TechSpot

Redirected in search engine even after reinstal

By appleybridger
Nov 8, 2010
  1. Hi all this is my first post but am in desperate need of help.

    For the past month or so i have been plagued by redirection in search engine results when using my laptop.My laptop is an Acer Aspire 3630 connected wirelesly to a dell dimension 5150 through a belkin router.To date I have had no trouble with the Dell.

    I have just done a reinstall from recovery discs I made when i first got the machine, I then went to Microsoft and installed all updates, I connected to the internet did a google search for Avast to download antivirus and when I clicked on the link I was redirected.

    Can someone help with what to do next?

    Thanks,
    Denis
     
  2. crunchie

    crunchie Malware Helper Posts: 728

    Hi and welcome to TechSpot forums :).

    ====

    Please read the directions given here and when done, post the requested logs.
    Please paste the logs, do not attach them.
     
  3. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Please find attached files.Since I posted originlly I have reformatted partition d on my hard drive and done another complete reinstal from discs.
    One problem I did have was when I tried to update malware i had the following error message
    MBAM_ERROR_UPLOADING(12007,0WINHTTPsENDrEQUEAT)

    I reported this to malware but as yet I have had no reply as to meaning.I can update on my Dell pc.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    09/11/2010 15:28:31
    mbam-log-2010-11-09 (15-28-31).txt

    Scan type: Quick scan
    Objects scanned: 106798
    Time elapsed: 4 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    09/11/2010 15:51:26
    mbam-log-2010-11-09 (15-51-26).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 139630
    Time elapsed: 20 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-09 16:07:30
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800UE-22HCT0 rev.09.07D09
    Running: 4ngqifwo.exe; Driver: C:\DOCUME~1\Denis\LOCALS~1\Temp\kfryqfow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAD582CF0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAD582BAC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAD583160]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAD58308A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAD582782]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAD582C86]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAD5826C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAD582726]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAD582DA6]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAD58322E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAD582D66]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAD582EE6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAD58FBAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAD58F9D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAD58FB0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP AD58FB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP AD58F9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP AD58B5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP AD58CFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP AD58FBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1368] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005B0002
    IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005B0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-11-09.01) - FAT32x86
    Run by Denis at 16:07:42.34 on 09/11/2010
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.117 [GMT 0:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    SVCHOST.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    SVCHOST.EXE
    SVCHOST.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\system32\spoolsv.exe
    SVCHOST.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Denis\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    mDefault_Page_URL = hxxp://global.acer.com
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [LaunchApp] Alaunch
    mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
    mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289298055946
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-9 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-9 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 40384]
    R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2004-12-15 200576]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-9 40384]

    =============== Created Last 30 ================

    2010-11-09 14:20:54 -------- d-----w- c:\program files\CCleaner
    2010-11-09 14:16:37 38848 ----a-w- c:\windows\avastSS.scr
    2010-11-09 14:16:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-11-09 14:15:18 -------- d-----w- c:\docume~1\denis\locals~1\applic~1\Identities
    2010-11-09 14:13:03 -------- d-----w- c:\docume~1\denis\applic~1\Malwarebytes
    2010-11-09 14:12:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-09 14:12:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-09 14:12:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-09 14:12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-09 14:08:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-11-09 14:08:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-11-09 14:06:10 -------- d-----w- c:\program files\SpywareBlaster
    2010-11-09 14:04:26 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-11-09 12:55:29 -------- d-sh--w- C:\Recycled
    2010-11-09 11:45:06 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
    2010-11-09 11:44:26 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-11-09 11:44:26 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-11-09 11:42:28 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-11-09 11:40:35 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-11-09 11:40:20 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-11-09 11:39:38 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-11-09 11:37:17 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-11-09 11:35:57 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2010-11-09 11:35:57 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2010-11-09 11:35:41 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-11-09 11:31:53 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2010-11-09 11:27:06 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
    2010-11-09 11:26:59 331776 ------w- c:\windows\system32\dllcache\msadce.dll
    2010-11-09 11:26:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
    2010-11-09 11:26:00 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
    2010-11-09 10:59:03 -------- d-----w- c:\windows\system32\scripting
    2010-11-09 10:59:03 -------- d-----w- c:\windows\l2schemas
    2010-11-09 10:59:02 -------- d-----w- c:\windows\system32\en
    2010-11-09 10:59:02 -------- d-----w- c:\windows\system32\bits
    2010-11-09 10:57:36 -------- d-----w- c:\windows\ServicePackFiles
    2010-11-09 10:55:54 -------- d-----w- c:\windows\network diagnostic
    2010-11-09 10:50:26 -------- d-----w- c:\windows\EHome
    2010-11-09 10:37:43 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
    2010-11-09 10:37:43 104960 ------w- c:\windows\system32\drivers\atinrvxx.sys
    2010-11-09 10:37:42 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
    2010-11-09 10:37:42 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
    2010-11-09 10:37:42 36463 ------w- c:\windows\system32\drivers\ati1tuxx.sys
    2010-11-09 10:37:42 31744 ------w- c:\windows\system32\drivers\atinxbxx.sys
    2010-11-09 10:37:42 28672 ------w- c:\windows\system32\drivers\atinsnxx.sys
    2010-11-09 10:37:42 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
    2010-11-09 10:37:42 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
    2010-11-09 10:37:42 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2010-11-09 10:37:42 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
    2010-11-09 10:25:20 26488 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-11-09 10:25:20 -------- d-----w- c:\windows\system32\PreInstall
    2010-11-09 10:22:15 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2010-11-09 10:22:15 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2010-11-09 10:22:15 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2010-11-09 10:22:14 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2010-11-09 10:22:14 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2010-11-09 10:20:53 -------- d-s---w- c:\documents and settings\denis\UserData
    2010-11-09 07:07:13 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
    2010-11-09 07:06:56 -------- d-----w- c:\program files\Launch Manager
    2010-11-09 07:06:41 147456 ----a-w- c:\windows\UNINST32.EXE
    2010-11-09 07:06:39 49152 ----a-w- c:\windows\system32\QtBtLib.dll
    2010-11-09 07:06:39 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
    2010-11-08 23:00:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-11-08 23:00:08 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2010-11-08 22:17:50 5010672 ----a-w- c:\windows\KB912945.EXE
    2010-11-08 22:17:50 163840 ----a-w- c:\windows\AExec.exe
    2010-11-08 22:17:49 589824 ----a-w- c:\windows\AntiV.EXE

    ==================== Find3M ====================

    2010-11-08 22:17:54 925 ----a-w- c:\windows\HotFix.bat
    2010-11-08 22:17:52 657 ----a-w- c:\windows\CLEANUP.CMD
    2010-09-18 12:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:26 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:26 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:26 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16:32 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16:30 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-08 16:49:50 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:30 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-13 12:53:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    ============= FINISH: 16:08:24.79 ===============
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-09.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 09/11/2010 07:04:53
    System Uptime: 11/09/2010 15:13:42 (1417 hours ago)

    Motherboard: Acer, Inc. | | Lugano
    Processor: Intel(R) Celeron(R) M processor 1.60GHz | Socket 479M | 1600/400mhz

