Solved Redirected in search engine even after reinstal

Status
Not open for further replies.

appleybridger

Posts: 33   +0
Hi all this is my first post but am in desperate need of help.

For the past month or so i have been plagued by redirection in search engine results when using my laptop.My laptop is an Acer Aspire 3630 connected wirelesly to a dell dimension 5150 through a belkin router.To date I have had no trouble with the Dell.

I have just done a reinstall from recovery discs I made when i first got the machine, I then went to Microsoft and installed all updates, I connected to the internet did a google search for Avast to download antivirus and when I clicked on the link I was redirected.

Can someone help with what to do next?

Thanks,
Denis
 
Hi and welcome to TechSpot forums :).

====

Please read the directions given here and when done, post the requested logs.
Please paste the logs, do not attach them.
 
Please find attached files.Since I posted originlly I have reformatted partition d on my hard drive and done another complete reinstal from discs.
One problem I did have was when I tried to update malware i had the following error message
MBAM_ERROR_UPLOADING(12007,0WINHTTPsENDrEQUEAT)

I reported this to malware but as yet I have had no reply as to meaning.I can update on my Dell pc.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

09/11/2010 15:28:31
mbam-log-2010-11-09 (15-28-31).txt

Scan type: Quick scan
Objects scanned: 106798
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

09/11/2010 15:51:26
mbam-log-2010-11-09 (15-51-26).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 139630
Time elapsed: 20 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-09 16:07:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800UE-22HCT0 rev.09.07D09
Running: 4ngqifwo.exe; Driver: C:\DOCUME~1\Denis\LOCALS~1\Temp\kfryqfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAD582CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAD582BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAD583160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAD58308A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAD582782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAD582C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAD5826C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAD582726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAD582DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAD58322E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAD582D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAD582EE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAD58FBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAD58F9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAD58FB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP AD58FB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP AD58F9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP AD58B5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP AD58CFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP AD58FBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1368] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005B0002
IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005B0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-11-09.01) - FAT32x86
Run by Denis at 16:07:42.34 on 09/11/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.117 [GMT 0:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Denis\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://global.acer.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LaunchApp] Alaunch
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289298055946
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-9 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-9 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 40384]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2004-12-15 200576]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 40384]

=============== Created Last 30 ================

2010-11-09 14:20:54 -------- d-----w- c:\program files\CCleaner
2010-11-09 14:16:37 38848 ----a-w- c:\windows\avastSS.scr
2010-11-09 14:16:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-09 14:15:18 -------- d-----w- c:\docume~1\denis\locals~1\applic~1\Identities
2010-11-09 14:13:03 -------- d-----w- c:\docume~1\denis\applic~1\Malwarebytes
2010-11-09 14:12:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-09 14:12:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 14:12:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-09 14:12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-09 14:08:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-09 14:08:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-09 14:06:10 -------- d-----w- c:\program files\SpywareBlaster
2010-11-09 14:04:26 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-11-09 12:55:29 -------- d-sh--w- C:\Recycled
2010-11-09 11:45:06 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-09 11:44:26 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-09 11:44:26 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-09 11:42:28 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-09 11:40:35 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-11-09 11:40:20 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-11-09 11:39:38 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-09 11:37:17 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-09 11:35:57 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-09 11:35:57 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-09 11:35:41 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-09 11:31:53 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-11-09 11:27:06 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-09 11:26:59 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-11-09 11:26:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-09 11:26:00 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-09 10:59:03 -------- d-----w- c:\windows\system32\scripting
2010-11-09 10:59:03 -------- d-----w- c:\windows\l2schemas
2010-11-09 10:59:02 -------- d-----w- c:\windows\system32\en
2010-11-09 10:59:02 -------- d-----w- c:\windows\system32\bits
2010-11-09 10:57:36 -------- d-----w- c:\windows\ServicePackFiles
2010-11-09 10:55:54 -------- d-----w- c:\windows\network diagnostic
2010-11-09 10:50:26 -------- d-----w- c:\windows\EHome
2010-11-09 10:37:43 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2010-11-09 10:37:43 104960 ------w- c:\windows\system32\drivers\atinrvxx.sys
2010-11-09 10:37:42 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-11-09 10:37:42 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-11-09 10:37:42 36463 ------w- c:\windows\system32\drivers\ati1tuxx.sys
2010-11-09 10:37:42 31744 ------w- c:\windows\system32\drivers\atinxbxx.sys
2010-11-09 10:37:42 28672 ------w- c:\windows\system32\drivers\atinsnxx.sys
2010-11-09 10:37:42 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-11-09 10:37:42 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-11-09 10:37:42 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2010-11-09 10:37:42 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-11-09 10:25:20 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-09 10:25:20 -------- d-----w- c:\windows\system32\PreInstall
2010-11-09 10:22:15 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-11-09 10:22:15 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-11-09 10:22:15 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-09 10:22:14 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-11-09 10:22:14 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-09 10:20:53 -------- d-s---w- c:\documents and settings\denis\UserData
2010-11-09 07:07:13 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-11-09 07:06:56 -------- d-----w- c:\program files\Launch Manager
2010-11-09 07:06:41 147456 ----a-w- c:\windows\UNINST32.EXE
2010-11-09 07:06:39 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-11-09 07:06:39 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-11-08 23:00:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-08 23:00:08 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-08 22:17:50 5010672 ----a-w- c:\windows\KB912945.EXE
2010-11-08 22:17:50 163840 ----a-w- c:\windows\AExec.exe
2010-11-08 22:17:49 589824 ----a-w- c:\windows\AntiV.EXE

==================== Find3M ====================

2010-11-08 22:17:54 925 ----a-w- c:\windows\HotFix.bat
2010-11-08 22:17:52 657 ----a-w- c:\windows\CLEANUP.CMD
2010-09-18 12:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:26 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:26 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:26 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:32 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-08 16:49:50 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 16:08:24.79 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-09.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 09/11/2010 07:04:53
System Uptime: 11/09/2010 15:13:42 (1417 hours ago)

