TechSpot

System Check virus?

Solved
By Timock
Jan 11, 2012
  1. I'm using winXP, A few days ago my avast system seemed to have caught the "virus check virus" which could only be opened in sandbox. I then had the system check pop up appear, fake scan my system and asking me to help fix the problem by purchasing a non existant cure.
    Obviously I did not do that. I checked my firewall Macafee and I had several intrusions. Ran Avast scan then did an avast Reboot scan, which found only one infected file, which could not be deleted? Started to the desktop and everything had disappeared accept the start button and empy my documents folder etc,

    It seems I can only connect online via in safe mode.

    Found TechSpot and tried to follow the procedure that had already been outlined for others. But not as accurately as I should have. My Bad!

    Ran - 1) Malwarebytes' Anti-Malware,
    2) Unhide - which helped restore some files and applications
    3)aswMBR.exe
    4) attempted to run Combo Fix, which seems to crash while scanning, I had disabled Avast and nothing else is running, so I was at a loss. Looked at TechSpot in more detail (what I should have done in the first place) So below will be my listed logs.

    Any help would be greatly appreciated. Thanks

    My First Malwarebytes Scan

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.07.04

    Windows XP Service Pack 3 x86 FAT32 (Safe Mode/Networking)
    Internet Explorer 6.0.2900.5512
    Administrator :: [administrator]

    07/01/2012 23:44:19
    mbam-log-2012-01-07 (23-44-19).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 313899
    Time elapsed: 57 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AWteuGLwTAOiU.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\AWteuGLwTAOiU.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 8
    C:\Documents and Settings\All Users\Application Data\AWteuGLwTAOiU.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\rvn4Uw7wiU5Dge.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\wayne\Local Settings\Temp\wera0.7797335485655679.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\wayne\Application Data\Sun\Java\Deployment\cache\6.0\47\4567146f-3699d291 (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\wayne\Application Data\Sun\Java\Deployment\cache\6.0\47\4567146f-785d2ed6 (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Alcohol Soft\Alcohol 120\keymaker.exe (Password.Stealer) -> Quarantined and deleted successfully.
    C:\Program Files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.
    D:\stuff\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

    (end)



    ---------------------

    My last Malwarebytes Scan

    Database version: v2012.01.07.04

    Windows XP Service Pack 3 x86 FAT32 (Safe Mode/Networking)
    Internet Explorer 6.0.2900.5512
    Administrator :: [administrator]

    11/01/2012 19:49:45
    mbam-log-2012-01-11 (19-49-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 204486
    Time elapsed: 9 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ----------------


    GMER Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-11 20:08:12
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 IC25N060ATMR04-0 rev.MO3OAD4A
    Running: 2xdyqh4m[1].exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxldqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT spxl.sys ZwCreateKey [0xF87250E0]
    SSDT spxl.sys ZwEnumerateKey [0xF8742CA2]
    SSDT spxl.sys ZwEnumerateValueKey [0xF8743030]
    SSDT spxl.sys ZwOpenKey [0xF87250C0]
    SSDT spxl.sys ZwQueryKey [0xF8743108]
    SSDT spxl.sys ZwQueryValueKey [0xF8742F88]
    SSDT spxl.sys ZwSetValueKey [0xF874319A]

    INT 0x62 ? 83373BF8
    INT 0x73 ? 83333BF8
    INT 0xA4 ? 83333BF8
    INT 0xB4 ? 83333BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spxl.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload F852F8AC 5 Bytes JMP 833331D8
    .text anoojwv9.SYS F8121384 1 Byte [20]
    .text anoojwv9.SYS F8121384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
    .text anoojwv9.SYS F81213AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
    .text anoojwv9.SYS F81213C4 3 Bytes [00, 00, 00]
    .text anoojwv9.SYS F81213C9 1 Byte [00]
    .text ...
    init C:\WINDOWS\system32\Drivers\FireTDI.sys entry point in "init" section [0xF7EED000]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833E22D8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F874B6D0] spxl.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F874F708] spxl.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8726046] spxl.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8726142] spxl.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F87260C4] spxl.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F87267CE] spxl.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F87266A4] spxl.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833332D8
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8731D7A] spxl.sys
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlInitUnicodeString] 0000004C
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!swprintf] 00000095
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeSetEvent] 0000000B
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000042
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000FA
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 000000C3
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0000004E
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000008
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 0000002E
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmUnmapIoSpace] 000000A1
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 00000066
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IofCompleteRequest] 00000028
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 000000D9
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IofCallDriver] 00000024
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 000000B2
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000076
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoConnectInterrupt] 0000005B
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoDetachDevice] 000000A2
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000049
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInitializeEvent] 0000006D
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeCancelTimer] 0000008B
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000D1
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000025
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000072
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoQueueWorkItem] 000000F8
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmMapIoSpace] 000000F6
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 00000064
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoReportDetectedDevice] 00000086
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00000068
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000098
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!NlsMbCodePageTag] 00000016
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoRequestPowerIrp] 000000D4
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 000000A4
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 0000005C
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!sprintf] 000000CC
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0000005D
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ObfDereferenceObject] 00000065
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 000000B6
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000092
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwClose] 0000006C
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 00000070
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000048
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 00000050
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 000000FD
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoCreateDevice] 000000ED
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B9
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 000000DA
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000005E
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwOpenKey] 00000015
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 00000046
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoStartTimer] 00000057
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInitializeTimer] 000000A7
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoInitializeTimer] 0000008D
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInitializeDpc] 0000009D
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInitializeSpinLock] 00000084
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoInitializeIrp] 00000090
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwCreateKey] 000000D8
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AB
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 00000000
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwSetValueKey] 0000008C
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000BC
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 000000D3
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoStartPacket] 0000000A
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 000000F7
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000E4
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoFreeMdl] 00000058
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmUnlockPages] 00000005
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 000000B8
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 000000B3
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00000045
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 00000006
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeSynchronizeExecution] 000000D0
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoStartNextPacket] 0000002C
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeBugCheckEx] 0000001E
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeSetTimer] 000000CA
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!_allmul] 0000003F
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmProbeAndLockPages] 0000000F
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!_except_handler3] 00000002
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoSetPowerState] 000000C1
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000AF
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000BD
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000003
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!_aulldiv] 00000001
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!strstr] 00000013
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!_strupr] 0000008A
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeQuerySystemTime] 0000006B
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000003A
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeTickCount] 00000091
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000011
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoDeleteDevice] 00000041
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000004F
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000067
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateIrp] 000000DC
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateMdl] 000000EA
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 00000097
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000F2
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 000000CF
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 000000CE
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ExFreePoolWithTag] 000000F0
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoFreeIrp] 000000B4
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoFreeWorkItem] 000000E6
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlCompareMemory] 00000096
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoCallDriver] 000000AC
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!memmove] 00000074
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmHighestUserAddress] 00000022
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KfAcquireSpinLock] 00000034
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KeGetCurrentIrql] 00000043
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KfRaiseIrql] 00000044
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KfLowerIrql] 000000C4
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!HalGetInterruptVector] 000000DE
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!HalTranslateBusAddress] 000000E9
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KfReleaseSpinLock] 00000054
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!READ_PORT_USHORT] 00000094
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[WMILIB.SYS!WmiSystemControl] 00000023
    IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D
     
