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF7702000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB8706000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xF75D2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xF74F2000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xF7532000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF7712000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xF7732000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF7512000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF75F2000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0xF7562000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xF7622000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF76E2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF7502000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF7742000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xF74D2000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xF7592000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xF7582000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xB8437000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xF7522000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF7572000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xF7612000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xF76D2000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xF7602000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF7862000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xF78A2000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF782A000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xF7762000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
    0xF7752000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xF7832000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xF7842000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF783A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF7892000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xF78C2000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
    0xF7812000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
    0xF789A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF775A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF7852000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF785A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xF784A000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xF7822000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0xF78B2000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xF78EE000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
    0xF78EA000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
    0xF79A2000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0xF71E8000 C:\WINDOWS\system32\DRIVERS\lgvmodem.sys 16384 bytes (LG Electronics Inc., LG Virtual Modem Driver)
    0xB89E2000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
    0xB855D000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
    0xF79C6000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB88EE000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xF799E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xF78E2000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xF78E6000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0xF68B4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xF79CA000 C:\WINDOWS\system32\DRIVERS\lgbtbus.sys 12288 bytes (LG Electronics Inc., LG BT Bus Enumerator)
    0xF71E4000 C:\WINDOWS\system32\DRIVERS\lgbtport.sys 12288 bytes (LG Electronics Inc., LG Bluetooth Transport Driver)
    0xF79AA000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF7982000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF79A6000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0xF79FC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xF7A0A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xF79FA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF79D2000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF79FE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF7A00000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF79F2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF79F4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF79D4000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF7B41000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF7BA6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xF7AE6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xF7A9A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================


    Nothing detected :(
  22. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    Hi
    Yes the redirects are gone. Do you see any other virus?
  23. Broni

    Broni Malware Annihilator Posts: 45,175   +242

    Good news :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  24. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    Extras.Txt log

    OTL Extras logfile created on: 29/12/2011 20:22:11 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daddy (ipod)\My Documents\Downloads\PC CLEANUP Programs
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    894.25 Mb Total Physical Memory | 214.67 Mb Available Physical Memory | 24.01% Memory free
    2.12 Gb Paging File | 1.37 Gb Available in Paging File | 64.68% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 40.46 Gb Free Space | 54.29% Space Free | Partition Type: NTFS

    Computer Name: USER-599DAAA9C5 | User Name: Daddy (ipod) | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "28728:UDP" = 28728:UDP:*:Enabled:UDP 28728
    "26191:TCP" = 26191:TCP:*:Enabled:TCP 26191
    "23124:UDP" = 23124:UDP:*:Enabled:UDP 23124
    "18911:TCP" = 18911:TCP:*:Enabled:TCP 18911

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 27
    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
    "{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
    "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{656A70D4-98FD-41F8-B172-575F60C922BB}" = AVG 2011
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
    "{B3F6591E-D615-4123-87B1-49E7DEDD2F66}" = OOo-dev 3.3
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
    "{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 4.004
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
    "{FA1162AE-AF27-44A9-9C78-0C46BD44D75F}" = AVG 2011
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2011
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "FinePix Genie_is1" = FUJIFILM MyFinePix Studio 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 5.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
    "ie8" = Windows Internet Explorer 8
    "LG PC Suite IV" = LG PC Suite IV
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Music Editor Free" = Music Editor Free
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.5

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 29/12/2011 12:13:02 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8344

    Error - 29/12/2011 12:13:02 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8344

    Error - 29/12/2011 12:13:04 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 29/12/2011 12:13:04 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10297

    Error - 29/12/2011 12:13:04 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10297

    Error - 29/12/2011 12:13:06 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 29/12/2011 12:13:06 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 12250

    Error - 29/12/2011 12:13:06 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 12250

    Error - 29/12/2011 12:13:13 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 29/12/2011 12:13:13 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 19766

    [ System Events ]
    Error - 29/12/2011 10:29:12 | Computer Name = USER-599DAAA9C5 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Windows Installer service
    to connect.