    ==== Disk Partitions =========================

    C: is FIXED (FAT32) - 35 GiB total, 27.178 GiB free.
    D: is FIXED (NTFS) - 36 GiB total, 35.437 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 09/11/2010 07:04:57 - System Checkpoint
    RP2: 09/11/2010 07:07:11 - Installed eRecovery
    RP3: 09/11/2010 07:10:41 - Installed Windows XP KB912945.
    RP4: 09/11/2010 10:25:02 - Software Distribution Service 3.0
    RP5: 09/11/2010 10:39:34 - Software Distribution Service 3.0
    RP6: 09/11/2010 10:48:03 - Software Distribution Service 3.0
    RP7: 09/11/2010 11:46:53 - Software Distribution Service 3.0
    RP8: 09/11/2010 14:16:29 - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    Acer eManager for Notebook
    Acer GridVista
    Adobe Reader 7.0
    Arcade 3.0
    avast! Free Antivirus
    CCleaner
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Launch Manager
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSXML 4.0 SP2 (KB954430)
    NTI Backup NOW! 4
    NTI CD & DVD-Maker
    PowerProducer
    QuickTime
    RealPlayer Basic
    Realtek AC'97 Audio
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SiS 900 PCI Fast Ethernet Adapter Driver
    SiS VGA Utilities
    SiSAGP driver
    SoftV90 Data Fax Modem with SmartCP
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    Synaptics Pointing Device Driver
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    09/11/2010 15:12:39, error: Service Control Manager [7034] - The Notebook Manager Service service terminated unexpectedly. It has done this 1 time(s).
    09/11/2010 10:42:37, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Windows XP Service Pack 3 (KB936929).

    ==== End Of File ===========================
     
  4. crunchie

    crunchie Malware Helper Posts: 728

  5. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Hi Crunchie, did a manual update of MWB.Ran TFC then ran MWB.No infections found.Here's the log of the scans.Assumed you didn't want me to run GMER and DDS again.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5070

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    10/11/2010 00:06:15
    mbam-log-2010-11-10 (00-06-15).txt

    Scan type: Quick scan
    Objects scanned: 129026
    Time elapsed: 7 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5070

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    10/11/2010 00:30:36
    mbam-log-2010-11-10 (00-30-36).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 161939
    Time elapsed: 23 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  6. crunchie

    crunchie Malware Helper Posts: 728

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
     
  7. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Here's the combofix log as requested

    ComboFix 10-11-09.02 - Denis 10/11/2010 10:39:11.1.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.273 [GMT 0:00]
    Running from: c:\documents and settings\Denis\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Uninstall.ini

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
    .

    2010-11-09 14:20 . 2010-11-09 14:20 -------- d-----w- c:\program files\CCleaner
    2010-11-09 14:16 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-11-09 14:16 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-11-09 14:16 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-11-09 14:16 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-11-09 14:16 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-11-09 14:16 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-11-09 14:16 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-11-09 14:16 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-11-09 14:16 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-11-09 14:16 . 2010-11-09 14:16 -------- d-----w- c:\program files\Alwil Software
    2010-11-09 14:16 . 2010-11-09 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-11-09 14:12 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-09 14:12 . 2010-11-09 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-09 14:12 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-09 14:12 . 2010-11-09 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-09 14:08 . 2010-11-09 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-11-09 14:08 . 2010-11-09 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-11-09 14:06 . 2010-11-09 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
    2010-11-09 14:06 . 2010-11-09 14:06 -------- d-----w- c:\program files\SpywareBlaster
    2010-11-09 14:04 . 2004-08-04 05:00 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-11-09 11:45 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
    2010-11-09 11:44 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-11-09 11:44 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-11-09 11:42 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-11-09 11:40 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-11-09 11:40 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-11-09 11:39 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-11-09 11:37 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-11-09 11:35 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2010-11-09 11:35 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2010-11-09 11:35 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-11-09 11:31 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2010-11-09 11:27 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
    2010-11-09 11:26 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
    2010-11-09 11:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
    2010-11-09 11:26 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
    2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\system32\scripting
    2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\l2schemas
    2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\system32\en
    2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\system32\bits
    2010-11-09 10:57 . 2010-11-09 10:57 -------- d-----w- c:\windows\ServicePackFiles
    2010-11-09 10:50 . 2010-11-09 10:50 -------- d-----w- c:\windows\EHome
    2010-11-09 10:37 . 2004-08-03 22:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
    2010-11-09 10:37 . 2004-08-03 22:29 104960 ------w- c:\windows\system32\drivers\atinrvxx.sys
    2010-11-09 10:37 . 2004-08-03 22:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
    2010-11-09 10:37 . 2004-08-03 22:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
    2010-11-09 10:37 . 2004-08-03 22:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2010-11-09 10:37 . 2004-08-03 22:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
    2010-11-09 10:37 . 2004-08-03 22:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
    2010-11-09 10:37 . 2004-08-03 22:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
    2010-11-09 10:37 . 2004-08-03 22:29 36463 ------w- c:\windows\system32\drivers\ati1tuxx.sys
    2010-11-09 10:37 . 2004-08-03 22:29 31744 ------w- c:\windows\system32\drivers\atinxbxx.sys
    2010-11-09 10:37 . 2004-08-03 22:29 28672 ------w- c:\windows\system32\drivers\atinsnxx.sys
    2010-11-09 10:25 . 2007-07-27 23:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-11-09 10:22 . 2009-08-06 19:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2010-11-09 10:22 . 2009-08-06 19:24 44768 ----a-w- c:\windows\system32\wups2.dll
    2010-11-09 10:22 . 2009-08-06 19:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2010-11-09 10:22 . 2009-08-06 19:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2010-11-09 10:22 . 2009-08-06 19:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2010-11-09 07:07 . 2005-09-26 16:40 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
    2010-11-09 07:06 . 2010-11-09 07:06 -------- d-----w- c:\program files\Launch Manager
    2010-11-09 07:06 . 2004-12-10 11:49 147456 ----a-w- c:\windows\UNINST32.EXE
    2010-11-09 07:06 . 2004-12-08 14:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
    2010-11-09 07:06 . 2002-12-19 15:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
    2010-11-09 07:05 . 2010-11-09 07:05 -------- d-----w- c:\documents and settings\Denis
    2010-11-08 23:00 . 2001-08-17 13:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-11-08 23:00 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2010-11-08 22:17 . 2006-02-23 22:00 5010672 ----a-w- c:\windows\KB912945.EXE
    2010-11-08 22:17 . 2004-08-26 03:23 163840 ----a-w- c:\windows\AExec.exe
    2010-11-08 22:17 . 2004-08-24 22:48 589824 ----a-w- c:\windows\AntiV.EXE

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-08 22:17 . 2004-06-25 17:13 925 ----a-w- c:\windows\HotFix.bat
    2010-11-08 22:17 . 2005-03-10 12:12 657 ----a-w- c:\windows\CLEANUP.CMD
    2010-09-18 12:23 . 2004-08-04 05:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 05:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 05:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 05:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16 . 2006-01-09 10:08 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16 . 2004-08-04 05:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-09 14:16 . 2004-08-04 05:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-08 16:49 . 2004-08-04 05:00 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51 . 2004-08-04 05:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-04 05:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-04 05:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-23 16:12 . 2004-08-04 05:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-04 05:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "SiSPower"="SiSPower.dll" [2005-02-25 49152]
    "SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
    "SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
    "PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-29 26112]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-29 98304]
    "LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 315392]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/11/2010 14:16 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/11/2010 14:16 17744]
    R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [15/12/2004 15:18 200576]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - INT15.SYS
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-10 10:41
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-11-10 10:43:12
    ComboFix-quarantined-files.txt 2010-11-10 10:43

    Pre-Run: 28,971,794,432 bytes free
    Post-Run: 28,958,228,480 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - B187A646C65290B09454A660F2FA40F5
     
  8. crunchie

    crunchie Malware Helper Posts: 728

    Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

    c:\windows\system32\wucltui.dll.mui
    c:\windows\system32\wuaueng.dll.mui
    c:\windows\system32\wuaucpl.cpl.mui
    c:\windows\system32\wuapi.dll.mui
     
  9. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Hi scanned all files and in all cases nothing was found.
    Link to virustotal not working ( The page cannot be found)
     
  10. crunchie

    crunchie Malware Helper Posts: 728

    Cheers. I fixed the link :).