  2. Timock

    Timock TS Rookie Topic Starter Posts: 35

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Fastfat \FatCdrom 833721F8

    AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee Desktop Firewall Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\sptd \Device\3091846462 spxl.sys
    Device \Driver\usbuhci \Device\USBPDO-0 8330D1F8
    Device \Driver\usbuhci \Device\USBPDO-1 8330D1F8
    Device \Driver\usbuhci \Device\USBPDO-2 8330D1F8
    Device \Driver\usbuhci \Device\USBPDO-3 8330D1F8
    Device \Driver\usbehci \Device\USBPDO-4 8329C1F8

    AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee Desktop Firewall Application Firewall Driver/McAfee, Inc.)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 833E01F8
    Device \Driver\PCI_PNP5212 \Device\00000058 spxl.sys
    Device \Driver\Ftdisk \Device\HarddiskVolume2 833E01F8
    Device \Driver\Cdrom \Device\CdRom0 832FF1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 833E01F8
    Device \Driver\atapi \Device\Ide\IdePort0 [F8681B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F8681B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F8681B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Cdrom \Device\CdRom1 832FF1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{F7664C59-6D67-4EA2-B58D-3D95461A431F} 829291F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 829291F8
    Device \Driver\NetBT \Device\NetbiosSmb 829291F8

    AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee Desktop Firewall Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee Desktop Firewall Application Firewall Driver/McAfee, Inc.)

    Device \Driver\usbuhci \Device\USBFDO-0 8330D1F8
    Device \Driver\usbuhci \Device\USBFDO-1 8330D1F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 829571F8
    Device \Driver\usbuhci \Device\USBFDO-2 8330D1F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 829571F8
    Device \Driver\usbuhci \Device\USBFDO-3 8330D1F8
    Device \Driver\usbehci \Device\USBFDO-4 8329C1F8
    Device \Driver\Ftdisk \Device\FtControl 833E01F8
    Device \Driver\anoojwv9 \Device\Scsi\anoojwv91Port1Path0Target0Lun0 8321C1F8
    Device \Driver\anoojwv9 \Device\Scsi\anoojwv91 8321C1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{30C5CD6C-675B-4475-9EDB-9A858CFE2CEB} 829291F8
    Device \FileSystem\Fastfat \Fat 833721F8
    Device \FileSystem\Cdfs \Cdfs 8298D1F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{1036D5BA-CA0B-6EFB-A816166A3C4364C2}\{9AB25E74-55C5-EF48-A2C588CFA5A2438C}\{DC8259A3-8AE9-348D-2F7CC1007F2DBE93}
    Reg HKLM\SOFTWARE\Classes\CLSID\{1036D5BA-CA0B-6EFB-A816166A3C4364C2}\{9AB25E74-55C5-EF48-A2C588CFA5A2438C}\{DC8259A3-8AE9-348D-2F7CC1007F2DBE93}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{286D4131-3821-6CBF-08770360589374C2}\{48BEB065-0DEC-1314-6E019AD5B66531AE}\{E2D4EA90-E228-BF00-D20DE2AD05099BA2}
    Reg HKLM\SOFTWARE\Classes\CLSID\{286D4131-3821-6CBF-08770360589374C2}\{48BEB065-0DEC-1314-6E019AD5B66531AE}\{E2D4EA90-E228-BF00-D20DE2AD05099BA2}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{9F5A92A2-B329-46CC-1B7090FE4262F142}\{3D41E9B5-DA3D-E370-0314048CD4A11D7E}\{F612533D-2F2D-C745-8F22D9CBAAB0FDB6}
    Reg HKLM\SOFTWARE\Classes\CLSID\{9F5A92A2-B329-46CC-1B7090FE4262F142}\{3D41E9B5-DA3D-E370-0314048CD4A11D7E}\{F612533D-2F2D-C745-8F22D9CBAAB0FDB6}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
    Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xCC 0xC0 0x71 0x52 ...

    ---- EOF - GMER 1.0.15 ----
     
  3. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. Timock

    Timock TS Rookie Topic Starter Posts: 35

    Thank You, for your Welcome.

    I've been attempting the DDS Scan /Log

    But everytime I run it, it never completes and then freezes up. As far that I'm aware I have no script blocking protection on. I will continue trying to run DDS and get that log available, ASAP.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    Very well.
    That's what you need to tell me.
    If I had a crystal ball.....LOL

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ============================================================

    Please download and run ListParts by Farbar

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  6. Timock

    Timock TS Rookie Topic Starter Posts: 35

    aswMBR Log

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-12 00:21:43
    -----------------------------
    00:21:43.984 OS Version: Windows 5.1.2600 Service Pack 3
    00:21:43.984 Number of processors: 1 586 0xD08
    00:21:43.984 ComputerName: WAYNES UserName:
    00:21:44.953 Initialize success
    00:23:42.062 AVAST engine defs: 12011101
    00:24:00.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    00:24:00.781 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
    00:24:00.828 Disk 0 MBR read successfully
    00:24:00.828 Disk 0 MBR scan
    00:24:00.906 Disk 0 unknown MBR code
    00:24:00.921 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 3004 MB offset 63
    00:24:00.953 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 27023 MB offset 6152895
    00:24:00.968 Disk 0 Partition - 00 0F Extended LBA 27203 MB offset 61496820
    00:24:01.000 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 27203 MB offset 61496883
    00:24:01.015 Disk 0 scanning sectors +117210240
    00:24:01.281 Disk 0 scanning C:\WINDOWS\system32\drivers
    00:24:19.187 Service scanning
    00:24:23.593 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    00:24:25.281 Modules scanning
    00:24:36.593 Disk 0 trace - called modules:
    00:24:36.656 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spst.sys >>UNKNOWN [0x83393944]<<
    00:24:36.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x832b66b0]
    00:24:36.734 3 CLASSPNP.SYS[f88a3fd7] -> nt!IofCallDriver -> \Device\00000087[0x83335030]
    00:24:36.781 5 ACPI.sys[f86e4620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83314190]
    00:24:37.468 AVAST engine scan C:\WINDOWS
    00:25:04.078 File: C:\WINDOWS\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
    00:25:04.953 AVAST engine scan C:\WINDOWS\system32
    00:27:45.921 AVAST engine scan C:\WINDOWS\system32\drivers
    00:28:06.703 AVAST engine scan C:\Documents and Settings\Administrator
    00:28:19.406 AVAST engine scan C:\Documents and Settings\All Users
    00:28:48.640 Scan finished successfully
    00:29:33.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
    00:29:33.937 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR SCAN.txt"

    ----------

    I wasn't able to copy paste into notepad, so I wrote the Bootkit Remover below. LOL