Motherboard: Acer, Inc. | | Lugano
Processor: Intel(R) Celeron(R) M processor 1.60GHz | Socket 479M | 1600/400mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 35 GiB total, 27.178 GiB free.
D: is FIXED (NTFS) - 36 GiB total, 35.437 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 09/11/2010 07:04:57 - System Checkpoint
RP2: 09/11/2010 07:07:11 - Installed eRecovery
RP3: 09/11/2010 07:10:41 - Installed Windows XP KB912945.
RP4: 09/11/2010 10:25:02 - Software Distribution Service 3.0
RP5: 09/11/2010 10:39:34 - Software Distribution Service 3.0
RP6: 09/11/2010 10:48:03 - Software Distribution Service 3.0
RP7: 09/11/2010 11:46:53 - Software Distribution Service 3.0
RP8: 09/11/2010 14:16:29 - avast! Free Antivirus Setup

==== Installed Programs ======================

Acer eManager for Notebook
Acer GridVista
Adobe Reader 7.0
Arcade 3.0
avast! Free Antivirus
CCleaner
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Launch Manager
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
NTI Backup NOW! 4
NTI CD & DVD-Maker
PowerProducer
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
SoftV90 Data Fax Modem with SmartCP
Spybot - Search & Destroy
SpywareBlaster 4.4
Synaptics Pointing Device Driver
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

09/11/2010 15:12:39, error: Service Control Manager [7034] - The Notebook Manager Service service terminated unexpectedly. It has done this 1 time(s).
09/11/2010 10:42:37, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Windows XP Service Pack 3 (KB936929).

==== End Of File ===========================
 
Hi Crunchie, did a manual update of MWB.Ran TFC then ran MWB.No infections found.Here's the log of the scans.Assumed you didn't want me to run GMER and DDS again.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5070

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/11/2010 00:06:15
mbam-log-2010-11-10 (00-06-15).txt

Scan type: Quick scan
Objects scanned: 129026
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5070

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/11/2010 00:30:36
mbam-log-2010-11-10 (00-30-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 161939
Time elapsed: 23 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
Here's the combofix log as requested

ComboFix 10-11-09.02 - Denis 10/11/2010 10:39:11.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.273 [GMT 0:00]
Running from: c:\documents and settings\Denis\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Uninstall.ini

.
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-09 14:20 . 2010-11-09 14:20 -------- d-----w- c:\program files\CCleaner
2010-11-09 14:16 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-09 14:16 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-09 14:16 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-09 14:16 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-09 14:16 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-09 14:16 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-09 14:16 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-09 14:16 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-09 14:16 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-09 14:16 . 2010-11-09 14:16 -------- d-----w- c:\program files\Alwil Software
2010-11-09 14:16 . 2010-11-09 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-09 14:12 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-09 14:12 . 2010-11-09 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-09 14:12 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 14:12 . 2010-11-09 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-09 14:08 . 2010-11-09 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-09 14:08 . 2010-11-09 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-09 14:06 . 2010-11-09 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-09 14:06 . 2010-11-09 14:06 -------- d-----w- c:\program files\SpywareBlaster
2010-11-09 14:04 . 2004-08-04 05:00 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-11-09 11:45 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-09 11:44 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-09 11:44 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-09 11:42 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-09 11:40 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-11-09 11:40 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-11-09 11:39 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-09 11:37 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-09 11:35 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-09 11:35 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-09 11:35 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-09 11:31 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-11-09 11:27 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-09 11:26 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-11-09 11:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-09 11:26 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\system32\scripting
2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\l2schemas
2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\system32\en
2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\system32\bits
2010-11-09 10:57 . 2010-11-09 10:57 -------- d-----w- c:\windows\ServicePackFiles
2010-11-09 10:50 . 2010-11-09 10:50 -------- d-----w- c:\windows\EHome
2010-11-09 10:37 . 2004-08-03 22:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2010-11-09 10:37 . 2004-08-03 22:29 104960 ------w- c:\windows\system32\drivers\atinrvxx.sys
2010-11-09 10:37 . 2004-08-03 22:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-11-09 10:37 . 2004-08-03 22:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-11-09 10:37 . 2004-08-03 22:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2010-11-09 10:37 . 2004-08-03 22:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-11-09 10:37 . 2004-08-03 22:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-11-09 10:37 . 2004-08-03 22:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-11-09 10:37 . 2004-08-03 22:29 36463 ------w- c:\windows\system32\drivers\ati1tuxx.sys
2010-11-09 10:37 . 2004-08-03 22:29 31744 ------w- c:\windows\system32\drivers\atinxbxx.sys
2010-11-09 10:37 . 2004-08-03 22:29 28672 ------w- c:\windows\system32\drivers\atinsnxx.sys
2010-11-09 10:25 . 2007-07-27 23:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-09 10:22 . 2009-08-06 19:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-11-09 10:22 . 2009-08-06 19:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-11-09 10:22 . 2009-08-06 19:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-11-09 10:22 . 2009-08-06 19:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-11-09 10:22 . 2009-08-06 19:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-09 07:07 . 2005-09-26 16:40 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-11-09 07:06 . 2010-11-09 07:06 -------- d-----w- c:\program files\Launch Manager
2010-11-09 07:06 . 2004-12-10 11:49 147456 ----a-w- c:\windows\UNINST32.EXE
2010-11-09 07:06 . 2004-12-08 14:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-11-09 07:06 . 2002-12-19 15:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-11-09 07:05 . 2010-11-09 07:05 -------- d-----w- c:\documents and settings\Denis
2010-11-08 23:00 . 2001-08-17 13:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-08 23:00 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-08 22:17 . 2006-02-23 22:00 5010672 ----a-w- c:\windows\KB912945.EXE
2010-11-08 22:17 . 2004-08-26 03:23 163840 ----a-w- c:\windows\AExec.exe
2010-11-08 22:17 . 2004-08-24 22:48 589824 ----a-w- c:\windows\AntiV.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 22:17 . 2004-06-25 17:13 925 ----a-w- c:\windows\HotFix.bat
2010-11-08 22:17 . 2005-03-10 12:12 657 ----a-w- c:\windows\CLEANUP.CMD
2010-09-18 12:23 . 2004-08-04 05:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 05:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 05:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 05:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2006-01-09 10:08 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2004-08-04 05:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:16 . 2004-08-04 05:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-08 16:49 . 2004-08-04 05:00 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 05:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 05:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 05:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-23 16:12 . 2004-08-04 05:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 05:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-29 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-29 98304]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 315392]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/11/2010 14:16 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/11/2010 14:16 17744]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [15/12/2004 15:18 200576]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - INT15.SYS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 10:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-10 10:43:12
ComboFix-quarantined-files.txt 2010-11-10 10:43

Pre-Run: 28,971,794,432 bytes free
Post-Run: 28,958,228,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B187A646C65290B09454A660F2FA40F5
 
Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\windows\system32\wucltui.dll.mui
c:\windows\system32\wuaueng.dll.mui
c:\windows\system32\wuaucpl.cpl.mui
c:\windows\system32\wuapi.dll.mui
 
Cheers. I fixed the link :).