    Still getting re-directed?

    If yes, Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    • If an infected file is detected, the default action will be Cure, click on Continue.

    • If a suspicious file is detected, the default action will be Skip, click on Continue.

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    ===============

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Not actually going anywhere now.When I click a search result in google I just get a blank page with done in the bottom left hand corner of status bar along with yellow triangle with exclamation mark in it.

    Will do above scans asap.
     
  12. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Heres the tdss scan log

    2010/11/10 13:12:50.0671 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
    2010/11/10 13:12:50.0671 ================================================================================
    2010/11/10 13:12:50.0671 SystemInfo:
    2010/11/10 13:12:50.0671
    2010/11/10 13:12:50.0671 OS Version: 5.1.2600 ServicePack: 3.0
    2010/11/10 13:12:50.0671 Product type: Workstation
    2010/11/10 13:12:50.0671 ComputerName: ACER-B8216CAA61
    2010/11/10 13:12:50.0671 UserName: Denis
    2010/11/10 13:12:50.0671 Windows directory: C:\WINDOWS
    2010/11/10 13:12:50.0671 System windows directory: C:\WINDOWS
    2010/11/10 13:12:50.0671 Processor architecture: Intel x86
    2010/11/10 13:12:50.0671 Number of processors: 1
    2010/11/10 13:12:50.0671 Page size: 0x1000
    2010/11/10 13:12:50.0671 Boot type: Normal boot
    2010/11/10 13:12:50.0671 ================================================================================
    2010/11/10 13:12:51.0015 Initialize success
    2010/11/10 13:12:57.0875 ================================================================================
    2010/11/10 13:12:57.0875 Scan started
    2010/11/10 13:12:57.0875 Mode: Manual;
    2010/11/10 13:12:57.0875 ================================================================================
    2010/11/10 13:12:58.0281 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/11/10 13:12:58.0968 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/10 13:12:59.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2010/11/10 13:12:59.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/10 13:12:59.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/10 13:13:00.0593 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2010/11/10 13:13:01.0390 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys
    2010/11/10 13:13:02.0281 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2010/11/10 13:13:02.0406 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2010/11/10 13:13:02.0562 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/11/10 13:13:02.0687 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/11/10 13:13:02.0796 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/11/10 13:13:02.0890 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/11/10 13:13:03.0109 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/10 13:13:03.0343 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/10 13:13:03.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/10 13:13:03.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/10 13:13:04.0156 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2010/11/10 13:13:04.0265 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/10 13:13:04.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/10 13:13:04.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/10 13:13:05.0015 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/10 13:13:05.0234 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/10 13:13:05.0656 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/11/10 13:13:06.0093 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/11/10 13:13:07.0015 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/10 13:13:07.0156 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
    2010/11/10 13:13:07.0375 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/10 13:13:07.0656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/10 13:13:07.0718 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/10 13:13:07.0921 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/10 13:13:08.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/10 13:13:08.0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/10 13:13:08.0859 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/11/10 13:13:09.0062 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/10 13:13:09.0218 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/11/10 13:13:09.0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/11/10 13:13:09.0515 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/10 13:13:09.0625 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/10 13:13:09.0812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/10 13:13:10.0000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/10 13:13:10.0390 HSFHWSIS (5d2cc68ab58ef663af5803d0faa42d28) C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys
    2010/11/10 13:13:10.0578 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2010/11/10 13:13:10.0921 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/10 13:13:11.0609 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/10 13:13:11.0781 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/10 13:13:12.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/10 13:13:12.0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/11/10 13:13:12.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/10 13:13:13.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/10 13:13:13.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/10 13:13:13.0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/10 13:13:13.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/10 13:13:13.0875 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/10 13:13:14.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/10 13:13:14.0265 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/10 13:13:14.0421 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/10 13:13:14.0828 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2010/11/10 13:13:14.0953 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/10 13:13:15.0109 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/10 13:13:15.0281 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/10 13:13:15.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/11/10 13:13:15.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/10 13:13:16.0046 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/10 13:13:16.0187 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/10 13:13:16.0421 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/10 13:13:16.0609 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/10 13:13:16.0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/10 13:13:16.0937 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/10 13:13:17.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/10 13:13:17.0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/10 13:13:17.0531 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/10 13:13:17.0703 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/10 13:13:17.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/10 13:13:18.0031 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/10 13:13:18.0187 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/10 13:13:18.0359 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/10 13:13:18.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/10 13:13:18.0765 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/10 13:13:18.0953 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/10 13:13:19.0156 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    2010/11/10 13:13:19.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/10 13:13:19.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/10 13:13:19.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/10 13:13:19.0578 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
    2010/11/10 13:13:19.0687 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
    2010/11/10 13:13:19.0859 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2010/11/10 13:13:20.0078 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/10 13:13:20.0140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/10 13:13:20.0281 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/10 13:13:20.0578 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/10 13:13:20.0718 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/11/10 13:13:22.0296 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    2010/11/10 13:13:22.0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/10 13:13:22.0625 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/10 13:13:22.0718 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/10 13:13:23.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/10 13:13:24.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/10 13:13:24.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/10 13:13:24.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/10 13:13:24.0515 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/10 13:13:24.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/10 13:13:24.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/10 13:13:25.0000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/10 13:13:25.0234 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/10 13:13:25.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2010/11/10 13:13:25.0562 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/10 13:13:25.0953 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    2010/11/10 13:13:26.0125 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
    2010/11/10 13:13:26.0265 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
    2010/11/10 13:13:26.0375 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
    2010/11/10 13:13:26.0750 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/10 13:13:26.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/10 13:13:27.0093 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/10 13:13:27.0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/10 13:13:27.0468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/10 13:13:28.0609 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2010/11/10 13:13:28.0812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/10 13:13:28.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/10 13:13:29.0171 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/10 13:13:29.0343 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/10 13:13:29.0468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/10 13:13:29.0984 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
    2010/11/10 13:13:30.0093 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
    2010/11/10 13:13:30.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/10 13:13:30.0718 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/10 13:13:31.0015 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/10 13:13:31.0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/10 13:13:31.0312 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2010/11/10 13:13:31.0437 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/10 13:13:31.0609 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/10 13:13:31.0968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/10 13:13:32.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/10 13:13:32.0750 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/10 13:13:32.0906 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2010/11/10 13:13:33.0281 ================================================================================
    2010/11/10 13:13:33.0281 Scan finished
    2010/11/10 13:13:33.0281 ================================================================================
    2010/11/10 13:17:12.0453 Deinitialize success
     
  13. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Message posted in error.Removed. please see next post
     
  14. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Log deleted as wrong log posted new log to follow
     
  15. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Got confused with the OTL instructions.Hrers the OTL log

    OTL logfile created on: 10/11/2010 17:39:10 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Denis\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    445.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 45.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 35.06 Gb Total Space | 26.12 Gb Free Space | 74.51% Space Free | Partition Type: FAT32
    Drive D: | 35.56 Gb Total Space | 35.44 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