    Program version : 1.2.0.1
    OS Version : Miscosoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.C - >\\.\PhysicalDrive0 at offset 0x00000000 'bbc57e00
    Boot sector MD5 is : 4857c98ecdcb93636f1a53bbb301a72f

    size device name MBR status
    ------------------------------------------------------------------------------------------
    55GB \\.\ PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump (device_name) [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix (device_name)

    ---------------

    ListParts by Farbar Log
    Ran by Administrator on 12-01-2012 at 01:03:02
    Windows XP (X86)
    Running From: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U89JJT3E
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 31%
    Total physical RAM: 502.05 MB
    Available physical RAM: 341.5 MB
    Total Pagefile: 1225.5 MB
    Available Pagefile: 930.95 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2006.99 MB

    ======================= Partitions =========================

    1 Drive c: (ACER) (Fixed) (Total:26.38 GB) (Free:3.14 GB) FAT32 ==>[Drive with boot components (Windows XP)]
    2 Drive d: (ACERDATA) (Fixed) (Total:26.55 GB) (Free:5 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 56 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 3004 MB 32 KB
    Partition 2 Primary 26 GB 3004 MB
    Partition 3 Extended 27 GB 29 GB
    Partition 4 Logical 27 GB 29 GB

    Disk: 0
    The disk management services could not complete the operation.

    Disk: 0
    Partition 2
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C ACER FAT32 Partition 26 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 4
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D ACERDATA FAT32 Partition 27 GB Healthy


    ****** End Of Log ******
     
  7. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. Timock

    Timock TS Rookie Topic Starter Posts: 35

    I have run the first RKill, it seemed to run. I imediately started Combo fix under "your_name.exe" (tried orignal already). I ran it, it did not seem to freeze, but left it for about an hour with still no result. So I stopped it. Should it take any longer than the 10 to 20 mins it says it should take when waiting for a log ?

    RKill log
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 12/01/2012 at 19:33:08.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\WINDOWS\system32\verclsid.exe


    Rkill completed on 12/01/2012 at 19:33:14.

    ---------------

    I shall attempt to run Combo fix with the other two Rkill options you posted

    Rkill.scr
    Rkill.exe

    I'm still operating in safe mode.
     
  9. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    Try to run Combofix from safe mode and be patient.
    If there is a serious infection it may take a while.
     
  10. Timock

    Timock TS Rookie Topic Starter Posts: 35

    Okay, I ran combo fix over the night it crashed after 15 hours approx. Having looked at how combo fix should run over at bleeping computer. Its seems my combo fix does not even start scanning, as it doesn't even show it completing stage 1 on the blue screen. All I have is a flashing white underscore symbol, as it waits to scan, I assume.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
     
