Solved Google redirect - on every PC in the house

[merm8fan]

Hello, recently we have encountered redirects to unknown sites upon attempting to follow google search result links. The url will usually actually show the word 'redirect' in it as it sends us off, and the sites we end up at are either other search result pages, or just plain random sites that we are not familiar with.

I can see from multiple threads here that this can be a common issue, and we have found that the problem is not unique to a single laptop or desktop, but seems to happen on each machine. Browsers vary from firefox to ie and the msn browser.

Also, the redirect happened from yahoo search results links as well, but we mainly use google, so that has been the most prevalent issue.

I have followed the 8 steps on this board on the netbook I am currently using, which also suffers from the redirect and has less programs on it than our other PCs to hopefully allow for an easier review of the logs. Said logs are below - pasted as per the extended guidelines:

~~~~~~~~~~~~~~~~~~
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4053

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/4/2010 11:59:25 PM
mbam-log-2010-09-04 (23-59-25).txt

Scan type: Quick scan
Objects scanned: 110785
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

~~~~~~~~~~~~~~~~~~~~
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 00:22:26
Windows 5.1.2600 Service Pack 3
Running: wi1j908i.exe; Driver: C:\DOCUME~1\Mar\LOCALS~1\Temp\pgrirpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA9FC7CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA9FC7B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA9FC8142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA9FC806C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA9FC7764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA9FC7C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA9FC76A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA9FC7708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA9FC7D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA9FC8210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA9FC7D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA9FC7EC8]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA08B620]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA9FD4B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA9FD49C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA9FD4AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A9FD1F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP A9FD49C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8059056D 7 Bytes JMP A9FD4BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805AEDE2 7 Bytes JMP A9FD4AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E74E6 5 Bytes JMP A9FD05B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- EOF - GMER 1.0.15 ----

~~~~~~~~~~~~~~~~~~~
***Additional message required for the rest of the logs - please see following post.

 

[merm8fan]

DDS (Ver_10-03-17.01) - FAT32x86
Run by Mar at 0:50:36.07 on Sun 09/05/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.691 [GMT -6:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Mar\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mar\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0409&m=aoa110
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0409&m=aoa110
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0409&m=aoa110
uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mar\applic~1\mozilla\firefox\profiles\zkxcevll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-13 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-4-27 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-13 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-6 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-6 40384]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-11-26 96856]

=============== Created Last 30 ================


==================== Find3M ====================

2010-09-05 06:22:46 146 ----a-w- c:\docume~1\mar\applic~1\wklnhst.dat
2010-09-05 05:45:50 90112 ----a-w- c:\windows\DUMP2c01.tmp
2010-07-27 06:30:36 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-07-17 11:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\dllcache\schannel.dll
2010-06-28 20:57:34 38848 ----a-w- c:\windows\avastSS.scr
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:06:52 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-23 12:06:52 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-06-21 15:27:12 354304 ----a-w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 15:12:58 634656 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2010-06-17 15:11:26 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:46 1172480 ----a-w- c:\windows\system32\dllcache\msxml3.dll
2008-11-27 03:22:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-04-25 16:37:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042520090426\index.dat

============= FINISH: 0:50:55.96 ===============

~~~~~~~~~~~~~~~~
***Note: DDS 'attach.txt' states the following at the top:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

***Please advise if this should also be pasted here, and not attached as advised.

~~~~~~~~~~~~~~~~

Thank you in advance for your help! You guys saved me the last time my nephews were here and clicked something they ought not to have.

Marlee

 

[crunchie]

Hi and welcome to TechSpot forums .

====

Please update MBA-M and run it again. Post the log.

=========

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

[merm8fan]

Attempting to update MBAM results in the following error: MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)

According to a Malwarebytes forum, this can be a DNS issue, which is what I already suspect based on some TechSpot forum threads involving my same redirect issue. Even after uninstalling and re-installing MBAM, the update fails with the same error message.