Still getting re-directed?

If yes, Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

===============

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Not actually going anywhere now.When I click a search result in google I just get a blank page with done in the bottom left hand corner of status bar along with yellow triangle with exclamation mark in it.

Will do above scans asap.
 
Heres the tdss scan log

2010/11/10 13:12:50.0671 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/10 13:12:50.0671 ================================================================================
2010/11/10 13:12:50.0671 SystemInfo:
2010/11/10 13:12:50.0671
2010/11/10 13:12:50.0671 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/10 13:12:50.0671 Product type: Workstation
2010/11/10 13:12:50.0671 ComputerName: ACER-B8216CAA61
2010/11/10 13:12:50.0671 UserName: Denis
2010/11/10 13:12:50.0671 Windows directory: C:\WINDOWS
2010/11/10 13:12:50.0671 System windows directory: C:\WINDOWS
2010/11/10 13:12:50.0671 Processor architecture: Intel x86
2010/11/10 13:12:50.0671 Number of processors: 1
2010/11/10 13:12:50.0671 Page size: 0x1000
2010/11/10 13:12:50.0671 Boot type: Normal boot
2010/11/10 13:12:50.0671 ================================================================================
2010/11/10 13:12:51.0015 Initialize success
2010/11/10 13:12:57.0875 ================================================================================
2010/11/10 13:12:57.0875 Scan started
2010/11/10 13:12:57.0875 Mode: Manual;
2010/11/10 13:12:57.0875 ================================================================================
2010/11/10 13:12:58.0281 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/10 13:12:58.0968 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/10 13:12:59.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/10 13:12:59.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/10 13:12:59.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/10 13:13:00.0593 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/11/10 13:13:01.0390 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/11/10 13:13:02.0281 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/11/10 13:13:02.0406 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/10 13:13:02.0562 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/10 13:13:02.0687 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/10 13:13:02.0796 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/10 13:13:02.0890 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/10 13:13:03.0109 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/10 13:13:03.0343 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/10 13:13:03.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/10 13:13:03.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/10 13:13:04.0156 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/11/10 13:13:04.0265 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/10 13:13:04.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/10 13:13:04.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/10 13:13:05.0015 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/10 13:13:05.0234 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/10 13:13:05.0656 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/10 13:13:06.0093 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/10 13:13:07.0015 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/10 13:13:07.0156 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
2010/11/10 13:13:07.0375 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/10 13:13:07.0656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/10 13:13:07.0718 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/10 13:13:07.0921 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/10 13:13:08.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/10 13:13:08.0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/10 13:13:08.0859 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/10 13:13:09.0062 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/10 13:13:09.0218 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/10 13:13:09.0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/10 13:13:09.0515 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/10 13:13:09.0625 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/10 13:13:09.0812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/10 13:13:10.0000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/10 13:13:10.0390 HSFHWSIS (5d2cc68ab58ef663af5803d0faa42d28) C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys
2010/11/10 13:13:10.0578 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/10 13:13:10.0921 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/10 13:13:11.0609 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/10 13:13:11.0781 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/10 13:13:12.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/10 13:13:12.0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/10 13:13:12.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/10 13:13:13.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/10 13:13:13.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/10 13:13:13.0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/10 13:13:13.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/10 13:13:13.0875 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/10 13:13:14.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/10 13:13:14.0265 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/10 13:13:14.0421 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/10 13:13:14.0828 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/10 13:13:14.0953 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/10 13:13:15.0109 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/10 13:13:15.0281 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/10 13:13:15.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/10 13:13:15.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/10 13:13:16.0046 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/10 13:13:16.0187 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/10 13:13:16.0421 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/10 13:13:16.0609 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/10 13:13:16.0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/10 13:13:16.0937 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/10 13:13:17.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/10 13:13:17.0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/10 13:13:17.0531 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/10 13:13:17.0703 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/10 13:13:17.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/10 13:13:18.0031 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/10 13:13:18.0187 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/10 13:13:18.0359 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/10 13:13:18.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/10 13:13:18.0765 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/10 13:13:18.0953 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/10 13:13:19.0156 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/11/10 13:13:19.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/10 13:13:19.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/10 13:13:19.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/10 13:13:19.0578 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
2010/11/10 13:13:19.0687 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
2010/11/10 13:13:19.0859 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/10 13:13:20.0078 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/10 13:13:20.0140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/10 13:13:20.0281 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/10 13:13:20.0578 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/10 13:13:20.0718 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/10 13:13:22.0296 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/11/10 13:13:22.0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/10 13:13:22.0625 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/10 13:13:22.0718 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/10 13:13:23.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/10 13:13:24.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/10 13:13:24.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/10 13:13:24.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/10 13:13:24.0515 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/10 13:13:24.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/10 13:13:24.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/10 13:13:25.0000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/10 13:13:25.0234 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/10 13:13:25.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/10 13:13:25.0562 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/10 13:13:25.0953 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/11/10 13:13:26.0125 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/11/10 13:13:26.0265 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/11/10 13:13:26.0375 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2010/11/10 13:13:26.0750 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/10 13:13:26.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/10 13:13:27.0093 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/10 13:13:27.0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/10 13:13:27.0468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/10 13:13:28.0609 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/10 13:13:28.0812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/10 13:13:28.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/10 13:13:29.0171 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/10 13:13:29.0343 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/10 13:13:29.0468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/10 13:13:29.0984 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2010/11/10 13:13:30.0093 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2010/11/10 13:13:30.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/10 13:13:30.0718 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/10 13:13:31.0015 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/10 13:13:31.0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/10 13:13:31.0312 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/10 13:13:31.0437 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/10 13:13:31.0609 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/10 13:13:31.0968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/10 13:13:32.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/10 13:13:32.0750 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/10 13:13:32.0906 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/10 13:13:33.0281 ================================================================================
2010/11/10 13:13:33.0281 Scan finished
2010/11/10 13:13:33.0281 ================================================================================
2010/11/10 13:17:12.0453 Deinitialize success
 