  12. Timock

    Timock TS Rookie Topic Starter Posts: 35

    21:23:58.0078 0632 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
    21:23:58.0234 0632 ============================================================
    21:23:58.0234 0632 Current date / time: 2012/01/13 21:23:58.0234
    21:23:58.0234 0632 SystemInfo:
    21:23:58.0234 0632
    21:23:58.0234 0632 OS Version: 5.1.2600 ServicePack: 3.0
    21:23:58.0234 0632 Product type: Workstation
    21:23:58.0234 0632 ComputerName: WAYNES
    21:23:58.0234 0632 UserName: Administrator
    21:23:58.0234 0632 Windows directory: C:\WINDOWS
    21:23:58.0234 0632 System windows directory: C:\WINDOWS
    21:23:58.0234 0632 Processor architecture: Intel x86
    21:23:58.0234 0632 Number of processors: 1
    21:23:58.0234 0632 Page size: 0x1000
    21:23:58.0234 0632 Boot type: Safe boot with network
    21:23:58.0234 0632 ============================================================
    21:24:00.0765 0632 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000, SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
    21:24:01.0187 0632 Initialize success
    21:24:06.0296 0680 ============================================================
    21:24:06.0296 0680 Scan started
    21:24:06.0296 0680 Mode: Manual;
    21:24:06.0296 0680 ============================================================
    21:24:07.0750 0680 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
    21:24:07.0750 0680 61883 - ok
    21:24:07.0937 0680 Abiosdsk - ok
    21:24:08.0109 0680 abp480n5 - ok
    21:24:08.0250 0680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:24:08.0250 0680 ACPI - ok
    21:24:08.0328 0680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    21:24:08.0343 0680 ACPIEC - ok
    21:24:08.0562 0680 adpu160m - ok
    21:24:08.0718 0680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    21:24:08.0718 0680 aec - ok
    21:24:08.0875 0680 AegisP (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    21:24:08.0875 0680 AegisP - ok
    21:24:08.0984 0680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    21:24:08.0984 0680 AFD - ok
    21:24:09.0156 0680 Aha154x - ok
    21:24:09.0312 0680 aic78u2 - ok
    21:24:09.0484 0680 aic78xx - ok
    21:24:09.0687 0680 AliIde - ok
    21:24:09.0859 0680 amsint - ok
    21:24:10.0062 0680 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys
    21:24:10.0078 0680 AR5211 - ok
    21:24:10.0187 0680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    21:24:10.0187 0680 Arp1394 - ok
    21:24:10.0359 0680 asc - ok
    21:24:10.0515 0680 asc3350p - ok
    21:24:10.0687 0680 asc3550 - ok
    21:24:10.0843 0680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:24:10.0843 0680 AsyncMac - ok
    21:24:10.0968 0680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:24:10.0968 0680 atapi - ok
    21:24:11.0156 0680 Atdisk - ok
    21:24:11.0265 0680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:24:11.0265 0680 Atmarpc - ok
    21:24:11.0421 0680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:24:11.0421 0680 audstub - ok
    21:24:11.0562 0680 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
    21:24:11.0578 0680 Avc - ok
    21:24:11.0734 0680 b57w2k (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    21:24:11.0750 0680 b57w2k - ok
    21:24:11.0921 0680 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    21:24:11.0921 0680 bcm4sbxp - ok
    21:24:11.0968 0680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    21:24:11.0968 0680 Beep - ok
    21:24:12.0125 0680 CAMCAUD (baa90d983f77759fc70c65a1ce3d3566) C:\WINDOWS\system32\drivers\camcaud.sys
    21:24:12.0140 0680 CAMCAUD - ok
    21:24:12.0234 0680 CAMCHALA (90d9c324df48bb8e3024e79f5c181784) C:\WINDOWS\system32\drivers\camchal.sys
    21:24:12.0234 0680 CAMCHALA - ok
    21:24:12.0281 0680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:24:12.0296 0680 cbidf2k - ok
    21:24:12.0390 0680 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    21:24:12.0390 0680 CCDECODE - ok
    21:24:12.0546 0680 cd20xrnt - ok
    21:24:12.0625 0680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:24:12.0625 0680 Cdaudio - ok
    21:24:12.0718 0680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:24:12.0718 0680 Cdfs - ok
    21:24:12.0843 0680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    21:24:12.0843 0680 Cdrom - ok
    21:24:13.0015 0680 Changer - ok
    21:24:13.0171 0680 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    21:24:13.0171 0680 CmBatt - ok
    21:24:13.0328 0680 CmdIde - ok
    21:24:13.0390 0680 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    21:24:13.0390 0680 Compbatt - ok
    21:24:13.0593 0680 Cpqarray - ok
    21:24:13.0765 0680 dac2w2k - ok
    21:24:13.0937 0680 dac960nt - ok
    21:24:14.0062 0680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:24:14.0062 0680 Disk - ok
    21:24:14.0218 0680 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
    21:24:14.0218 0680 DKbFltr - ok
    21:24:14.0390 0680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    21:24:14.0421 0680 dmboot - ok
    21:24:14.0578 0680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    21:24:14.0593 0680 dmio - ok
    21:24:14.0625 0680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:24:14.0625 0680 dmload - ok
    21:24:14.0750 0680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    21:24:14.0750 0680 DMusic - ok
    21:24:14.0953 0680 dpti2o - ok
    21:24:15.0046 0680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:24:15.0062 0680 drmkaud - ok
    21:24:15.0203 0680 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
    21:24:15.0203 0680 EpmPsd - ok
    21:24:15.0359 0680 EpmShd (b2d71ba438701b5f0368b958bea2dc62) C:\WINDOWS\system32\drivers\epm-shd.sys
    21:24:15.0359 0680 EpmShd - ok
    21:24:15.0468 0680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:24:15.0468 0680 Fastfat - ok
    21:24:15.0578 0680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    21:24:15.0578 0680 Fdc - ok
    21:24:15.0671 0680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    21:24:15.0671 0680 Fips - ok
    21:24:15.0859 0680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    21:24:15.0859 0680 Flpydisk - ok
    21:24:16.0031 0680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    21:24:16.0031 0680 FltMgr - ok
    21:24:16.0156 0680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:24:16.0156 0680 Fs_Rec - ok
    21:24:16.0234 0680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:24:16.0234 0680 Ftdisk - ok
    21:24:16.0437 0680 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    21:24:16.0437 0680 GEARAspiWDM - ok
    21:24:16.0578 0680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:24:16.0578 0680 Gpc - ok
    21:24:16.0703 0680 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    21:24:16.0703 0680 HidUsb - ok
    21:24:16.0890 0680 hpn - ok
    21:24:17.0078 0680 HSFHWICH (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
    21:24:17.0078 0680 HSFHWICH - ok
    21:24:17.0328 0680 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    21:24:17.0343 0680 HSF_DPV - ok
    21:24:17.0484 0680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:24:17.0500 0680 HTTP - ok
    21:24:17.0671 0680 i2omgmt - ok
    21:24:17.0828 0680 i2omp - ok
    21:24:17.0984 0680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:24:17.0984 0680 i8042prt - ok
    21:24:18.0671 0680 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    21:24:18.0843 0680 ialm - ok
    21:24:19.0093 0680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:24:19.0093 0680 Imapi - ok
    21:24:19.0296 0680 ini910u - ok
    21:24:19.0515 0680 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Program Files\acer\eRecovery\int15.sys
    21:24:19.0515 0680 int15.sys - ok
    21:24:19.0640 0680 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    21:24:19.0640 0680 IntelIde - ok
    21:24:19.0750 0680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    21:24:19.0750 0680 intelppm - ok
    21:24:19.0890 0680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    21:24:19.0890 0680 Ip6Fw - ok
    21:24:19.0953 0680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:24:19.0953 0680 IpFilterDriver - ok
    21:24:20.0046 0680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:24:20.0046 0680 IpInIp - ok
    21:24:20.0203 0680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:24:20.0203 0680 IpNat - ok
    21:24:20.0390 0680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:24:20.0390 0680 IPSec - ok
    21:24:20.0500 0680 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    21:24:20.0500 0680 irda - ok
    21:24:20.0593 0680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:24:20.0593 0680 IRENUM - ok
    21:24:20.0765 0680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:24:20.0765 0680 isapnp - ok
    21:24:20.0968 0680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:24:20.0968 0680 Kbdclass - ok
    21:24:21.0109 0680 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    21:24:21.0109 0680 kbdhid - ok
    21:24:21.0218 0680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    21:24:21.0218 0680 kmixer - ok
    21:24:21.0343 0680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:24:21.0343 0680 KSecDD - ok
    21:24:21.0531 0680 Ksesrvufilt - ok
    21:24:21.0734 0680 lbrtfdc - ok
    21:24:21.0968 0680 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    21:24:21.0968 0680 MBAMSwissArmy - ok
    21:24:22.0109 0680 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    21:24:22.0109 0680 mdmxsdk - ok
    21:24:22.0265 0680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:24:22.0265 0680 mnmdd - ok
    21:24:22.0359 0680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    21:24:22.0359 0680 Modem - ok
    21:24:22.0500 0680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:24:22.0500 0680 Mouclass - ok
    21:24:22.0656 0680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    21:24:22.0656 0680 mouhid - ok
    21:24:22.0828 0680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:24:22.0828 0680 MountMgr - ok
    21:24:23.0000 0680 mraid35x - ok
    21:24:23.0125 0680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:24:23.0125 0680 MRxDAV - ok
    21:24:23.0265 0680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:24:23.0281 0680 MRxSmb - ok
    21:24:23.0437 0680 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
    21:24:23.0437 0680 MSDV - ok
    21:24:23.0625 0680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    21:24:23.0625 0680 Msfs - ok
    21:24:23.0781 0680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:24:23.0781 0680 MSKSSRV - ok
    21:24:23.0890 0680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:24:23.0890 0680 MSPCLOCK - ok
    21:24:23.0968 0680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:24:23.0968 0680 MSPQM - ok
    21:24:24.0125 0680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:24:24.0125 0680 mssmbios - ok
    21:24:24.0296 0680 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    21:24:24.0296 0680 MSTEE - ok
    21:24:24.0406 0680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    21:24:24.0406 0680 Mup - ok