As for the ComboFix, here is the log:

ComboFix 10-09-04.06 - Mar 09/05/2010 15:53:47.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.573 [GMT -6:00]
Running from: c:\documents and settings\Mar\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-05 21:36 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-05 21:36 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-20 05:40 . 2010-08-20 05:40 -------- d-----w- c:\program files\Common Files\Java
2010-08-16 06:02 . 2010-08-16 06:02 503808 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51dab748-n\msvcp71.dll
2010-08-16 06:02 . 2010-08-16 06:02 499712 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51dab748-n\jmc.dll
2010-08-16 06:02 . 2010-08-16 06:02 348160 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51dab748-n\msvcr71.dll
2010-08-16 06:02 . 2010-08-16 06:02 61440 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a3d3156-n\decora-sse.dll
2010-08-16 06:02 . 2010-08-16 06:02 12800 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a3d3156-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 08:35 . 2010-01-13 05:33 284 ----a-w- c:\documents and settings\Mar\Application Data\wklnhst.dat
2010-09-05 05:45 . 2009-05-14 04:21 90112 ----a-w- c:\windows\DUMP2c01.tmp
2010-08-30 03:16 . 2010-04-30 07:19 63488 ----a-w- c:\documents and settings\Mar\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-30 03:16 . 2010-04-30 07:18 117760 ----a-w- c:\documents and settings\Mar\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-06 06:04 . 2010-08-06 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-17 11:00 . 2010-04-16 03:54 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2008-11-27 01:22 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-08-06 06:06 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-05-14 05:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-05-14 05:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-05-14 05:34 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-05-14 05:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-05-14 05:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-05-14 05:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-05-14 05:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-05-14 05:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:15 . 2008-11-27 01:22 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-11-27 01:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2008-11-27 01:21 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2008-11-27 01:22 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-11-27 01:22 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-11-27 01:21 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-11-27 01:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-14 07:41 . 2008-11-27 01:22 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-05 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/13/2009 11:34 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/13/2009 11:34 PM 17744]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/26/2008 7:22 PM 96856]
.
Contents of the 'Scheduled Tasks' folder

2009-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0409&m=aoa110
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Mar\Application Data\Mozilla\Firefox\Profiles\zkxcevll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 15:58
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-09-05 16:01:44
ComboFix-quarantined-files.txt 2010-09-05 22:01

Pre-Run: 973,197,312 bytes free
Post-Run: 938,434,560 bytes free

- - End Of File - - 0903FD1C3AF3FB5733A63E24A91097B0

 

[crunchie]

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

====

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan​

• Trend Micro HouseCall​

• F-Secure Online Virus Scanner​

 

[merm8fan]

Thanks again for you help!

OTL log (part 1):

OTL logfile created on: 9/5/2010 8:18:21 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Mar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.41 Gb Total Space | 0.72 Gb Free Space | 9.70% Space Free | Partition Type: FAT32
Drive D: | 7.46 Gb Total Space | 3.93 Gb Free Space | 52.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARSNETBOOK
Current User Name: Mar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/05 20:16:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mar\Desktop\OTL.exe
PRC - [2010/09/05 16:05:42 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Mar\Local Settings\temp\RtkBtMnt.exe
PRC - [2010/09/04 23:19:50 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/28 14:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 14:57:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/05/13 19:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 23:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe


========== Modules (SafeList) ==========

MOD - [2010/09/05 20:16:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mar\Desktop\OTL.exe
MOD - [2008/04/14 04:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 14:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 14:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 14:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- c:\acernb\int15.sys -- (int15.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mar\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 14:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 14:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 14:32:34 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/10 23:47:00 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/07 03:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/07 18:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/20 17:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/05/20 01:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/24 17:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/14 04:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 04:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 04:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 04:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 04:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 04:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 04:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 04:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 04:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 04:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 04:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 04:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 04:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 04:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 21:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/01 14:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2004/12/07 22:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0409&m=aoa110

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/05/23 00:21:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/05/23 00:21:30 | 000,000,000 | ---D | M]

[2009/05/23 00:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mar\Application Data\Mozilla\Extensions
[2009/05/23 00:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mar\Application Data\Mozilla\Firefox\Profiles\zkxcevll.default\extensions