    Error - 29/12/2011 10:29:12 | Computer Name = USER-599DAAA9C5 | Source = Service Control Manager | ID = 7000
    Description = The Windows Installer service failed to start due to the following
    error: %%1053

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At1.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At2.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At3.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At4.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At5.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At6.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At7.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At8.job command failed to start due to the following error: %%2147942402


    < End of report >
  25. spanner monkey

    spanner monkey Newcomer, in training Topic Starter Posts: 21

    OTL.Txt (2 parts)

    OTL logfile created on: 29/12/2011 20:22:11 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daddy (ipod)\My Documents\Downloads\PC CLEANUP Programs
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    894.25 Mb Total Physical Memory | 214.67 Mb Available Physical Memory | 24.01% Memory free
    2.12 Gb Paging File | 1.37 Gb Available in Paging File | 64.68% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 40.46 Gb Free Space | 54.29% Space Free | Partition Type: NTFS

    Computer Name: USER-599DAAA9C5 | User Name: Daddy (ipod) | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/29 20:19:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy (ipod)\My Documents\Downloads\PC CLEANUP Programs\OTL.exe
    PRC - [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/08/05 16:11:28 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OOo-dev 3\program\soffice.bin
    PRC - [2010/08/05 16:11:26 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OOo-dev 3\program\soffice.exe
    PRC - [2010/03/05 09:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINDOWS\system32\LGScsiCommandService.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
    PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/07 11:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
    MOD - [2011/12/07 11:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
    MOD - [2011/12/07 11:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
    MOD - [2011/12/07 11:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
    MOD - [2011/12/07 11:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
    MOD - [2011/12/07 07:22:33 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2011/01/18 10:03:44 | 000,985,088 | ---- | M] () -- C:\Program Files\OOo-dev 3\program\libxml2.dll
    MOD - [2009/01/18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
    MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/03/05 09:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
    SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/01/21 00:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2010/01/21 00:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2010/01/21 00:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
    DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
    DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
    DRV - [2007/10/09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2007/08/02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/08/02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/08/02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/07/27 23:30:26 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 75 B3 0F DB D2 CB 01 [binary data]
    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/09/15 10:49:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/29 14:31:17 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

    O1 HOSTS File: ([2011/12/28 10:42:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Daddy (ipod)\Start Menu\Programs\Startup\OOo-dev 3.3.lnk = C:\Program Files\OOo-dev 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OOo-dev 3.3.lnk = C:\Program Files\OOo-dev 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F8681CA-224B-42A6-AF90-71D9505E0919}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/01/18 09:24:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/29 17:56:27 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2011/12/29 10:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/12/29 10:24:41 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/12/28 13:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\AVG10
    [2011/12/28 12:32:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/12/28 10:14:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/28 10:07:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/28 10:07:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/28 10:07:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/28 10:07:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/28 10:06:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/28 10:06:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/25 08:51:49 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Daddy (ipod)\Desktop\dds.pif
    [2011/12/25 08:51:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2011/12/25 08:47:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daddy (ipod)\My Documents\My Videos
    [2011/12/24 23:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Malwarebytes
    [2011/12/24 23:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/24 23:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/12/24 23:51:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/24 23:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/24 23:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\SumatraPDF
    [2011/12/24 23:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Start Menu\Programs\PDF Reader
    [2011/12/24 23:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
    [2011/12/07 20:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Yhsygax
    [2011/12/07 20:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Wey
    [2011/11/30 23:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/11/30 23:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/11/30 23:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/29 20:23:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1003UA.job
    [2011/12/29 20:23:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1003Core.job
    [2011/12/29 20:14:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/29 19:45:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1004UA.job
    [2011/12/29 17:57:51 | 000,034,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2011/12/29 14:28:12 | 141,758,493 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/12/29 10:57:27 | 000,459,420 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/29 10:57:27 | 000,076,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/29 10:53:54 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/29 10:52:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/28 22:45:03 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1004Core.job


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.