    21:24:24.0468 0680 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    21:24:24.0468 0680 NABTSFEC - ok
    21:24:24.0609 0680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    21:24:24.0609 0680 NDIS - ok
    21:24:24.0765 0680 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    21:24:24.0765 0680 NdisIP - ok
    21:24:24.0921 0680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    21:24:24.0921 0680 NdisTapi - ok
    21:24:25.0031 0680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    21:24:25.0031 0680 Ndisuio - ok
    21:24:25.0093 0680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    21:24:25.0093 0680 NdisWan - ok
    21:24:25.0203 0680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:24:25.0203 0680 NDProxy - ok
    21:24:25.0312 0680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    21:24:25.0312 0680 NetBIOS - ok
    21:24:25.0437 0680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    21:24:25.0437 0680 NetBT - ok
    21:24:25.0578 0680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    21:24:25.0578 0680 NIC1394 - ok
    21:24:25.0765 0680 NPF (f498c5c3399a60933196fc215ef074f9) C:\WINDOWS\system32\drivers\npf.sys
    21:24:25.0765 0680 NPF - ok
    21:24:25.0890 0680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    21:24:25.0890 0680 Npfs - ok
    21:24:26.0000 0680 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
    21:24:26.0000 0680 NSCIRDA - ok
    21:24:26.0156 0680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:24:26.0171 0680 Ntfs - ok
    21:24:26.0343 0680 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    21:24:26.0343 0680 NTIDrvr - ok
    21:24:26.0484 0680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:24:26.0484 0680 Null - ok
    21:24:26.0546 0680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    21:24:26.0546 0680 NwlnkFlt - ok
    21:24:26.0593 0680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    21:24:26.0593 0680 NwlnkFwd - ok
    21:24:26.0687 0680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    21:24:26.0703 0680 ohci1394 - ok
    21:24:26.0765 0680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    21:24:26.0765 0680 Parport - ok
    21:24:26.0875 0680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:24:26.0875 0680 PartMgr - ok
    21:24:26.0937 0680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:24:26.0937 0680 ParVdm - ok
    21:24:28.0109 0680 PCAMPR5 - ok
    21:24:28.0562 0680 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
    21:24:28.0562 0680 PCANDIS5 - ok
    21:24:28.0671 0680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:24:28.0687 0680 PCI - ok
    21:24:28.0859 0680 PCIDump - ok
    21:24:28.0984 0680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    21:24:28.0984 0680 PCIIde - ok
    21:24:29.0078 0680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    21:24:29.0078 0680 Pcmcia - ok
    21:24:29.0234 0680 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    21:24:29.0234 0680 pcouffin - ok
    21:24:29.0421 0680 PDCOMP - ok
    21:24:29.0578 0680 PDFRAME - ok
    21:24:29.0750 0680 PDRELI - ok
    21:24:29.0921 0680 PDRFRAME - ok
    21:24:30.0078 0680 perc2 - ok
    21:24:30.0250 0680 perc2hib - ok
    21:24:30.0468 0680 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    21:24:30.0468 0680 pfc - ok
    21:24:30.0656 0680 pgfilter (79bad6756154335d5304f0fe39961f5b) D:\dat do not touch\PeerGuardian2\pgfilter.sys
    21:24:30.0656 0680 pgfilter - ok
    21:24:30.0812 0680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:24:30.0812 0680 PptpMiniport - ok
    21:24:31.0109 0680 PRISM_A02 (ba3ffbd0abdf45c9160e66cb27f8f8ab) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
    21:24:31.0125 0680 PRISM_A02 - ok
    21:24:31.0218 0680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    21:24:31.0218 0680 PSched - ok
    21:24:31.0281 0680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:24:31.0281 0680 Ptilink - ok
    21:24:31.0531 0680 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    21:24:31.0531 0680 PxHelp20 - ok
    21:24:31.0687 0680 ql1080 - ok
    21:24:31.0859 0680 Ql10wnt - ok
    21:24:32.0031 0680 ql12160 - ok
    21:24:32.0187 0680 ql1240 - ok
    21:24:32.0359 0680 ql1280 - ok
    21:24:32.0453 0680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:24:32.0453 0680 RasAcd - ok
    21:24:32.0593 0680 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    21:24:32.0593 0680 Rasirda - ok
    21:24:32.0687 0680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:24:32.0703 0680 Rasl2tp - ok
    21:24:32.0843 0680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:24:32.0843 0680 RasPppoe - ok
    21:24:32.0906 0680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:24:32.0906 0680 Raspti - ok
    21:24:33.0093 0680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:24:33.0093 0680 Rdbss - ok
    21:24:33.0125 0680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:24:33.0125 0680 RDPCDD - ok
    21:24:33.0281 0680 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:24:33.0281 0680 RDPWD - ok
    21:24:33.0437 0680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:24:33.0437 0680 redbook - ok
    21:24:33.0500 0680 rpcapd - ok
    21:24:33.0687 0680 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    21:24:33.0687 0680 s24trans - ok
    21:24:33.0937 0680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:24:33.0953 0680 Secdrv - ok
    21:24:34.0093 0680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    21:24:34.0093 0680 Serial - ok
    21:24:34.0250 0680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    21:24:34.0250 0680 Sfloppy - ok
    21:24:34.0437 0680 Simbad - ok
    21:24:34.0593 0680 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    21:24:34.0593 0680 SLIP - ok
    21:24:34.0859 0680 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    21:24:34.0859 0680 SONYPVU1 - ok
    21:24:35.0031 0680 Sparrow - ok
    21:24:35.0187 0680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    21:24:35.0187 0680 splitter - ok
    21:24:35.0484 0680 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\system32\Drivers\sptd.sys
    21:24:35.0484 0680 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3
    21:24:35.0500 0680 sptd ( LockedFile.Multi.Generic ) - warning
    21:24:35.0500 0680 sptd - detected LockedFile.Multi.Generic (1)
    21:24:35.0593 0680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:24:35.0593 0680 sr - ok
    21:24:35.0718 0680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:24:35.0734 0680 Srv - ok
    21:24:35.0906 0680 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    21:24:35.0906 0680 streamip - ok
    21:24:36.0015 0680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:24:36.0015 0680 swenum - ok
    21:24:36.0218 0680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    21:24:36.0218 0680 swmidi - ok
    21:24:36.0406 0680 symc810 - ok
    21:24:36.0578 0680 symc8xx - ok
    21:24:36.0750 0680 sym_hi - ok
    21:24:36.0906 0680 sym_u3 - ok
    21:24:37.0062 0680 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    21:24:37.0062 0680 SynTP - ok
    21:24:37.0171 0680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:24:37.0171 0680 sysaudio - ok
    21:24:37.0359 0680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:24:37.0359 0680 Tcpip - ok
    21:24:37.0671 0680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:24:37.0687 0680 TDPIPE - ok
    21:24:37.0812 0680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:24:37.0828 0680 TDTCP - ok
    21:24:37.0937 0680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:24:37.0937 0680 TermDD - ok
    21:24:38.0125 0680 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
    21:24:38.0140 0680 tifm21 - ok
    21:24:38.0359 0680 TosIde - ok
    21:24:38.0515 0680 tvtool - ok
    21:24:38.0687 0680 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
    21:24:38.0703 0680 UBHelper - ok
    21:24:38.0859 0680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    21:24:38.0859 0680 Udfs - ok
    21:24:39.0031 0680 ultra - ok
    21:24:39.0265 0680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    21:24:39.0265 0680 Update - ok
    21:24:39.0390 0680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    21:24:39.0390 0680 usbccgp - ok
    21:24:39.0546 0680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    21:24:39.0546 0680 usbehci - ok
    21:24:39.0640 0680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:24:39.0640 0680 usbhub - ok
    21:24:39.0718 0680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    21:24:39.0718 0680 usbprint - ok
    21:24:39.0906 0680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    21:24:39.0906 0680 usbscan - ok
    21:24:40.0015 0680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:24:40.0015 0680 USBSTOR - ok
    21:24:40.0093 0680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:24:40.0093 0680 usbuhci - ok
    21:24:40.0234 0680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    21:24:40.0234 0680 VgaSave - ok
    21:24:40.0390 0680 ViaIde - ok
    21:24:40.0484 0680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:24:40.0484 0680 VolSnap - ok
    21:24:41.0750 0680 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    21:24:42.0953 0680 w29n51 - ok
    21:24:43.0203 0680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:24:43.0203 0680 Wanarp - ok
    21:24:43.0375 0680 WDICA - ok
    21:24:43.0546 0680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:24:43.0546 0680 wdmaud - ok
    21:24:43.0718 0680 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    21:24:43.0734 0680 winachsf - ok
    21:24:43.0921 0680 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    21:24:43.0921 0680 WS2IFSL - ok
    21:24:44.0062 0680 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    21:24:44.0062 0680 WSTCODEC - ok
    21:24:44.0312 0680 ZSMC301b (7481637a50a0468cf46c719672bc7eaa) C:\WINDOWS\system32\Drivers\usbVM31b.sys
    21:24:44.0312 0680 ZSMC301b - ok
    21:24:44.0453 0680 MBR (0x1B8) (67d07fa51dcd5a4397248f397bb779ae) \Device\Harddisk0\DR0
    21:24:54.0000 0680 \Device\Harddisk0\DR0 - ok
    21:24:54.0046 0680 Boot (0x1200) (d602fc69e200e2e3de7fb539419a825c) \Device\Harddisk0\DR0\Partition0
    21:24:54.0046 0680 \Device\Harddisk0\DR0\Partition0 - ok
    21:24:54.0093 0680 Boot (0x1200) (40225734909349bc0d71607bfe4f5e39) \Device\Harddisk0\DR0\Partition1
    21:24:54.0093 0680 \Device\Harddisk0\DR0\Partition1 - ok
    21:24:54.0109 0680 ============================================================
    21:24:54.0109 0680 Scan finished
    21:24:54.0109 0680 ============================================================
    21:24:54.0156 0672 Detected object count: 1
    21:24:54.0156 0672 Actual detected object count: 1
    21:41:50.0140 0672 sptd ( LockedFile.Multi.Generic ) - skipped by user
    21:41:50.0140 0672 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
  13. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    As long as your computer clock is running Combofix is doing its thing.
    Retry.
     