    Computer Name: ACER-B8216CAA61 | User Name: Denis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
    PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/12/29 13:50:40 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2005/11/16 16:41:34 | 000,393,216 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    PRC - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
    PRC - [2005/03/28 12:30:44 | 000,315,392 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
    PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
    PRC - [2005/03/04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
    PRC - [2005/02/23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2005/01/04 16:52:52 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
    PRC - [2004/10/08 14:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
    MOD - [2010/09/18 06:53:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/14 00:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
    MOD - [2004/10/08 14:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
    MOD - [2004/08/27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2010/09/07 15:52:26 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 15:52:04 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 15:47:20 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 15:47:08 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 15:46:52 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2005/12/29 13:50:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/11/10 01:01:34 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
    DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
    DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
    DRV - [2005/01/10 15:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2004/12/17 16:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2004/12/15 15:18:34 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWSIS.sys -- (HSFHWSIS)
    DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
    DRV - [2004/11/05 16:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
    DRV - [2004/10/08 14:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/11/10 10:41:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
    O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1289298055946 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/11/10 01:02:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/10 17:38:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
    [2010/11/10 13:24:43 | 000,000,000 | -HSD | C] -- C:\Recycled
    [2010/11/10 11:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/11/10 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/11/10 11:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/11/10 11:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Sun
    [2010/11/10 11:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2010/11/10 11:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/11/10 10:43:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/11/10 10:38:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/10 10:33:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/09 23:32:24 | 006,357,288 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Denis\My Documents\mbam-rules.exe
    [2010/11/09 19:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Macromedia
    [2010/11/09 16:16:25 | 027,634,824 | ---- | C] ( ) -- C:\Documents and Settings\Denis\My Documents\AdbeRdr940_en_US.exe
    [2010/11/09 14:30:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\TFC.exe
    [2010/11/09 14:22:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\Recent
    [2010/11/09 14:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\Registry
    [2010/11/09 14:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/11/09 14:16:59 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/11/09 14:16:59 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/11/09 14:16:58 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/11/09 14:16:57 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/11/09 14:16:56 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/11/09 14:16:56 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/11/09 14:16:55 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/11/09 14:16:37 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/11/09 14:16:37 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/11/09 14:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/11/09 14:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/11/09 14:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Identities
    [2010/11/09 14:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Malwarebytes
    [2010/11/09 14:12:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/09 14:12:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/09 14:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/09 14:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/09 14:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/11/09 14:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/11/09 14:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/11/09 14:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2010/11/09 11:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2010/11/09 11:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010/11/09 10:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
    [2010/11/09 10:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2010/11/09 10:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2010/11/09 10:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2010/11/09 10:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2010/11/09 10:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2010/11/09 10:55:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2010/11/09 10:50:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2010/11/09 10:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
    [2010/11/09 10:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/11/09 10:25:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2010/11/09 10:22:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2010/11/09 10:20:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\UserData
    [2010/11/09 07:07:13 | 000,258,048 | ---- | C] (Acer Inc.) -- C:\WINDOWS\System32\Uninstall_eRecovery.exe
    [2010/11/09 07:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
    [2010/11/09 07:06:41 | 000,147,456 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
    [2010/11/09 07:06:39 | 000,049,152 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\QtBtLib.dll
    [2010/11/09 07:06:39 | 000,016,896 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\drivers\DKbFltr.SYS
    [2010/11/09 07:05:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\Application Data\Microsoft
    [2010/11/09 07:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\You've Got Pictures Screensaver
    [2010/11/09 07:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\AOL
    [2010/11/09 07:05:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\Cookies
    [2010/11/09 07:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\SendTo
    [2010/11/09 07:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\Application Data
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\Start Menu
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents\My Pictures
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents\My Music
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\Favorites
    [2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\Templates
    [2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\PrintHood
    [2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\NetHood
    [2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\Local Settings
    [2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Microsoft
    [2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Identities
    [2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Desktop
    [2010/11/09 07:04:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010/11/08 22:17:50 | 000,163,840 | ---- | C] (Acer Inc.) -- C:\WINDOWS\AExec.exe

    ========== Files - Modified Within 30 Days ==========

    [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
    [2010/11/10 17:32:46 | 000,000,450 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
    [2010/11/10 17:31:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/10 17:31:12 | 467,193,856 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/10 17:31:12 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/11/10 11:01:46 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/11/10 10:38:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/11/09 23:32:26 | 006,357,288 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Denis\My Documents\mbam-rules.exe
    [2010/11/09 16:16:24 | 027,634,824 | ---- | M] ( ) -- C:\Documents and Settings\Denis\My Documents\AdbeRdr940_en_US.exe
    [2010/11/09 14:33:22 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\4ngqifwo.exe
    [2010/11/09 14:30:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\TFC.exe
    [2010/11/09 14:20:58 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/09 14:17:02 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/09 14:16:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/11/09 14:12:58 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/09 14:08:10 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/09 14:06:12 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\SpywareBlaster.lnk
    [2010/11/09 12:17:02 | 000,313,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/09 12:17:02 | 000,041,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/09 11:23:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/09 11:21:24 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/09 11:21:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2010/11/09 10:55:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/09 07:12:50 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
    [2010/11/09 07:10:50 | 000,000,097 | ---- | M] () -- C:\WINDOWS\alaunch.ini
    [2010/11/09 07:10:04 | 000,000,092 | ---- | M] () -- C:\WINDOWS\GridV.UNI
    [2010/11/09 07:07:00 | 000,000,083 | ---- | M] () -- C:\WINDOWS\QtZgAcer.UNI
    [2010/11/09 07:06:18 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Windows Media Player.lnk
    [2010/11/09 07:04:54 | 000,000,793 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010/11/09 07:04:52 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/08 23:00:20 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/11/08 22:17:54 | 000,000,925 | ---- | M] () -- C:\WINDOWS\HotFix.bat
    [2010/11/08 22:17:52 | 000,000,657 | ---- | M] () -- C:\WINDOWS\CLEANUP.CMD