Got confused with the OTL instructions.Hrers the OTL log

OTL logfile created on: 10/11/2010 17:39:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Denis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

445.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 26.12 Gb Free Space | 74.51% Space Free | Partition Type: FAT32
Drive D: | 35.56 Gb Total Space | 35.44 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

Computer Name: ACER-B8216CAA61 | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/29 13:50:40 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/11/16 16:41:34 | 000,393,216 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005/03/28 12:30:44 | 000,315,392 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/03/04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2005/02/23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/04 16:52:52 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/10/08 14:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
MOD - [2010/09/18 06:53:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 00:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2004/10/08 14:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/09/07 15:52:26 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:04 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:20 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:08 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:52 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2005/12/29 13:50:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/10 01:01:34 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/10 15:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/17 16:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/15 15:18:34 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWSIS.sys -- (HSFHWSIS)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/11/05 16:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/08 14:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/11/10 10:41:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1289298055946 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/10 01:02:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 17:38:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
[2010/11/10 13:24:43 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/11/10 11:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/10 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/10 11:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/10 11:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Sun
[2010/11/10 11:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/10 11:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/10 10:43:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/10 10:38:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/10 10:33:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/09 23:32:24 | 006,357,288 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Denis\My Documents\mbam-rules.exe
[2010/11/09 19:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Macromedia
[2010/11/09 16:16:25 | 027,634,824 | ---- | C] ( ) -- C:\Documents and Settings\Denis\My Documents\AdbeRdr940_en_US.exe
[2010/11/09 14:30:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\TFC.exe
[2010/11/09 14:22:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\Recent
[2010/11/09 14:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\Registry
[2010/11/09 14:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/09 14:16:59 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/09 14:16:59 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/09 14:16:58 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/09 14:16:57 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/09 14:16:56 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/09 14:16:56 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/09 14:16:55 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/09 14:16:37 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/09 14:16:37 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/09 14:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/09 14:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/09 14:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Identities
[2010/11/09 14:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Malwarebytes
[2010/11/09 14:12:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/09 14:12:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/09 14:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/09 14:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 14:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/09 14:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/09 14:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/09 14:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/11/09 11:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/11/09 11:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/09 10:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/11/09 10:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/09 10:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/09 10:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/09 10:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/11/09 10:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/11/09 10:55:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/09 10:50:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/09 10:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/11/09 10:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/09 10:25:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/09 10:22:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/09 10:20:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\UserData
[2010/11/09 07:07:13 | 000,258,048 | ---- | C] (Acer Inc.) -- C:\WINDOWS\System32\Uninstall_eRecovery.exe
[2010/11/09 07:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2010/11/09 07:06:41 | 000,147,456 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
[2010/11/09 07:06:39 | 000,049,152 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\QtBtLib.dll
[2010/11/09 07:06:39 | 000,016,896 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\drivers\DKbFltr.SYS
[2010/11/09 07:05:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\Application Data\Microsoft
[2010/11/09 07:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\You've Got Pictures Screensaver
[2010/11/09 07:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\AOL
[2010/11/09 07:05:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\Cookies
[2010/11/09 07:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\SendTo
[2010/11/09 07:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\Application Data
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\Start Menu
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents\My Pictures
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents\My Music
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\Favorites
[2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\Templates
[2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\PrintHood
[2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\NetHood
[2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\Local Settings
[2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Microsoft
[2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Identities
[2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Desktop
[2010/11/09 07:04:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/08 22:17:50 | 000,163,840 | ---- | C] (Acer Inc.) -- C:\WINDOWS\AExec.exe

========== Files - Modified Within 30 Days ==========

[2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
[2010/11/10 17:32:46 | 000,000,450 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/11/10 17:31:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/10 17:31:12 | 467,193,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 17:31:12 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/10 11:01:46 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/10 10:38:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/09 23:32:26 | 006,357,288 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Denis\My Documents\mbam-rules.exe
[2010/11/09 16:16:24 | 027,634,824 | ---- | M] ( ) -- C:\Documents and Settings\Denis\My Documents\AdbeRdr940_en_US.exe
[2010/11/09 14:33:22 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\4ngqifwo.exe
[2010/11/09 14:30:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\TFC.exe
[2010/11/09 14:20:58 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/09 14:17:02 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/09 14:16:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/09 14:12:58 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/09 14:08:10 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Spybot - Search & Destroy.lnk
[2010/11/09 14:06:12 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\SpywareBlaster.lnk
[2010/11/09 12:17:02 | 000,313,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 12:17:02 | 000,041,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/09 11:23:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 11:21:24 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/09 11:21:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/09 10:55:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/09 07:12:50 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/11/09 07:10:50 | 000,000,097 | ---- | M] () -- C:\WINDOWS\alaunch.ini
[2010/11/09 07:10:04 | 000,000,092 | ---- | M] () -- C:\WINDOWS\GridV.UNI
[2010/11/09 07:07:00 | 000,000,083 | ---- | M] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/11/09 07:06:18 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Windows Media Player.lnk
[2010/11/09 07:04:54 | 000,000,793 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/09 07:04:52 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/08 23:00:20 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/08 22:17:54 | 000,000,925 | ---- | M] () -- C:\WINDOWS\HotFix.bat
[2010/11/08 22:17:52 | 000,000,657 | ---- | M] () -- C:\WINDOWS\CLEANUP.CMD