  14. Timock

    Timock TS Rookie Topic Starter Posts: 35

    Well I keep trying and combofix doesn't what to play ball. At some point during the scanning process, it will freeze up. Will keep trying to run it, but feels like a losing battle. Thanks again for taking the time to help me out. Is there anything else I could try ?
     
  15. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    Try to run it from Safe Mode.
     
  16. Timock

    Timock TS Rookie Topic Starter Posts: 35

    I have been running it in both safe mode and safe mode with networking just to see if it makes any difference. Currently running it in safe mode, for a few hours now.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    Keep me posted.
    When Combofix starts does it give you any messages?
     
  18. Timock

    Timock TS Rookie Topic Starter Posts: 35

    When combofix starts two windows pop up quickly loading, as the main combo fix window says it preparing to create a restore point. Then the blue combo fix appears with the following

    Scanning for infected files...
    This typically doesn't take more than 10 minutes
    However scan times for badly infected machines may easily double.

    _


    --------------

    The underscore flashes, but nothing else happens, until at somepoint the clock stops and freezes up. Once combo fix is running I don't touch the computer.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    What are the current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. Timock

    Timock TS Rookie Topic Starter Posts: 35

    Highly unstable in normal mode, only notepad seems to work as a program, after having run - unhide - icons for most of my programmes have reappeared but when I click on them they are empty. Internet explorer works but unstable and prone to freezing up, more often than not. The virus check programme icon is still embedded next to the start button. Similar functionality in safe mode, but internet more stable.

    OTL Logs

    OTL logfile created on: 15/01/2012 23:27:23 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    502.05 Mb Total Physical Memory | 351.08 Mb Available Physical Memory | 69.93% Memory free
    1.20 Gb Paging File | 1.07 Gb Available in Paging File | 89.14% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 26.38 Gb Total Space | 3.19 Gb Free Space | 12.08% Space Free | Partition Type: FAT32
    Drive D: | 26.55 Gb Total Space | 5.00 Gb Free Space | 18.82% Space Free | Partition Type: FAT32

    Computer Name: | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/15 23:25:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2008/04/14 03:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
    SRV - File not found [On_Demand | Stopped] -- -- (FLEXnet Licensing Service)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - File not found [Auto | Stopped] -- -- (anbmService)
    SRV - [2011/06/26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\Timock10426T\pev.3XE -- (PEVSystemStart)
    SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2008/01/22 19:04:44 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2006/05/13 19:46:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5)
    DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\dat do not touch\PeerGuardian2\pgfilter.sys -- (pgfilter)
    DRV - [2005/03/24 16:54:08 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
    DRV - [2005/02/26 16:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
    DRV - [2005/02/10 09:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/01/24 23:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/01/24 23:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2005/01/24 23:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
    DRV - [2005/01/10 00:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2004/10/29 18:48:10 | 003,222,784 | ---- | M] (IntelĀ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2004/10/15 11:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
    DRV - [2004/06/24 23:31:00 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
    DRV - [2004/06/24 23:29:00 | 000,034,048 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
    DRV - [2004/03/30 18:29:48 | 000,374,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)
    DRV - [2003/12/05 03:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2003/09/25 19:41:12 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2003/05/21 19:47:12 | 000,175,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1059442739-145891979-1462393580-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
    IE - HKU\S-1-5-21-1059442739-145891979-1462393580-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\divx stuff\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\divx stuff\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\YAHOO!\COMMON\npyaxmpb.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/02/15 20:54:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/02/15 20:54:28 | 000,000,000 | ---D | M]

    [2012/01/07 21:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2012/01/07 21:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgpoxq3b.default\extensions
    [2012/01/08 14:07:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgpoxq3b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2006/02/15 20:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/08/31 17:04:14 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/02/02 22:36:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2009/01/06 19:41:56 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2009/01/06 19:41:56 | 000,001,077 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2010/09/21 13:32:16 | 000,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
    [2010/09/21 13:32:16 | 000,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
    [2010/09/21 13:32:16 | 000,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
    [2010/09/21 13:32:16 | 000,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
    [2010/09/21 13:32:16 | 000,000,951 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