[2010/04/26 23:06:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mar\Application Data\Mozilla\Firefox\Profiles\zkxcevll.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/23 00:21:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 21:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 23:39:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 19:39:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

 

[merm8fan]

OTL.txt (Part 2):

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/05 20:16:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mar\Desktop\OTL.exe
[2010/09/05 20:08:01 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/09/05 15:51:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/05 15:51:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/05 15:51:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/05 15:51:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/05 15:50:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/09/05 15:50:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/05 15:50:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/05 15:36:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/05 15:36:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/05 15:22:24 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mar\Desktop\mbam-setup-1.46.exe
[2010/09/05 01:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/09/04 23:40:39 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mar\Desktop\TFC.exe
[2010/08/29 21:14:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mar\Recent
[2010/08/19 23:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/06 00:06:12 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/06 00:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/02 20:55:24 | 000,000,000 | ---D | C] -- D:\My Documents\My Google Gadgets
[2010/07/02 20:55:22 | 000,000,000 | R--D | C] -- D:\My Documents\My Music
[2010/07/02 20:55:20 | 000,000,000 | R--D | C] -- D:\My Documents\My Pictures
[2010/07/02 20:55:20 | 000,000,000 | ---D | C] -- D:\My Documents\My Downloads
[2010/07/02 20:55:20 | 000,000,000 | ---D | C] -- D:\My Documents\MSN Photo Show
[2010/07/02 20:55:20 | 000,000,000 | ---D | C] -- D:\My Documents\CyberLink
[2010/07/02 20:55:12 | 000,000,000 | ---D | C] -- D:\My Documents\My Kindle Content
[2010/07/02 20:55:12 | 000,000,000 | ---D | C] -- D:\My Documents\Downloads
[2009/04/25 11:47:43 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/04/25 11:47:38 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/11/26 19:22:12 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/05 20:16:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mar\Desktop\OTL.exe
[2010/09/05 16:10:56 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Mar\Application Data\wklnhst.dat
[2010/09/05 16:04:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 16:03:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mar\ntuser.ini
[2010/09/05 16:03:52 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Mar\NTUSER.DAT
[2010/09/05 15:58:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/05 15:47:22 | 003,837,097 | R--- | M] () -- C:\Documents and Settings\Mar\Desktop\ComboFix.exe
[2010/09/05 15:36:08 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/05 15:24:52 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mar\Desktop\mbam-setup-1.46.exe
[2010/09/05 02:31:18 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Mar\Desktop\Browser security tips.wps
[2010/09/05 01:12:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 00:01:34 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mar\Desktop\wi1j908i.exe
[2010/09/04 23:40:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mar\Desktop\TFC.exe
[2010/09/04 23:36:24 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Mar\Desktop\Techspot 8 steps 9_2010.wps
[2010/08/13 23:30:04 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 22:49:52 | 000,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 22:49:52 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 22:49:52 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/07 01:26:06 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Mar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/06 00:07:46 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/06 00:07:44 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/19 20:17:58 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\Mar\Desktop\CCleaner.lnk
[2010/06/28 14:57:34 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 14:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 14:33:14 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 14:32:46 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 14:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 14:32:34 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/05 15:51:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/05 15:51:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/05 15:51:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/05 15:51:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/05 15:51:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/05 15:46:02 | 003,837,097 | R--- | C] () -- C:\Documents and Settings\Mar\Desktop\ComboFix.exe
[2010/09/05 15:36:06 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/05 02:31:16 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Mar\Desktop\Browser security tips.wps
[2010/09/05 00:01:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mar\Desktop\wi1j908i.exe
[2010/09/04 23:36:21 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Mar\Desktop\Techspot 8 steps 9_2010.wps
[2010/08/06 00:07:45 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/01/12 23:33:26 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Mar\Application Data\wklnhst.dat
[2009/06/04 21:32:11 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Mar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/25 11:47:43 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/04/25 11:47:43 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/04/25 11:47:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/11/26 20:55:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/26 19:53:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/26 19:42:20 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/11/26 19:35:48 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2009/04/26 17:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/06 00:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/04/25 17:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mar\Application Data\MSNInstaller
[2009/04/26 22:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mar\Application Data\Foxit
[2010/01/12 23:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mar\Application Data\Template
[2010/03/08 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mar\Application Data\Amazon

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/11/26 11:30:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/26 11:30:06 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/26 11:30:04 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

 

[merm8fan]

The first part of the OTL.txt paste seems to be held up until a moderator approves...