========== Files Created - No Company Name ==========

[2010/11/10 11:01:45 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/10 10:38:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/10 10:38:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/09 14:33:20 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\4ngqifwo.exe
[2010/11/09 14:20:57 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/09 14:17:00 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/09 14:12:56 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/09 14:08:09 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Spybot - Search & Destroy.lnk
[2010/11/09 14:06:11 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\SpywareBlaster.lnk
[2010/11/09 10:37:47 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/11/09 10:37:47 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/11/09 10:37:47 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/11/09 10:37:44 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/11/09 10:37:44 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/11/09 10:37:44 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/11/09 10:37:44 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/11/09 10:37:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/11/09 10:37:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/11/09 10:37:44 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/11/09 10:37:44 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/11/09 10:37:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/11/09 10:37:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/11/09 10:37:44 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/11/09 10:37:44 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/11/09 10:37:44 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/11/09 10:37:44 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/11/09 10:37:44 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/11/09 10:37:44 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/11/09 10:37:44 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/11/09 10:37:44 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/11/09 10:37:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/11/09 10:37:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/11/09 10:37:44 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/11/09 10:37:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/11/09 10:37:44 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/11/09 10:37:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/11/09 10:37:44 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/11/09 10:37:44 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/11/09 10:37:44 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/11/09 10:37:44 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/11/09 10:37:44 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/11/09 10:37:44 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/11/09 10:37:44 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/11/09 10:37:44 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/11/09 10:37:44 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/11/09 10:37:44 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/11/09 10:37:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/11/09 10:37:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/11/09 10:37:44 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/11/09 10:37:44 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/11/09 10:37:44 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/11/09 10:37:44 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/11/09 10:37:44 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/11/09 10:37:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/11/09 10:37:43 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/11/09 10:37:43 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/11/09 10:37:43 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/11/09 10:37:43 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/11/09 10:37:43 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/11/09 10:37:43 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/11/09 10:37:43 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/11/09 10:37:43 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/11/09 10:37:43 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/11/09 10:37:43 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/11/09 10:37:43 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/11/09 10:37:43 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/11/09 10:37:43 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/11/09 10:37:43 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/11/09 10:37:43 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/11/09 10:37:42 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/11/09 10:37:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/11/09 10:36:56 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/11/09 10:36:56 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/11/09 10:36:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/11/09 10:36:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/11/09 10:36:56 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/11/09 10:36:56 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/11/09 10:36:56 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/11/09 10:36:55 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/11/09 10:36:55 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/11/09 10:36:55 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/11/09 10:36:55 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/11/09 10:36:54 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/11/09 10:36:49 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/11/09 07:12:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/09 07:10:49 | 000,000,450 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2010/11/09 07:10:02 | 000,000,092 | ---- | C] () -- C:\WINDOWS\GridV.UNI
[2010/11/09 07:06:58 | 000,000,083 | ---- | C] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/11/09 07:06:17 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Windows Media Player.lnk
[2010/11/09 07:06:01 | 003,318,626 | ---- | C] () -- C:\WINDOWS\as_1280x800.swf
[2010/11/09 07:05:54 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/09 07:05:54 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/11/09 07:05:54 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/08 23:00:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/08 22:59:28 | 467,193,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 22:17:50 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2010/11/08 22:17:49 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2005/12/29 14:02:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/29 13:43:32 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/01 15:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/10 01:02:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/11/10 00:44:32 | 000,100,871 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/11/10 00:37:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/28 15:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2005/03/04 14:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/12/17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/09/07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/06 00:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

========== LOP Check ==========

[2005/12/29 13:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/09 14:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/09 14:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 00:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/14 00:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 00:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 00:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 00:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/14 00:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/11/10 00:29:46 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005/11/10 00:29:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/11/10 00:29:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< >

< End of report >
 
Heres the extras log

OTL Extras logfile created on: 10/11/2010 17:39:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Denis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

445.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 26.12 Gb Free Space | 74.51% Space Free | Partition Type: FAT32
Drive D: | 35.56 Gb Total Space | 35.44 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

Computer Name: ACER-B8216CAA61 | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_00821025" = SoftV90 Data Fax Modem with SmartCP
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/11/2010 06:46:52 | Computer Name = ACER-B8216CAA61 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2838, fault address 0x00076eec.

Error - 09/11/2010 06:47:04 | Computer Name = ACER-B8216CAA61 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2838, fault address 0x00076eec.

Error - 09/11/2010 10:09:57 | Computer Name = ACER-B8216CAA61 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 09/11/2010 10:10:48 | Computer Name = ACER-B8216CAA61 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/11/2010 06:28:03 | Computer Name = ACER-B8216CAA61 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/11/2010 07:06:46 | Computer Name = ACER-B8216CAA61 | Source = MsiInstaller | ID = 11316
Description = Product: Java(TM) 6 Update 22 -- Error 1316.A network error occurred
while attempting to read from the file C:\Documents and Settings\Denis\Application
Data\Sun\Java\jre1.6.0_22\jre1.6.0_22.msi

[ System Events ]
Error - 10/11/2010 06:55:29 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/11/2010 06:55:29 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/11/2010 06:55:29 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :Files
    
    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    
    :Commands
    [purity]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Heres the log from the runfix operation

All processes killed
Error: Unable to interpret <Files> in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Denis
->Flash cache emptied: 300 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Denis
->Temp folder emptied: 10717130 bytes
->Temporary Internet Files folder emptied: 6672127 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 307918 bytes

Total Files Cleaned = 17.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 11102010_204936

Files\Folders moved on Reboot...
C:\Documents and Settings\Denis\Local Settings\Temporary Internet Files\Content.IE5\KJMTCT63\crosspixel-dest[1].html moved successfully.
C:\Documents and Settings\Denis\Local Settings\Temporary Internet Files\Content.IE5\SN0LUB49\topic156249[1].html moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...
 