    O1 HOSTS File: ([2008/01/22 19:51:28 | 000,000,775 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
    O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)
    O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Inc)
    O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
    O4 - HKLM..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe File not found
    O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey File not found
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" File not found
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
    O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
    O4 - Startup: C:\Documents and Settings\wayne\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1059442739-145891979-1462393580-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
    O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165695109703 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30C5CD6C-675B-4475-9EDB-9A858CFE2CEB}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F679C885-C85F-45E0-B62C-F9F9BD4DEAD0}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - D:\DVDREG~1\DVDShell.dll File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/03/30 12:23:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/15 23:25:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/01/15 21:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
    [2012/01/15 21:11:36 | 000,000,000 | -HSD | C] -- C:\FOUND.044
    [2012/01/15 16:49:44 | 000,000,000 | --SD | C] -- C:\Timock30042T
    [2012/01/15 16:40:16 | 000,000,000 | -HSD | C] -- C:\FOUND.043
    [2012/01/15 15:38:58 | 000,000,000 | --SD | C] -- C:\Timock10426T
    [2012/01/15 03:10:04 | 000,000,000 | -HSD | C] -- C:\FOUND.042
    [2012/01/14 18:15:35 | 000,000,000 | --SD | C] -- C:\Timock21289T
    [2012/01/14 18:08:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
    [2012/01/14 17:42:12 | 000,000,000 | -HSD | C] -- C:\FOUND.041
    [2012/01/14 16:31:12 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/01/14 15:50:26 | 000,000,000 | -HSD | C] -- C:\FOUND.040
    [2012/01/13 22:49:22 | 000,000,000 | --SD | C] -- C:\Timock31422T
    [2012/01/13 20:53:18 | 000,000,000 | -HSD | C] -- C:\FOUND.039
    [2012/01/13 19:21:35 | 000,000,000 | --SD | C] -- C:\Timock25129T
    [2012/01/13 19:04:52 | 000,000,000 | -HSD | C] -- C:\FOUND.038
    [2012/01/13 13:45:50 | 000,000,000 | --SD | C] -- C:\Timock13352T
    [2012/01/13 13:06:00 | 000,000,000 | -HSD | C] -- C:\FOUND.037
    [2012/01/12 19:48:29 | 000,000,000 | --SD | C] -- C:\Timock18290T
    [2012/01/12 19:30:32 | 000,000,000 | -HSD | C] -- C:\FOUND.036
    [2012/01/12 18:26:48 | 000,000,000 | --SD | C] -- C:\Timock16021T
    [2012/01/12 17:15:44 | 000,000,000 | -HSD | C] -- C:\FOUND.035
    [2012/01/12 16:54:31 | 000,000,000 | --SD | C] -- C:\Timock
    [2012/01/12 16:52:42 | 004,382,085 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Timock.exe
    [2012/01/12 16:35:46 | 000,000,000 | -HSD | C] -- C:\FOUND.034
    [2012/01/12 15:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Network Associates
    [2012/01/12 01:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
    [2012/01/12 00:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
    [2012/01/11 23:08:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2012/01/11 20:18:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.scr
    [2012/01/11 14:59:36 | 000,000,000 | -HSD | C] -- C:\FOUND.033
    [2012/01/08 23:05:30 | 000,000,000 | -HSD | C] -- C:\FOUND.032
    [2012/01/08 18:43:22 | 000,000,000 | -HSD | C] -- C:\FOUND.031
    [2012/01/08 16:59:36 | 000,000,000 | ---D | C] -- C:\cmdcons
    [2012/01/08 16:57:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/08 16:57:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/08 16:57:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/08 16:57:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/01/08 16:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/01/08 16:32:49 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/08 16:32:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
    [2012/01/08 16:32:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
    [2012/01/08 16:32:14 | 004,374,678 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012/01/08 14:39:56 | 000,000,000 | -HSD | C] -- C:\FOUND.030
    [2012/01/08 00:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2012/01/07 23:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2012/01/07 23:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/01/07 21:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2012/01/07 21:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2012/01/07 18:14:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
    [2012/01/07 18:14:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
    [2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
    [2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
    [2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
    [2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
    [2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
    [2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
    [2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
    [2012/01/07 18:14:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
    [2006/02/21 22:31:20 | 001,499,904 | R--- | C] (Microsoft Corporation) -- C:\Program Files\INSTMSIW.EXE
    [2006/02/21 22:31:20 | 001,489,152 | R--- | C] (Microsoft Corporation) -- C:\Program Files\INSTMSI.EXE
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/15 23:25:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/01/15 23:20:58 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/01/15 23:17:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/15 23:17:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/15 21:14:50 | 000,000,735 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
    [2012/01/15 21:13:22 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
    [2012/01/13 13:37:12 | 004,382,085 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Timock.exe
    [2012/01/12 19:46:22 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill 2.scr
    [2012/01/12 16:47:08 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
    [2012/01/12 00:29:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat
    [2012/01/11 23:08:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2012/01/11 21:06:22 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
    [2012/01/11 20:18:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.scr
    [2012/01/08 19:18:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/01/08 16:59:42 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2012/01/08 16:21:42 | 004,374,678 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012/01/08 14:44:54 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/01/07 16:02:56 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rvn4Uw7wiU5Dge
    [2012/01/04 18:02:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/01/01 14:53:42 | 000,434,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/01 14:53:42 | 000,068,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/19 18:51:06 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/12 19:46:17 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill 2.scr
    [2012/01/12 16:48:36 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
    [2012/01/08 16:59:39 | 000,000,212 | ---- | C] () -- C:\Boot.bak
    [2012/01/08 16:59:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/01/08 16:57:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/08 16:57:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/08 16:57:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/08 16:57:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/08 16:57:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/08 16:17:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat
    [2012/01/08 14:44:54 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
    [2012/01/07 18:14:34 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/01/07 18:14:34 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MySpaceIM.lnk
    [2012/01/07 18:14:34 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2012/01/07 18:14:32 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
    [2012/01/07 18:14:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
    [2012/01/07 18:14:32 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
    [2012/01/06 18:11:31 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rvn4Uw7wiU5Dge
    [2011/12/19 18:51:04 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
    [2011/12/19 18:51:03 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn
    [2009/11/05 21:46:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Euro.ini
    [2009/01/29 11:30:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
    [2008/06/27 13:18:25 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2007/11/06 22:37:32 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2007/09/11 14:25:34 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
    [2007/09/11 14:25:34 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2007/09/11 14:25:34 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
    [2007/09/11 14:25:34 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
    [2007/09/11 14:25:34 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
    [2007/09/11 14:25:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2007/08/17 10:24:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.wayne.ini
    [2007/03/16 12:30:47 | 000,000,033 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/02/04 17:24:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
    [2006/07/27 23:41:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
    [2006/07/09 15:23:46 | 000,000,102 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
    [2006/06/14 23:53:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2006/06/12 20:22:06 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
    [2006/05/24 23:47:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2006/04/19 01:04:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2006/04/09 17:03:25 | 000,088,576 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE
    [2006/03/22 23:22:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2006/03/02 18:52:42 | 000,094,486 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2006/03/02 18:52:42 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2006/03/02 18:52:42 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2006/03/02 18:52:42 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2006/03/02 18:52:42 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2006/03/02 18:52:42 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2006/03/02 18:52:42 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2006/03/02 18:52:42 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2006/03/02 18:52:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2006/03/02 18:52:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2006/03/02 18:52:42 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2006/03/02 18:52:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2006/03/02 18:52:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2006/03/02 18:52:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2006/03/02 18:52:42 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2006/03/02 18:52:42 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2006/03/02 18:52:42 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2006/03/02 18:48:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER220.ini
    [2006/02/21 22:36:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/02/21 22:32:01 | 003,485,184 | R--- | C] () -- C:\Program Files\PROPLUS.MSI
    [2006/02/21 22:32:01 | 000,306,688 | R--- | C] () -- C:\Program Files\OWC10.MSI
    [2006/02/21 22:32:01 | 000,007,929 | R--- | C] () -- C:\Program Files\README.HTM
    [2006/02/21 22:31:20 | 224,771,818 | R--- | C] () -- C:\Program Files\OFFICE1.CAB
    [2006/02/20 23:47:55 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/02/19 16:23:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/02/16 04:26:23 | 000,000,735 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
    [2006/02/16 04:18:55 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2006/02/15 20:54:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/02/15 20:54:32 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
    [2006/02/15 20:54:26 | 000,003,474 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2005/03/30 13:05:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/03/30 12:59:27 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
    [2005/03/30 12:59:26 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
    [2005/03/30 12:23:43 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
    [2005/03/30 12:22:49 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
    [2005/03/30 12:22:49 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
    [2005/03/30 12:22:49 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
    [2005/03/30 12:22:49 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
    [2005/03/30 11:59:38 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/03/30 11:59:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
    [2005/03/30 11:58:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/03/30 11:52:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/03/30 11:51:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/03/30 11:46:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/03/30 11:45:34 | 000,248,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/03/30 11:38:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/03/30 11:38:32 | 000,434,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/03/30 11:38:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2005/03/30 11:38:32 | 000,068,808 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/03/30 11:38:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2005/03/30 11:38:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/03/30 11:38:29 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2005/03/30 11:38:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/03/30 11:38:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2005/03/30 11:38:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2005/03/30 11:38:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2005/03/30 11:38:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
    [2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
    [2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
    [2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
    [2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
    [2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
    [2001/02/19 18:54:28 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\RemoveFiles.exe
    [1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
    [1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
    [1980/01/01 00:00:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
     