Here's the Extras.txt:

OTL Extras logfile created on: 9/5/2010 8:18:21 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Mar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.41 Gb Total Space | 0.72 Gb Free Space | 9.70% Space Free | Partition Type: FAT32
Drive D: | 7.46 Gb Total Space | 3.93 Gb Free Space | 52.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARSNETBOOK
Current User Name: Mar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/7/2009 12:32:18 AM | Computer Name = MARSNETBOOK | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 9/5/2010 12:56:29 AM | Computer Name = MARSNETBOOK | Source = ESENT | ID = 455
Description = wuaueng.dll (580) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/5/2010 12:56:41 AM | Computer Name = MARSNETBOOK | Source = ESENT | ID = 489
Description = wuauclt (2544) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/5/2010 12:56:41 AM | Computer Name = MARSNETBOOK | Source = ESENT | ID = 455
Description = wuaueng.dll (2544) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/5/2010 12:56:51 AM | Computer Name = MARSNETBOOK | Source = ESENT | ID = 489
Description = wuauclt (2544) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/5/2010 12:56:51 AM | Computer Name = MARSNETBOOK | Source = ESENT | ID = 455
Description = wuaueng.dll (2544) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/5/2010 12:57:02 AM | Computer Name = MARSNETBOOK | Source = ESENT | ID = 489
Description = wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/5/2010 12:57:02 AM | Computer Name = MARSNETBOOK | Source = ESENT | ID = 455
Description = wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/5/2010 12:57:12 AM | Computer Name = MARSNETBOOK | Source = ESENT | ID = 489
Description = wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/5/2010 12:57:12 AM | Computer Name = MARSNETBOOK | Source = ESENT | ID = 455
Description = wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/5/2010 10:07:42 PM | Computer Name = MARSNETBOOK | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/5/2010 2:31:55 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Web Scanner service.

Error - 9/5/2010 2:32:00 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 9/5/2010 2:32:14 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Web Scanner service.

Error - 9/5/2010 2:32:19 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 9/5/2010 2:32:49 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Web Scanner service.

Error - 9/5/2010 2:33:00 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 9/5/2010 2:33:16 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Mail Scanner service.

Error - 9/5/2010 2:33:25 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%1053

Error - 9/5/2010 2:33:49 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Web Scanner service.

Error - 9/5/2010 2:33:54 AM | Computer Name = MARSNETBOOK | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053


< End of report >

 

[merm8fan]

ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17080 (vista_gdr.100616-0452)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e7334ea873ed75449b6704382459ecb8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-06 03:15:30
# local_time=2010-09-05 09:15:30 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 40540383 40540383 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=33314
# found=0
# cleaned=0
# scan_time=1745

 

[crunchie]

Is the re-direct still active?

 

[merm8fan]

Yes, the redirect still happens on every first click of a Google search result link, also yahoo result.

An additional wrinkle is that many times an entirely new Firefox window will open (not just a new tab) with a url of either search.gugle.com or results.gugle.com, or similar.

 

[crunchie]

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
• After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

=======================

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

[merm8fan]

Bootkit remover results:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: a29a0ee0cc44a754c05f0d38f7e57cb4

Size Device Name MBR Status
--------------------------------------------
7 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[merm8fan]

TDSSKiller report (part 1)

2010/09/06 15:37:04.0328 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06
2010/09/06 15:37:04.0328 ================================================================================
2010/09/06 15:37:04.0328 SystemInfo:
2010/09/06 15:37:04.0328
2010/09/06 15:37:04.0328 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/06 15:37:04.0328 Product type: Workstation
2010/09/06 15:37:04.0328 ComputerName: MARSNETBOOK
2010/09/06 15:37:04.0328 UserName: Mar
2010/09/06 15:37:04.0328 Windows directory: C:\WINDOWS
2010/09/06 15:37:04.0328 System windows directory: C:\WINDOWS
2010/09/06 15:37:04.0328 Processor architecture: Intel x86
2010/09/06 15:37:04.0328 Number of processors: 2
2010/09/06 15:37:04.0328 Page size: 0x1000
2010/09/06 15:37:04.0328 Boot type: Normal boot
2010/09/06 15:37:04.0328 ================================================================================
2010/09/06 15:37:05.0265 Initialize success
2010/09/06 15:37:25.0796 ================================================================================
2010/09/06 15:37:25.0796 Scan started
2010/09/06 15:37:25.0796 Mode: Manual;
2010/09/06 15:37:25.0796 ================================================================================
2010/09/06 15:37:35.0593 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/06 15:37:36.0500 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/06 15:37:37.0093 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/06 15:37:37.0421 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/06 15:37:37.0593 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/06 15:37:37.0843 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/06 15:37:38.0296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/06 15:37:38.0453 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/06 15:37:39.0281 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/06 15:37:39.0437 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/06 15:37:39.0843 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/06 15:37:40.0015 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/06 15:37:40.0250 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/06 15:37:40.0437 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/06 15:37:40.0890 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/06 15:37:41.0078 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/06 15:37:41.0625 AR5416 (7cae93fe5511d0c0688cfa56cf241e31) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/09/06 15:37:41.0843 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/06 15:37:42.0062 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/06 15:37:42.0265 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/06 15:37:42.0765 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/09/06 15:37:43.0187 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/06 15:37:43.0328 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/06 15:37:43.0796 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/06 15:37:44.0218 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/06 15:37:44.0421 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/06 15:37:44.0593 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/06 15:37:45.0234 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/06 15:37:45.0562 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/06 15:37:45.