Heres the log atfer the quick scan

OTL logfile created on: 10/11/2010 20:53:16 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Denis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

445.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 26.07 Gb Free Space | 74.34% Space Free | Partition Type: FAT32
Drive D: | 35.56 Gb Total Space | 35.44 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

Computer Name: ACER-B8216CAA61 | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/29 13:50:40 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/11/16 16:41:34 | 000,393,216 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005/03/28 12:30:44 | 000,315,392 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/03/04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2005/02/23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/04 16:52:52 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/10/08 14:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
MOD - [2010/09/18 06:53:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 00:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2004/10/08 14:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/09/07 15:52:26 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:04 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:20 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:08 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:52 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2005/12/29 13:50:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/10 01:01:34 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/10 15:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/17 16:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/15 15:18:34 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWSIS.sys -- (HSFHWSIS)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/11/05 16:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/08 14:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/11/10 20:49:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1289298055946 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/10 01:02:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 20:49:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/10 17:38:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
[2010/11/10 13:24:43 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/11/10 11:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/10 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/10 11:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/10 11:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Sun
[2010/11/10 11:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/10 11:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/10 10:43:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/10 10:38:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/10 10:33:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/09 23:32:24 | 006,357,288 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Denis\My Documents\mbam-rules.exe
[2010/11/09 19:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Macromedia
[2010/11/09 16:16:25 | 027,634,824 | ---- | C] ( ) -- C:\Documents and Settings\Denis\My Documents\AdbeRdr940_en_US.exe
[2010/11/09 14:30:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\TFC.exe
[2010/11/09 14:22:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\Recent
[2010/11/09 14:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\Registry
[2010/11/09 14:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/09 14:16:59 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/09 14:16:59 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/09 14:16:58 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/09 14:16:57 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/09 14:16:56 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/09 14:16:56 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/09 14:16:55 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/09 14:16:37 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/09 14:16:37 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/09 14:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/09 14:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/09 14:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Identities
[2010/11/09 14:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Malwarebytes
[2010/11/09 14:12:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/09 14:12:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/09 14:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/09 14:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 14:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/09 14:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/09 14:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/09 14:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/11/09 11:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/11/09 11:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/09 10:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/11/09 10:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/09 10:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/09 10:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/09 10:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/11/09 10:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/11/09 10:55:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/09 10:50:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/09 10:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/11/09 10:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/09 10:25:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/09 10:22:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/09 10:20:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\UserData
[2010/11/09 07:07:13 | 000,258,048 | ---- | C] (Acer Inc.) -- C:\WINDOWS\System32\Uninstall_eRecovery.exe
[2010/11/09 07:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2010/11/09 07:06:41 | 000,147,456 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
[2010/11/09 07:06:39 | 000,049,152 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\QtBtLib.dll
[2010/11/09 07:06:39 | 000,016,896 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\drivers\DKbFltr.SYS
[2010/11/09 07:05:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\Application Data\Microsoft
[2010/11/09 07:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\You've Got Pictures Screensaver
[2010/11/09 07:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\AOL
[2010/11/09 07:05:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\Cookies
[2010/11/09 07:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\SendTo
[2010/11/09 07:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\Application Data
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\Start Menu
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents\My Pictures
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents\My Music
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents
[2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\Favorites
[2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\Templates
[2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\PrintHood
[2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\NetHood
[2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\Local Settings
[2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Microsoft
[2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Identities
[2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Desktop
[2010/11/09 07:04:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/08 22:17:50 | 000,163,840 | ---- | C] (Acer Inc.) -- C:\WINDOWS\AExec.exe

========== Files - Modified Within 30 Days ==========

[2010/11/10 20:51:58 | 000,000,450 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/11/10 20:50:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/10 20:50:52 | 467,193,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
[2010/11/10 17:31:12 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/10 11:01:46 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/10 10:38:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/09 23:32:26 | 006,357,288 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Denis\My Documents\mbam-rules.exe
[2010/11/09 16:16:24 | 027,634,824 | ---- | M] ( ) -- C:\Documents and Settings\Denis\My Documents\AdbeRdr940_en_US.exe
[2010/11/09 14:33:22 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\4ngqifwo.exe
[2010/11/09 14:30:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\TFC.exe
[2010/11/09 14:20:58 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/09 14:17:02 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/09 14:16:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/09 14:12:58 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/09 14:08:10 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Spybot - Search & Destroy.lnk
[2010/11/09 14:06:12 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\SpywareBlaster.lnk
[2010/11/09 12:17:02 | 000,313,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 12:17:02 | 000,041,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/09 11:23:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 11:21:24 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/09 11:21:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/09 10:55:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/09 07:12:50 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/11/09 07:10:50 | 000,000,097 | ---- | M] () -- C:\WINDOWS\alaunch.ini
[2010/11/09 07:10:04 | 000,000,092 | ---- | M] () -- C:\WINDOWS\GridV.UNI
[2010/11/09 07:07:00 | 000,000,083 | ---- | M] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/11/09 07:06:18 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Windows Media Player.lnk
[2010/11/09 07:04:54 | 000,000,793 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/09 07:04:52 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/08 23:00:20 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/08 22:17:54 | 000,000,925 | ---- | M] () -- C:\WINDOWS\HotFix.bat
[2010/11/08 22:17:52 | 000,000,657 | ---- | M] () -- C:\WINDOWS\CLEANUP.CMD