    ========== Files Created - No Company Name ==========

    [2010/11/10 11:01:45 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/11/10 10:38:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/11/10 10:38:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/09 14:33:20 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\4ngqifwo.exe
    [2010/11/09 14:20:57 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/09 14:17:00 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/09 14:12:56 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/09 14:08:09 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/09 14:06:11 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\SpywareBlaster.lnk
    [2010/11/09 10:37:47 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
    [2010/11/09 10:37:47 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
    [2010/11/09 10:37:47 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
    [2010/11/09 10:37:44 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
    [2010/11/09 10:37:44 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
    [2010/11/09 10:37:44 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
    [2010/11/09 10:37:44 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
    [2010/11/09 10:37:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
    [2010/11/09 10:37:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
    [2010/11/09 10:37:44 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
    [2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
    [2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
    [2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
    [2010/11/09 10:37:44 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
    [2010/11/09 10:37:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
    [2010/11/09 10:37:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
    [2010/11/09 10:37:44 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
    [2010/11/09 10:37:44 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
    [2010/11/09 10:37:44 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
    [2010/11/09 10:37:44 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
    [2010/11/09 10:37:44 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
    [2010/11/09 10:37:44 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
    [2010/11/09 10:37:44 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
    [2010/11/09 10:37:44 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
    [2010/11/09 10:37:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
    [2010/11/09 10:37:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
    [2010/11/09 10:37:44 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
    [2010/11/09 10:37:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
    [2010/11/09 10:37:44 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
    [2010/11/09 10:37:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
    [2010/11/09 10:37:44 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
    [2010/11/09 10:37:44 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
    [2010/11/09 10:37:44 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
    [2010/11/09 10:37:44 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
    [2010/11/09 10:37:44 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
    [2010/11/09 10:37:44 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
    [2010/11/09 10:37:44 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
    [2010/11/09 10:37:44 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
    [2010/11/09 10:37:44 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
    [2010/11/09 10:37:44 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
    [2010/11/09 10:37:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
    [2010/11/09 10:37:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
    [2010/11/09 10:37:44 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
    [2010/11/09 10:37:44 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
    [2010/11/09 10:37:44 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
    [2010/11/09 10:37:44 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
    [2010/11/09 10:37:44 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
    [2010/11/09 10:37:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
    [2010/11/09 10:37:43 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
    [2010/11/09 10:37:43 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
    [2010/11/09 10:37:43 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
    [2010/11/09 10:37:43 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
    [2010/11/09 10:37:43 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
    [2010/11/09 10:37:43 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
    [2010/11/09 10:37:43 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
    [2010/11/09 10:37:43 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
    [2010/11/09 10:37:43 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
    [2010/11/09 10:37:43 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
    [2010/11/09 10:37:43 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
    [2010/11/09 10:37:43 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
    [2010/11/09 10:37:43 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
    [2010/11/09 10:37:43 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
    [2010/11/09 10:37:43 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
    [2010/11/09 10:37:42 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
    [2010/11/09 10:37:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
    [2010/11/09 10:36:56 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
    [2010/11/09 10:36:56 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
    [2010/11/09 10:36:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
    [2010/11/09 10:36:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
    [2010/11/09 10:36:56 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
    [2010/11/09 10:36:56 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
    [2010/11/09 10:36:56 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
    [2010/11/09 10:36:55 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
    [2010/11/09 10:36:55 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
    [2010/11/09 10:36:55 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
    [2010/11/09 10:36:55 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
    [2010/11/09 10:36:54 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
    [2010/11/09 10:36:49 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
    [2010/11/09 07:12:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2010/11/09 07:10:49 | 000,000,450 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
    [2010/11/09 07:10:02 | 000,000,092 | ---- | C] () -- C:\WINDOWS\GridV.UNI
    [2010/11/09 07:06:58 | 000,000,083 | ---- | C] () -- C:\WINDOWS\QtZgAcer.UNI
    [2010/11/09 07:06:17 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Windows Media Player.lnk
    [2010/11/09 07:06:01 | 003,318,626 | ---- | C] () -- C:\WINDOWS\as_1280x800.swf
    [2010/11/09 07:05:54 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/09 07:05:54 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2010/11/09 07:05:54 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/11/08 23:00:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/11/08 22:59:28 | 467,193,856 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/08 22:17:50 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
    [2010/11/08 22:17:49 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
    [2005/12/29 14:02:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/12/29 13:43:32 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
    [2005/12/01 15:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/11/10 01:02:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
    [2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
    [2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
    [2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
    [2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
    [2005/11/10 00:44:32 | 000,100,871 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
    [2005/11/10 00:37:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/03/28 15:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\alaunch.ini
    [2005/03/04 14:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
    [2004/12/17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
    [2004/09/07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
    [2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
    [2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
    [2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
    [2001/07/06 00:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

    ========== LOP Check ==========

    [2005/12/29 13:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/11/09 14:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/11/09 14:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
    [2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
    [2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2010/11/09 10:50:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 00:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/14 00:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 00:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
    [2008/04/14 00:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 00:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/14 00:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 00:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
    [2008/04/14 00:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/14 00:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/14 00:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 00:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
    [2008/04/14 00:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2005/11/10 00:29:46 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
    [2005/11/10 00:29:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/11/10 00:29:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

    < >

    < End of report >
     
  16. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Heres the extras log

    OTL Extras logfile created on: 10/11/2010 17:39:10 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Denis\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    445.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 45.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 35.06 Gb Total Space | 26.12 Gb Free Space | 74.51% Space Free | Partition Type: FAT32
    Drive D: | 35.56 Gb Total Space | 35.44 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

    Computer Name: ACER-B8216CAA61 | User Name: Denis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "avast5" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_00821025" = SoftV90 Data Fax Modem with SmartCP
    "GridVista" = Acer GridVista
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealPlayer Basic
    "SiS VGA Driver" = SiS VGA Utilities
    "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 09/11/2010 06:46:52 | Computer Name = ACER-B8216CAA61 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
    module mshtml.dll, version 6.0.2900.2838, fault address 0x00076eec.

    Error - 09/11/2010 06:47:04 | Computer Name = ACER-B8216CAA61 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
    module mshtml.dll, version 6.0.2900.2838, fault address 0x00076eec.

    Error - 09/11/2010 10:09:57 | Computer Name = ACER-B8216CAA61 | Source = Application Hang | ID = 1002
    Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 09/11/2010 10:10:48 | Computer Name = ACER-B8216CAA61 | Source = Application Hang | ID = 1002
    Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/11/2010 06:28:03 | Computer Name = ACER-B8216CAA61 | Source = Application Hang | ID = 1002
    Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/11/2010 07:06:46 | Computer Name = ACER-B8216CAA61 | Source = MsiInstaller | ID = 11316
    Description = Product: Java(TM) 6 Update 22 -- Error 1316.A network error occurred
    while attempting to read from the file C:\Documents and Settings\Denis\Application
    Data\Sun\Java\jre1.6.0_22\jre1.6.0_22.msi

    [ System Events ]
    Error - 10/11/2010 06:55:29 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/11/2010 06:55:29 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/11/2010 06:55:29 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 10/11/2010 06:55:30 | Computer Name = ACER-B8216CAA61 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126


    < End of report >
     
  17. crunchie

    crunchie Malware Helper Posts: 728

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :Files
      
      :OTL
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
      
      :Commands
      [purity]
      [emptyflash]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  18. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Heres the log from the runfix operation

    All processes killed
    Error: Unable to interpret <Files> in the current context!
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
    ========== COMMANDS ==========

    [EMPTYFLASH]

    User: Default User

    User: All Users

    User: NetworkService

    User: LocalService

    User: Denis
    ->Flash cache emptied: 300 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Denis
    ->Temp folder emptied: 10717130 bytes
    ->Temporary Internet Files folder emptied: 6672127 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 307918 bytes

    Total Files Cleaned = 17.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.17.3 log created on 11102010_204936

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Denis\Local Settings\Temporary Internet Files\Content.IE5\KJMTCT63\crosspixel-dest[1].html moved successfully.
    C:\Documents and Settings\Denis\Local Settings\Temporary Internet Files\Content.IE5\SN0LUB49\topic156249[1].html moved successfully.
    File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

    Registry entries deleted on Reboot...
     