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/06 15:37:46.0140 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/06 15:37:46.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/06 15:37:46.0609 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/06 15:37:46.0750 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/06 15:37:47.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/06 15:37:47.0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/06 15:37:47.0671 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/06 15:37:48.0468 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/06 15:37:48.0640 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/06 15:37:48.0984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/06 15:37:49.0218 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/06 15:37:49.0421 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/06 15:37:49.0578 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/06 15:37:49.0921 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/06 15:37:50.0078 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/09/06 15:37:50.0531 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/06 15:37:50.0812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/06 15:37:51.0031 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/06 15:37:51.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/06 15:37:51.0515 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/06 15:37:51.0750 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/06 15:37:52.0093 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/06 15:37:52.0437 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/06 15:37:52.0687 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/06 15:37:53.0031 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/06 15:37:53.0312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/09/06 15:37:53.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/06 15:37:53.0765 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/06 15:37:54.0187 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/06 15:37:54.0437 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/06 15:37:54.0828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/06 15:37:55.0125 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/06 15:37:55.0359 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/06 15:37:55.0546 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/06 15:37:55.0718 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/06 15:37:56.0078 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/06 15:37:58.0171 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/06 15:37:58.0812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/06 15:37:58.0984 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/06 15:38:00.0515 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/06 15:38:00.0906 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/06 15:38:01.0265 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/06 15:38:01.0484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/09/06 15:38:01.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/06 15:38:01.0953 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/06 15:38:02.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/06 15:38:02.0468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/06 15:38:02.0687 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/06 15:38:02.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/06 15:38:03.0015 JMCR (da971cfc625d13636e04c405948e9d62) C:\WINDOWS\system32\DRIVERS\jmcr.sys
2010/09/06 15:38:03.0171 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/06 15:38:03.0437 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/06 15:38:03.0578 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/06 15:38:04.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/06 15:38:04.0593 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/06 15:38:04.0750 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/06 15:38:04.0984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/06 15:38:05.0140 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/06 15:38:05.0406 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/06 15:38:05.0703 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/06 15:38:05.0968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/06 15:38:06.0296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/06 15:38:06.0609 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/06 15:38:06.0921 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/06 15:38:07.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/06 15:38:07.0421 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/06 15:38:07.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/06 15:38:08.0031 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/06 15:38:08.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/06 15:38:08.0656 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/06 15:38:08.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/06 15:38:09.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/06 15:38:09.0468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/06 15:38:09.0703 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/06 15:38:09.0937 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/06 15:38:10.0203 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/06 15:38:10.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/06 15:38:11.0062 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/06 15:38:11.0343 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/06 15:38:11.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/06 15:38:11.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

 

[merm8fan]

TDSSKiller report (part 2)