========== Files Created - No Company Name ==========

[2010/11/10 11:01:45 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/10 10:38:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/10 10:38:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/09 14:33:20 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\4ngqifwo.exe
[2010/11/09 14:20:57 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/09 14:17:00 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/09 14:12:56 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/09 14:08:09 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Spybot - Search & Destroy.lnk
[2010/11/09 14:06:11 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\SpywareBlaster.lnk
[2010/11/09 10:37:47 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/11/09 10:37:47 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/11/09 10:37:47 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/11/09 10:37:44 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/11/09 10:37:44 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/11/09 10:37:44 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/11/09 10:37:44 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/11/09 10:37:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/11/09 10:37:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/11/09 10:37:44 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/11/09 10:37:44 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/11/09 10:37:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/11/09 10:37:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/11/09 10:37:44 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/11/09 10:37:44 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/11/09 10:37:44 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/11/09 10:37:44 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/11/09 10:37:44 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/11/09 10:37:44 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/11/09 10:37:44 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/11/09 10:37:44 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/11/09 10:37:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/11/09 10:37:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/11/09 10:37:44 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/11/09 10:37:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/11/09 10:37:44 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/11/09 10:37:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/11/09 10:37:44 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/11/09 10:37:44 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/11/09 10:37:44 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/11/09 10:37:44 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/11/09 10:37:44 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/11/09 10:37:44 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/11/09 10:37:44 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/11/09 10:37:44 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/11/09 10:37:44 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/11/09 10:37:44 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/11/09 10:37:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/11/09 10:37:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/11/09 10:37:44 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/11/09 10:37:44 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/11/09 10:37:44 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/11/09 10:37:44 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/11/09 10:37:44 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/11/09 10:37:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/11/09 10:37:43 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/11/09 10:37:43 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/11/09 10:37:43 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/11/09 10:37:43 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/11/09 10:37:43 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/11/09 10:37:43 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/11/09 10:37:43 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/11/09 10:37:43 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/11/09 10:37:43 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/11/09 10:37:43 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/11/09 10:37:43 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/11/09 10:37:43 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/11/09 10:37:43 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/11/09 10:37:43 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/11/09 10:37:43 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/11/09 10:37:42 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/11/09 10:37:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/11/09 10:36:56 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/11/09 10:36:56 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/11/09 10:36:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/11/09 10:36:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/11/09 10:36:56 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/11/09 10:36:56 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/11/09 10:36:56 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/11/09 10:36:55 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/11/09 10:36:55 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/11/09 10:36:55 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/11/09 10:36:55 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/11/09 10:36:54 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/11/09 10:36:49 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/11/09 07:12:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/09 07:10:49 | 000,000,450 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2010/11/09 07:10:02 | 000,000,092 | ---- | C] () -- C:\WINDOWS\GridV.UNI
[2010/11/09 07:06:58 | 000,000,083 | ---- | C] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/11/09 07:06:17 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Windows Media Player.lnk
[2010/11/09 07:06:01 | 003,318,626 | ---- | C] () -- C:\WINDOWS\as_1280x800.swf
[2010/11/09 07:05:54 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/09 07:05:54 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/11/09 07:05:54 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/08 23:00:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/08 22:59:28 | 467,193,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 22:17:50 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2010/11/08 22:17:49 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2005/12/29 14:02:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/29 13:43:32 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/01 15:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/10 01:02:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/11/10 00:44:32 | 000,100,871 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/11/10 00:37:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/28 15:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2005/03/04 14:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/12/17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/09/07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/06 00:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

========== LOP Check ==========

[2005/12/29 13:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/09 14:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/09 14:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

========== Purity Check ==========



< End of report >
 
Hi, still not going anywhere when I click on search results in google.The normal Google search page comes up and when I search a topic when I click on a result I get a blank screen.I have attached a screenshot.

Also at times on the google results page the menu that normally appears on the left of the page appears in the middle (Another screen shot attached)

Also when I start the laptop instead of going straight to the Windows screen a screen with the option of booting to windows recovery consul, another one I cant read as it is only on for a second ,or windows xp(which is the highlighted option).It then goes to the windows screen.
Hope I've explained that so you can understand it.

Thanks Denis
 

Attachments

  • untitled1.zip
    30.9 KB · Views: 1
  • untitled6.zip
    33.1 KB · Views: 0
Did you install the recovery console when you ran Combofix? That would be why the boot options you are now getting.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Yes I did instal recovery console when I ran Combofix.

log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79A6000 \WINDOWS\system32\KDCOM.DLL
0xF78B6000 \WINDOWS\system32\BOOTVID.dll
0xF7377000 ACPI.sys
0xF79A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7366000 pci.sys
0xF74A6000 isapnp.sys
0xF78BA000 compbatt.sys
0xF78BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A6E000 pciide.sys
0xF7726000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7348000 pcmcia.sys
0xF74B6000 MountMgr.sys
0xF7329000 ftdisk.sys
0xF78C2000 ACPIEC.sys
0xF7A6F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF772E000 PartMgr.sys
0xF78C6000 UBHelper.sys
0xF74C6000 VolSnap.sys
0xF7311000 atapi.sys
0xF74D6000 disk.sys
0xF74E6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72F1000 fltmgr.sys
0xF72DF000 sr.sys
0xF72BB000 Fastfat.sys
0xF72A4000 KSecDD.sys
0xF7277000 NDIS.sys
0xF74F6000 uagp35.sys
0xF7506000 SISAGPX.sys
0xF725D000 Mup.sys
0xF7526000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF70E9000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF70D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7536000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7746000 \SystemRoot\System32\Drivers\DKbFltr.sys
0xF774E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF70A7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7756000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7546000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7556000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7566000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7084000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF7053000 \SystemRoot\system32\DRIVERS\HSFHWSIS.sys
0xF6F55000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6EA9000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF775E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6C74000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6C50000 \SystemRoot\system32\drivers\portcls.sys
0xF7576000 \SystemRoot\system32\drivers\drmk.sys
0xF7766000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6C2C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF776E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7776000 \SystemRoot\system32\DRIVERS\sisnicxp.sys
0xF6BD1000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7946000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7188000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7586000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BBA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF777E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6BA9000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75B6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7786000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF778E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF75C6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6B23000 \SystemRoot\system32\DRIVERS\update.sys
0xF795A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75D6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7626000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7161000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B4000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77D6000 \SystemRoot\System32\drivers\vga.sys
0xF79B6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7982000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAD72D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD6D4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7636000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAD684000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAD662000 \SystemRoot\System32\drivers\afd.sys
0xF7646000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF798A000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xAD637000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD5C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7656000 \SystemRoot\System32\Drivers\Fips.SYS
0xAD5A1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7666000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAD57A000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF77F6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xAD4C5000 \SystemRoot\System32\Drivers\Ntfs.SYS
0xF7686000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7218000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7696000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7214000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD40D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79BA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6BA1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7806000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AAD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xAD3E9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAD2F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAD12E000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xACD31000 \SystemRoot\system32\drivers\wdmaud.sys
0xAD04E000 \SystemRoot\system32\drivers\sysaudio.sys
0xACAF6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A46000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xACB63000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7A48000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7B34000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xAC95F000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC6A6000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xAC665000 \SystemRoot\System32\Drivers\HTTP.sys
0xF781E000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAC572000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
556 C:\WINDOWS\System32\SMSS.EXE
620 CSRSS.EXE
648 C:\WINDOWS\System32\WINLOGON.EXE
692 C:\WINDOWS\System32\SERVICES.EXE
704 C:\WINDOWS\System32\LSASS.EXE
852 C:\WINDOWS\System32\SVCHOST.EXE
900 SVCHOST.EXE
940 C:\WINDOWS\System32\SVCHOST.EXE
1012 SVCHOST.EXE
1116 SVCHOST.EXE
1472 C:\WINDOWS\EXPLORER.EXE
1508 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1608 C:\WINDOWS\System32\Keyhook.exe
1616 C:\WINDOWS\SOUNDMAN.EXE
1628 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1636 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1644 C:\Program Files\Arcade\PCMService.exe
1692 C:\Program Files\Real\RealPlayer\REALPLAY.EXE
1700 C:\Program Files\QuickTime\QTTASK.EXE
1712 C:\Program Files\Launch Manager\QtZgAcer.EXE
1732 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1756 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
1776 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
1784 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1820 C:\WINDOWS\System32\SISTRAY.EXE
516 C:\WINDOWS\System32\SPOOLSV.EXE
148 SVCHOST.EXE
188 C:\Acer\eManager\anbmServ.exe
592 C:\Program Files\Java\JRE6\BIN\jqs.exe
2380 C:\WINDOWS\System32\SVCHOST.EXE
2720 alg.exe
3996 C:\WINDOWS\System32\wuauclt.exe
3840 C:\Program Files\Internet Explorer\IEXPLORE.EXE
3212 C:\Documents and Settings\Denis\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800UE-22HCT0, Rev: 09.07D09