  19. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Heres the log atfer the quick scan

    OTL logfile created on: 10/11/2010 20:53:16 - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Denis\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    445.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 40.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 35.06 Gb Total Space | 26.07 Gb Free Space | 74.34% Space Free | Partition Type: FAT32
    Drive D: | 35.56 Gb Total Space | 35.44 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

    Computer Name: ACER-B8216CAA61 | User Name: Denis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
    PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/12/29 13:50:40 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2005/11/16 16:41:34 | 000,393,216 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    PRC - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
    PRC - [2005/03/28 12:30:44 | 000,315,392 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
    PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
    PRC - [2005/03/04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
    PRC - [2005/02/23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2005/01/04 16:52:52 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
    PRC - [2004/10/08 14:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
    MOD - [2010/09/18 06:53:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/14 00:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
    MOD - [2004/10/08 14:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
    MOD - [2004/08/27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 16:12:00 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2010/09/07 15:52:26 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 15:52:04 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 15:47:20 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 15:47:08 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 15:46:52 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2005/12/29 13:50:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/11/10 01:01:34 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
    DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
    DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
    DRV - [2005/01/10 15:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2004/12/17 16:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2004/12/15 15:18:34 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWSIS.sys -- (HSFHWSIS)
    DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
    DRV - [2004/11/05 16:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
    DRV - [2004/10/08 14:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/11/10 20:49:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
    O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1289298055946 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/11/10 01:02:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/10 20:49:36 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/11/10 17:38:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
    [2010/11/10 13:24:43 | 000,000,000 | -HSD | C] -- C:\Recycled
    [2010/11/10 11:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/11/10 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/11/10 11:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/11/10 11:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Sun
    [2010/11/10 11:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2010/11/10 11:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/11/10 10:43:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/11/10 10:38:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/10 10:33:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/09 23:32:24 | 006,357,288 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Denis\My Documents\mbam-rules.exe
    [2010/11/09 19:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Macromedia
    [2010/11/09 16:16:25 | 027,634,824 | ---- | C] ( ) -- C:\Documents and Settings\Denis\My Documents\AdbeRdr940_en_US.exe
    [2010/11/09 14:30:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\TFC.exe
    [2010/11/09 14:22:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\Recent
    [2010/11/09 14:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\My Documents\Registry
    [2010/11/09 14:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/11/09 14:16:59 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/11/09 14:16:59 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/11/09 14:16:58 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/11/09 14:16:57 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/11/09 14:16:56 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/11/09 14:16:56 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/11/09 14:16:55 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/11/09 14:16:37 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/11/09 14:16:37 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/11/09 14:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/11/09 14:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/11/09 14:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Identities
    [2010/11/09 14:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Malwarebytes
    [2010/11/09 14:12:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/09 14:12:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/09 14:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/09 14:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/09 14:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/11/09 14:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/11/09 14:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/11/09 14:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2010/11/09 11:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2010/11/09 11:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010/11/09 10:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
    [2010/11/09 10:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2010/11/09 10:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2010/11/09 10:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2010/11/09 10:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2010/11/09 10:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2010/11/09 10:55:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2010/11/09 10:50:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2010/11/09 10:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
    [2010/11/09 10:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/11/09 10:25:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2010/11/09 10:22:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2010/11/09 10:20:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\UserData
    [2010/11/09 07:07:13 | 000,258,048 | ---- | C] (Acer Inc.) -- C:\WINDOWS\System32\Uninstall_eRecovery.exe
    [2010/11/09 07:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
    [2010/11/09 07:06:41 | 000,147,456 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
    [2010/11/09 07:06:39 | 000,049,152 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\QtBtLib.dll
    [2010/11/09 07:06:39 | 000,016,896 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\drivers\DKbFltr.SYS
    [2010/11/09 07:05:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\Application Data\Microsoft
    [2010/11/09 07:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\You've Got Pictures Screensaver
    [2010/11/09 07:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\AOL
    [2010/11/09 07:05:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Denis\Cookies
    [2010/11/09 07:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\SendTo
    [2010/11/09 07:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Denis\Application Data
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\Start Menu
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents\My Pictures
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents\My Music
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\My Documents
    [2010/11/09 07:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Denis\Favorites
    [2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\Templates
    [2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\PrintHood
    [2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\NetHood
    [2010/11/09 07:05:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Denis\Local Settings
    [2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Local Settings\Application Data\Microsoft
    [2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Application Data\Identities
    [2010/11/09 07:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Denis\Desktop
    [2010/11/09 07:04:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010/11/08 22:17:50 | 000,163,840 | ---- | C] (Acer Inc.) -- C:\WINDOWS\AExec.exe

    ========== Files - Modified Within 30 Days ==========

    [2010/11/10 20:51:58 | 000,000,450 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
    [2010/11/10 20:50:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/10 20:50:52 | 467,193,856 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/10 17:38:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\OTL.exe
    [2010/11/10 17:31:12 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/11/10 11:01:46 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/11/10 10:38:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/11/09 23:32:26 | 006,357,288 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Denis\My Documents\mbam-rules.exe
    [2010/11/09 16:16:24 | 027,634,824 | ---- | M] ( ) -- C:\Documents and Settings\Denis\My Documents\AdbeRdr940_en_US.exe
    [2010/11/09 14:33:22 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\4ngqifwo.exe
    [2010/11/09 14:30:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denis\Desktop\TFC.exe
    [2010/11/09 14:20:58 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/09 14:17:02 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/09 14:16:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/11/09 14:12:58 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/09 14:08:10 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/09 14:06:12 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\SpywareBlaster.lnk
    [2010/11/09 12:17:02 | 000,313,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/09 12:17:02 | 000,041,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/09 11:23:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/09 11:21:24 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/09 11:21:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2010/11/09 10:55:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/09 07:12:50 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
    [2010/11/09 07:10:50 | 000,000,097 | ---- | M] () -- C:\WINDOWS\alaunch.ini
    [2010/11/09 07:10:04 | 000,000,092 | ---- | M] () -- C:\WINDOWS\GridV.UNI
    [2010/11/09 07:07:00 | 000,000,083 | ---- | M] () -- C:\WINDOWS\QtZgAcer.UNI
    [2010/11/09 07:06:18 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Denis\Desktop\Windows Media Player.lnk
    [2010/11/09 07:04:54 | 000,000,793 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010/11/09 07:04:52 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/08 23:00:20 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/11/08 22:17:54 | 000,000,925 | ---- | M] () -- C:\WINDOWS\HotFix.bat
    [2010/11/08 22:17:52 | 000,000,657 | ---- | M] () -- C:\WINDOWS\CLEANUP.CMD