  21. Timock

    Timock TS Rookie Topic Starter Posts: 35

    color=#E56717]========== LOP Check ==========[/color]

    [2006/03/02 18:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2006/06/04 22:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
    [2006/06/05 21:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
    [2006/12/09 19:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2007/01/12 23:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2007/05/19 12:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2007/07/09 16:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
    [2007/11/06 22:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    [2008/01/22 20:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
    [2008/03/28 23:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
    [2008/03/04 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Music Coach
    [2009/01/11 17:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2009/01/27 16:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{002D2A98-1A36-4537-8006-23879150EB99}
    [2009/06/11 00:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
    [2009/06/11 00:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/10/18 21:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
    [2009/11/05 21:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2010/06/15 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2008/03/28 23:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Network Associates
    [2006/03/12 03:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Opera
    [2006/12/09 19:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\ispnews
    [2006/12/09 19:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\F-Secure
    [2007/03/07 05:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\SecondLife
    [2007/05/19 12:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Azureus
    [2008/01/22 20:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Individual Software
    [2008/03/29 00:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Network Associates
    [2008/03/04 21:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Music Coach
    [2008/05/31 19:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\ICQ
    [2009/01/11 17:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\NCH Swift Sound
    [2009/02/15 00:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Vso
    [2009/03/16 00:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Spotify
    [2009/10/18 21:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\TuneUpMedia
    [2010/08/21 14:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Uniblue
    [2012/01/12 15:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Network Associates
    [2012/01/15 23:20:58 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/03/30 13:08:54 | 000,000,076 | RHS- | M] () -- C:\PRELOAD.AAA
    [2010/07/20 16:45:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2012/01/08 16:59:42 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2005/03/30 11:54:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/03/30 12:23:20 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2007/08/11 02:16:50 | 000,000,212 | ---- | M] () -- C:\Boot.bak
    [2012/01/13 22:48:32 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2012/01/13 22:47:04 | 000,055,020 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_13.01.2012_21.23.58_log.txt
    [2012/01/15 23:17:20 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/03/30 11:54:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 13:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    [2008/07/06 15:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2004/07/01 11:09:46 | 000,187,392 | ---- | M] () -- C:\WINDOWS\Acer.scr
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2001/04/02 20:50:14 | 000,000,029 | R--- | M] () -- C:\Program Files\cd-key.txt
    [2001/04/04 18:11:28 | 001,489,152 | R--- | M] (Microsoft Corporation) -- C:\Program Files\INSTMSI.EXE
    [2001/04/04 18:11:30 | 001,499,904 | R--- | M] (Microsoft Corporation) -- C:\Program Files\INSTMSIW.EXE
    [2001/03/01 15:35:26 | 224,771,818 | R--- | M] () -- C:\Program Files\OFFICE1.CAB
    [2001/03/02 00:35:58 | 000,306,688 | R--- | M] () -- C:\Program Files\OWC10.MSI
    [2001/03/02 00:38:12 | 003,485,184 | R--- | M] () -- C:\Program Files\PROPLUS.MSI
    [2001/02/21 13:18:24 | 000,007,929 | R--- | M] () -- C:\Program Files\README.HTM

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/03/30 11:45:10 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
    [2005/03/30 11:45:10 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2005/03/30 11:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/01/08 14:44:54 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/03/30 12:00:58 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/08 16:21:42 | 004,374,678 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012/01/13 13:37:12 | 004,382,085 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Timock.exe
    [2012/01/15 23:25:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2005/03/30 12:00:58 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/01/15 23:17:56 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 03:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2004/10/29 17:09:32 | 000,466,944 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
    [10 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2007/04/02 21:04:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
    [2007/04/02 21:07:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 21:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 21:07:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 21:07:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2008/04/14 03:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2008/04/13 20:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2007/04/02 21:07:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/04/14 03:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2008/05/02 17:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1998/12/24 17:15:38 | 000,345,983 | ---- | M] () -- C:\WINDOWS\system\RCDsetup.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    I still need Extras.txt
     
  23. Timock

    Timock TS Rookie Topic Starter Posts: 35

    OTL Extras logfile created on: 15/01/2012 23:27:23 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    502.05 Mb Total Physical Memory | 351.08 Mb Available Physical Memory | 69.93% Memory free
    1.20 Gb Paging File | 1.07 Gb Available in Paging File | 89.14% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 26.38 Gb Total Space | 3.19 Gb Free Space | 12.08% Space Free | Partition Type: FAT32
    Drive D: | 26.55 Gb Total Space | 5.00 Gb Free Space | 18.82% Space Free | Partition Type: FAT32

    Computer Name: | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
    .js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1"
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1"
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1"
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
  24. Timock

    Timock TS Rookie Topic Starter Posts: 35

    Sorry thats its taking awhile, for some reason when I paste in sections its saying

    You have included 7 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again.

    Images include use of smilies, the BB code tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator.

    So I'm trying to load up the last sections in smaller chucks, hoping to avoid the above text that is blocking my upload. If you know what I'm doing wrong please let me know.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,976   +271

    Extras.txt is incomplete.
    More coming?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.