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 
Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot and run MBRCheck again and post that log.
 
mbr log
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79A6000 \WINDOWS\system32\KDCOM.DLL
0xF78B6000 \WINDOWS\system32\BOOTVID.dll
0xF7377000 ACPI.sys
0xF79A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7366000 pci.sys
0xF74A6000 isapnp.sys
0xF78BA000 compbatt.sys
0xF78BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A6E000 pciide.sys
0xF7726000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7348000 pcmcia.sys
0xF74B6000 MountMgr.sys
0xF7329000 ftdisk.sys
0xF78C2000 ACPIEC.sys
0xF7A6F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF772E000 PartMgr.sys
0xF78C6000 UBHelper.sys
0xF74C6000 VolSnap.sys
0xF7311000 atapi.sys
0xF74D6000 disk.sys
0xF74E6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72F1000 fltmgr.sys
0xF72DF000 sr.sys
0xF72BB000 Fastfat.sys
0xF72A4000 KSecDD.sys
0xF7277000 NDIS.sys
0xF74F6000 uagp35.sys
0xF7506000 SISAGPX.sys
0xF725D000 Mup.sys
0xF7526000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF70E9000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF70D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7536000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7746000 \SystemRoot\System32\Drivers\DKbFltr.sys
0xF774E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF70A7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7756000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7546000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7556000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7566000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7084000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF7053000 \SystemRoot\system32\DRIVERS\HSFHWSIS.sys
0xF6F55000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6EA9000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF775E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6C74000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6C50000 \SystemRoot\system32\drivers\portcls.sys
0xF7576000 \SystemRoot\system32\drivers\drmk.sys
0xF7766000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6C2C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF776E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7776000 \SystemRoot\system32\DRIVERS\sisnicxp.sys
0xF6BD1000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7946000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7188000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7586000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BBA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF777E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6BA9000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75B6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7786000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF778E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF75C6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6B23000 \SystemRoot\system32\DRIVERS\update.sys
0xF795A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75D6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7626000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7161000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B4000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77D6000 \SystemRoot\System32\drivers\vga.sys
0xF79B6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7982000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAD72D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD6D4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7636000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAD684000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAD662000 \SystemRoot\System32\drivers\afd.sys
0xF7646000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF798A000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xAD637000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD5C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7656000 \SystemRoot\System32\Drivers\Fips.SYS
0xAD5A1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7666000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAD57A000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF77F6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xAD4C5000 \SystemRoot\System32\Drivers\Ntfs.SYS
0xF7686000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7218000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7696000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7214000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD40D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79BA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6BA1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7806000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AAD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xAD3E9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAD2F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAD12E000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xACD31000 \SystemRoot\system32\drivers\wdmaud.sys
0xAD04E000 \SystemRoot\system32\drivers\sysaudio.sys
0xACAF6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A46000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xACB63000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7A48000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7B34000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xAC95F000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC6A6000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xAC665000 \SystemRoot\System32\Drivers\HTTP.sys
0xF781E000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAC572000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
556 C:\WINDOWS\System32\SMSS.EXE
620 CSRSS.EXE
648 C:\WINDOWS\System32\WINLOGON.EXE
692 C:\WINDOWS\System32\SERVICES.EXE
704 C:\WINDOWS\System32\LSASS.EXE
852 C:\WINDOWS\System32\SVCHOST.EXE
900 SVCHOST.EXE
940 C:\WINDOWS\System32\SVCHOST.EXE
1012 SVCHOST.EXE
1116 SVCHOST.EXE
1472 C:\WINDOWS\EXPLORER.EXE
1508 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1608 C:\WINDOWS\System32\Keyhook.exe
1616 C:\WINDOWS\SOUNDMAN.EXE
1628 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1636 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1644 C:\Program Files\Arcade\PCMService.exe
1692 C:\Program Files\Real\RealPlayer\REALPLAY.EXE
1700 C:\Program Files\QuickTime\QTTASK.EXE
1712 C:\Program Files\Launch Manager\QtZgAcer.EXE
1732 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1756 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
1776 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
1784 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1820 C:\WINDOWS\System32\SISTRAY.EXE
516 C:\WINDOWS\System32\SPOOLSV.EXE
148 SVCHOST.EXE
188 C:\Acer\eManager\anbmServ.exe
592 C:\Program Files\Java\JRE6\BIN\jqs.exe
2380 C:\WINDOWS\System32\SVCHOST.EXE
2720 alg.exe
3996 C:\WINDOWS\System32\wuauclt.exe
2468 C:\Documents and Settings\Denis\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800UE-22HCT0, Rev: 09.07D09

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
 
Status
Not open for further replies.
Back