    ========== Files Created - No Company Name ==========

    [2010/11/10 11:01:45 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/11/10 10:38:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/11/10 10:38:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/09 14:33:20 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\4ngqifwo.exe
    [2010/11/09 14:20:57 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/11/09 14:17:00 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/09 14:12:56 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/09 14:08:09 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/09 14:06:11 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\SpywareBlaster.lnk
    [2010/11/09 10:37:47 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
    [2010/11/09 10:37:47 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
    [2010/11/09 10:37:47 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
    [2010/11/09 10:37:44 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
    [2010/11/09 10:37:44 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
    [2010/11/09 10:37:44 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
    [2010/11/09 10:37:44 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
    [2010/11/09 10:37:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
    [2010/11/09 10:37:44 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
    [2010/11/09 10:37:44 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
    [2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
    [2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
    [2010/11/09 10:37:44 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
    [2010/11/09 10:37:44 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
    [2010/11/09 10:37:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
    [2010/11/09 10:37:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
    [2010/11/09 10:37:44 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
    [2010/11/09 10:37:44 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
    [2010/11/09 10:37:44 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
    [2010/11/09 10:37:44 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
    [2010/11/09 10:37:44 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
    [2010/11/09 10:37:44 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
    [2010/11/09 10:37:44 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
    [2010/11/09 10:37:44 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
    [2010/11/09 10:37:44 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
    [2010/11/09 10:37:44 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
    [2010/11/09 10:37:44 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
    [2010/11/09 10:37:44 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
    [2010/11/09 10:37:44 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
    [2010/11/09 10:37:44 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
    [2010/11/09 10:37:44 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
    [2010/11/09 10:37:44 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
    [2010/11/09 10:37:44 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
    [2010/11/09 10:37:44 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
    [2010/11/09 10:37:44 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
    [2010/11/09 10:37:44 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
    [2010/11/09 10:37:44 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
    [2010/11/09 10:37:44 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
    [2010/11/09 10:37:44 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
    [2010/11/09 10:37:44 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
    [2010/11/09 10:37:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
    [2010/11/09 10:37:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
    [2010/11/09 10:37:44 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
    [2010/11/09 10:37:44 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
    [2010/11/09 10:37:44 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
    [2010/11/09 10:37:44 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
    [2010/11/09 10:37:44 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
    [2010/11/09 10:37:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
    [2010/11/09 10:37:43 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
    [2010/11/09 10:37:43 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
    [2010/11/09 10:37:43 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
    [2010/11/09 10:37:43 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
    [2010/11/09 10:37:43 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
    [2010/11/09 10:37:43 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
    [2010/11/09 10:37:43 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
    [2010/11/09 10:37:43 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
    [2010/11/09 10:37:43 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
    [2010/11/09 10:37:43 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
    [2010/11/09 10:37:43 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
    [2010/11/09 10:37:43 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
    [2010/11/09 10:37:43 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
    [2010/11/09 10:37:43 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
    [2010/11/09 10:37:43 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
    [2010/11/09 10:37:42 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
    [2010/11/09 10:37:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
    [2010/11/09 10:36:56 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
    [2010/11/09 10:36:56 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
    [2010/11/09 10:36:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
    [2010/11/09 10:36:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
    [2010/11/09 10:36:56 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
    [2010/11/09 10:36:56 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
    [2010/11/09 10:36:56 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
    [2010/11/09 10:36:55 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
    [2010/11/09 10:36:55 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
    [2010/11/09 10:36:55 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
    [2010/11/09 10:36:55 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
    [2010/11/09 10:36:54 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
    [2010/11/09 10:36:49 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
    [2010/11/09 07:12:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2010/11/09 07:10:49 | 000,000,450 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
    [2010/11/09 07:10:02 | 000,000,092 | ---- | C] () -- C:\WINDOWS\GridV.UNI
    [2010/11/09 07:06:58 | 000,000,083 | ---- | C] () -- C:\WINDOWS\QtZgAcer.UNI
    [2010/11/09 07:06:17 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Denis\Desktop\Windows Media Player.lnk
    [2010/11/09 07:06:01 | 003,318,626 | ---- | C] () -- C:\WINDOWS\as_1280x800.swf
    [2010/11/09 07:05:54 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/09 07:05:54 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2010/11/09 07:05:54 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Denis\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/11/08 23:00:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/11/08 22:59:28 | 467,193,856 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/08 22:17:50 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
    [2010/11/08 22:17:49 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
    [2005/12/29 14:02:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/12/29 13:43:32 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
    [2005/12/01 15:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/11/10 01:02:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
    [2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
    [2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
    [2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
    [2005/11/10 01:01:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
    [2005/11/10 00:44:32 | 000,100,871 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
    [2005/11/10 00:37:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/03/28 15:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\alaunch.ini
    [2005/03/04 14:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
    [2004/12/17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
    [2004/09/07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
    [2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
    [2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
    [2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
    [2001/07/06 00:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

    ========== LOP Check ==========

    [2005/12/29 13:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/11/09 14:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/11/09 14:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

    ========== Purity Check ==========



    < End of report >
     
  20. crunchie

    crunchie Malware Helper Posts: 728

    Cool. Can you give me a run down on how things are now please.
     
  21. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Hi, still not going anywhere when I click on search results in google.The normal Google search page comes up and when I search a topic when I click on a result I get a blank screen.I have attached a screenshot.

    Also at times on the google results page the menu that normally appears on the left of the page appears in the middle (Another screen shot attached)

    Also when I start the laptop instead of going straight to the Windows screen a screen with the option of booting to windows recovery consul, another one I cant read as it is only on for a second ,or windows xp(which is the highlighted option).It then goes to the windows screen.
    Hope I've explained that so you can understand it.

    Thanks Denis
     

    Attached Files:

  22. crunchie

    crunchie Malware Helper Posts: 728

    Did you install the recovery console when you ran Combofix? That would be why the boot options you are now getting.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  23. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    Yes I did instal recovery console when I ran Combofix.

    log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 128):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D0000 \WINDOWS\system32\hal.dll
    0xF79A6000 \WINDOWS\system32\KDCOM.DLL
    0xF78B6000 \WINDOWS\system32\BOOTVID.dll
    0xF7377000 ACPI.sys
    0xF79A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7366000 pci.sys
    0xF74A6000 isapnp.sys
    0xF78BA000 compbatt.sys
    0xF78BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7A6E000 pciide.sys
    0xF7726000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7348000 pcmcia.sys
    0xF74B6000 MountMgr.sys
    0xF7329000 ftdisk.sys
    0xF78C2000 ACPIEC.sys
    0xF7A6F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF772E000 PartMgr.sys
    0xF78C6000 UBHelper.sys
    0xF74C6000 VolSnap.sys
    0xF7311000 atapi.sys
    0xF74D6000 disk.sys
    0xF74E6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF72F1000 fltmgr.sys
    0xF72DF000 sr.sys
    0xF72BB000 Fastfat.sys
    0xF72A4000 KSecDD.sys
    0xF7277000 NDIS.sys
    0xF74F6000 uagp35.sys
    0xF7506000 SISAGPX.sys
    0xF725D000 Mup.sys
    0xF7526000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF70E9000 \SystemRoot\system32\DRIVERS\sisgrp.sys
    0xF70D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7536000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7746000 \SystemRoot\System32\Drivers\DKbFltr.sys
    0xF774E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF70A7000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF79AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7756000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7546000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7556000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7566000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7084000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF79AC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
    0xF7053000 \SystemRoot\system32\DRIVERS\HSFHWSIS.sys
    0xF6F55000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF6EA9000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF775E000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF6C74000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xF6C50000 \SystemRoot\system32\drivers\portcls.sys
    0xF7576000 \SystemRoot\system32\drivers\drmk.sys
    0xF7766000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF6C2C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF776E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7776000 \SystemRoot\system32\DRIVERS\sisnicxp.sys
    0xF6BD1000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xF7946000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF7188000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7586000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF794A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6BBA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF75A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF777E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6BA9000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF75B6000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7786000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF778E000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF75C6000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79AE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6B23000 \SystemRoot\system32\DRIVERS\update.sys
    0xF795A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF75D6000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7626000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79B2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7161000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79B4000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF77D6000 \SystemRoot\System32\drivers\vga.sys
    0xF79B6000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF77DE000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF77E6000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7982000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAD72D000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAD6D4000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF7636000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xAD684000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAD662000 \SystemRoot\System32\drivers\afd.sys
    0xF7646000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF798A000 \SystemRoot\system32\DRIVERS\srvkp.sys
    0xAD637000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAD5C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7656000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAD5A1000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF7666000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAD57A000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF77F6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xAD4C5000 \SystemRoot\System32\Drivers\Ntfs.SYS
    0xF7686000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF7218000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7696000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF77FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7214000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xAD40D000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79BA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF6BA1000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7806000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7AAD000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\SiSGRV.dll
    0xAD3E9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xAD2F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAD12E000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xACD31000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAD04E000 \SystemRoot\system32\drivers\sysaudio.sys
    0xACAF6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7A46000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xACB63000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF7A48000 \??\C:\WINDOWS\system32\drivers\osaio.sys
    0xF7B34000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
    0xAC95F000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAC6A6000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
    0xAC665000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF781E000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xAC572000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\System32\ntdll.dll

    Processes (total 36):
    0 System Idle Process
    4 System
    556 C:\WINDOWS\System32\SMSS.EXE
    620 CSRSS.EXE
    648 C:\WINDOWS\System32\WINLOGON.EXE
    692 C:\WINDOWS\System32\SERVICES.EXE
    704 C:\WINDOWS\System32\LSASS.EXE
    852 C:\WINDOWS\System32\SVCHOST.EXE
    900 SVCHOST.EXE
    940 C:\WINDOWS\System32\SVCHOST.EXE
    1012 SVCHOST.EXE
    1116 SVCHOST.EXE
    1472 C:\WINDOWS\EXPLORER.EXE
    1508 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1608 C:\WINDOWS\System32\Keyhook.exe
    1616 C:\WINDOWS\SOUNDMAN.EXE
    1628 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    1636 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1644 C:\Program Files\Arcade\PCMService.exe
    1692 C:\Program Files\Real\RealPlayer\REALPLAY.EXE
    1700 C:\Program Files\QuickTime\QTTASK.EXE
    1712 C:\Program Files\Launch Manager\QtZgAcer.EXE
    1732 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1756 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    1776 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
    1784 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    1820 C:\WINDOWS\System32\SISTRAY.EXE
    516 C:\WINDOWS\System32\SPOOLSV.EXE
    148 SVCHOST.EXE
    188 C:\Acer\eManager\anbmServ.exe
    592 C:\Program Files\Java\JRE6\BIN\jqs.exe
    2380 C:\WINDOWS\System32\SVCHOST.EXE
    2720 alg.exe
    3996 C:\WINDOWS\System32\wuauclt.exe
    3840 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    3212 C:\Documents and Settings\Denis\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800UE-22HCT0, Rev: 09.07D09

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     
  24. crunchie

    crunchie Malware Helper Posts: 728

    Run MBRCheck again.

    When it's done you'll see the following line:
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Press the Y key and then press Enter

    When the program asks you to Enter your choice, enter 2 and press the Enter key.

    Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
    Enter 0 (zero) and press the Enter key.

    Next the program will show Available MBR codes:, followed by a list of operating systems.
    Please enter 1 for Windows XP, and then press Enter.

    Next the program will prompt for confirmation.
    Type YES and hit Enter.

    When it's done there should be a text file with the results on your desktop.
    Please copy and paste it back here.

    Then reboot and run MBRCheck again and post that log.
     
  25. appleybridger

    appleybridger TS Rookie Topic Starter Posts: 33

    mbr log
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 128):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D0000 \WINDOWS\system32\hal.dll
    0xF79A6000 \WINDOWS\system32\KDCOM.DLL
    0xF78B6000 \WINDOWS\system32\BOOTVID.dll
    0xF7377000 ACPI.sys
    0xF79A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7366000 pci.sys
    0xF74A6000 isapnp.sys
    0xF78BA000 compbatt.sys
    0xF78BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7A6E000 pciide.sys
    0xF7726000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7348000 pcmcia.sys
    0xF74B6000 MountMgr.sys
    0xF7329000 ftdisk.sys
    0xF78C2000 ACPIEC.sys
    0xF7A6F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF772E000 PartMgr.sys
    0xF78C6000 UBHelper.sys
    0xF74C6000 VolSnap.sys
    0xF7311000 atapi.sys
    0xF74D6000 disk.sys
    0xF74E6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF72F1000 fltmgr.sys
    0xF72DF000 sr.sys
    0xF72BB000 Fastfat.sys
    0xF72A4000 KSecDD.sys
    0xF7277000 NDIS.sys
    0xF74F6000 uagp35.sys
    0xF7506000 SISAGPX.sys
    0xF725D000 Mup.sys
    0xF7526000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF70E9000 \SystemRoot\system32\DRIVERS\sisgrp.sys
    0xF70D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7536000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7746000 \SystemRoot\System32\Drivers\DKbFltr.sys
    0xF774E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF70A7000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF79AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7756000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7546000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7556000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7566000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7084000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF79AC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
    0xF7053000 \SystemRoot\system32\DRIVERS\HSFHWSIS.sys
    0xF6F55000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF6EA9000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF775E000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF6C74000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xF6C50000 \SystemRoot\system32\drivers\portcls.sys
    0xF7576000 \SystemRoot\system32\drivers\drmk.sys
    0xF7766000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF6C2C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF776E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7776000 \SystemRoot\system32\DRIVERS\sisnicxp.sys
    0xF6BD1000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xF7946000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF7188000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7586000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF794A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6BBA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF75A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF777E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6BA9000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF75B6000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7786000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF778E000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF75C6000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79AE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6B23000 \SystemRoot\system32\DRIVERS\update.sys
    0xF795A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF75D6000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7626000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79B2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7161000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79B4000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF77D6000 \SystemRoot\System32\drivers\vga.sys
    0xF79B6000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF77DE000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF77E6000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7982000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAD72D000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAD6D4000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF7636000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xAD684000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAD662000 \SystemRoot\System32\drivers\afd.sys
    0xF7646000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF798A000 \SystemRoot\system32\DRIVERS\srvkp.sys
    0xAD637000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAD5C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7656000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAD5A1000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF7666000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAD57A000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF77F6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xAD4C5000 \SystemRoot\System32\Drivers\Ntfs.SYS
    0xF7686000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF7218000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7696000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF77FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7214000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xAD40D000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79BA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF6BA1000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7806000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7AAD000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\SiSGRV.dll
    0xAD3E9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xAD2F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAD12E000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xACD31000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAD04E000 \SystemRoot\system32\drivers\sysaudio.sys
    0xACAF6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7A46000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xACB63000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF7A48000 \??\C:\WINDOWS\system32\drivers\osaio.sys
    0xF7B34000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
    0xAC95F000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAC6A6000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
    0xAC665000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF781E000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xAC572000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\System32\ntdll.dll

    Processes (total 35):
    0 System Idle Process
    4 System
    556 C:\WINDOWS\System32\SMSS.EXE
    620 CSRSS.EXE
    648 C:\WINDOWS\System32\WINLOGON.EXE
    692 C:\WINDOWS\System32\SERVICES.EXE
    704 C:\WINDOWS\System32\LSASS.EXE
    852 C:\WINDOWS\System32\SVCHOST.EXE
    900 SVCHOST.EXE
    940 C:\WINDOWS\System32\SVCHOST.EXE
    1012 SVCHOST.EXE
    1116 SVCHOST.EXE
    1472 C:\WINDOWS\EXPLORER.EXE
    1508 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1608 C:\WINDOWS\System32\Keyhook.exe
    1616 C:\WINDOWS\SOUNDMAN.EXE
    1628 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    1636 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1644 C:\Program Files\Arcade\PCMService.exe
    1692 C:\Program Files\Real\RealPlayer\REALPLAY.EXE
    1700 C:\Program Files\QuickTime\QTTASK.EXE
    1712 C:\Program Files\Launch Manager\QtZgAcer.EXE
    1732 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1756 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    1776 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
    1784 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    1820 C:\WINDOWS\System32\SISTRAY.EXE
    516 C:\WINDOWS\System32\SPOOLSV.EXE
    148 SVCHOST.EXE
    188 C:\Acer\eManager\anbmServ.exe
    592 C:\Program Files\Java\JRE6\BIN\jqs.exe
    2380 C:\WINDOWS\System32\SVCHOST.EXE
    2720 alg.exe
    3996 C:\WINDOWS\System32\wuauclt.exe
    2468 C:\Documents and Settings\Denis\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800UE-22HCT0, Rev: 09.07D09

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 1
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
    Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...