2010/09/06 15:38:12.0187 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/06 15:38:12.0437 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/06 15:38:12.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/06 15:38:12.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/06 15:38:13.0406 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/06 15:38:13.0781 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/06 15:38:15.0531 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/06 15:38:15.0687 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/06 15:38:16.0031 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/06 15:38:16.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/06 15:38:16.0546 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/06 15:38:16.0796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/06 15:38:17.0062 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/06 15:38:17.0234 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/06 15:38:17.0484 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/06 15:38:17.0656 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/06 15:38:17.0906 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/06 15:38:18.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/06 15:38:18.0453 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/06 15:38:18.0703 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/06 15:38:19.0000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/06 15:38:19.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/06 15:38:19.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/06 15:38:19.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/06 15:38:20.0187 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/06 15:38:20.0468 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/09/06 15:38:20.0578 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/06 15:38:20.0718 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/09/06 15:38:21.0125 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/09/06 15:38:21.0484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/06 15:38:21.0890 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/06 15:38:22.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/06 15:38:23.0000 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/06 15:38:23.0375 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/06 15:38:24.0218 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/09/06 15:38:24.0453 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/06 15:38:24.0718 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/06 15:38:25.0015 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/06 15:38:25.0296 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/06 15:38:25.0687 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/06 15:38:25.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/06 15:38:26.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/06 15:38:26.0437 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/06 15:38:26.0609 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/06 15:38:26.0781 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/06 15:38:26.0968 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/06 15:38:27.0156 SynTP (409f7eeb079d6154ccb26a02e6e27844) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/06 15:38:27.0437 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/06 15:38:27.0937 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/06 15:38:28.0218 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/06 15:38:28.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/06 15:38:29.0156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/06 15:38:29.0515 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/06 15:38:29.0812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/06 15:38:30.0015 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/06 15:38:30.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/06 15:38:30.0875 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/06 15:38:31.0171 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/06 15:38:31.0484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/06 15:38:31.0890 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/06 15:38:32.0187 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/06 15:38:32.0625 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/06 15:38:32.0937 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/06 15:38:33.0140 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/06 15:38:33.0437 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/06 15:38:33.0750 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/06 15:38:34.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/06 15:38:34.0875 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/06 15:38:35.0375 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/06 15:38:35.0812 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/06 15:38:36.0031 ================================================================================
2010/09/06 15:38:36.0031 Scan finished
2010/09/06 15:38:36.0031 ================================================================================

 

[crunchie]

Open Notepad
Copy and paste following text into Notepad:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.

Run fix.bat by double clicking.
You may see a black box appear; this is normal.

When done, run remover.exe again and post its output.

==

After a reboot, see how it is and let me know please.

 

[merm8fan]

Fix.bat opens, but then pops an error

double-clicking fix.bat opens the black box as advised, but then pops the following error:

Windows cannot find 'remover.exe'. Make sure you typed the name correctly and then try again. To search for a file, click the Start button, and then click Search.

If this is referring to the bootkit remover from your earlier post, the one it unzipped to my desktop is called bootkit_remover.exe, and not simply remover.exe. Could that be a factor?

Thanks again!

 

[crunchie]

Did you save bootkit remover to your desktop? Is it still there? If it is physically there, there should be no problem.
Try again and if it still does not work, please do the following:

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[merm8fan]

Re-trying fix.bat still produces the same error message.

MBRCheck log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 161):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BA7000 \WINDOWS\system32\KDCOM.DLL
0xF7AB7000 \WINDOWS\system32\BOOTVID.dll
0xF7658000 ACPI.sys
0xF7BA9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7647000 pci.sys
0xF76A7000 isapnp.sys
0xF7ABB000 compbatt.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C6F000 pciide.sys
0xF7927000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7BAB000 aliide.sys
0xF7BAD000 cmdide.sys
0xF7BAF000 toside.sys
0xF7BB1000 viaide.sys
0xF7BB3000 intelide.sys
0xF76B7000 MountMgr.sys
0xF7628000 ftdisk.sys
0xF7AC3000 ACPIEC.sys
0xF7C70000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF792F000 PartMgr.sys
0xF76C7000 VolSnap.sys
0xF7AC7000 cpqarray.sys
0xF7610000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF75F8000 atapi.sys
0xF7ACB000 aha154x.sys
0xF7937000 sparrow.sys
0xF7ACF000 symc810.sys
0xF76D7000 aic78xx.sys
0xF7AD3000 dac960nt.sys
0xF76E7000 ql10wnt.sys
0xF7AD7000 amsint.sys
0xF793F000 asc.sys
0xF7ADB000 asc3550.sys
0xF7947000 mraid35x.sys
0xF794F000 i2omp.sys
0xF7ADF000 ini910u.sys
0xF76F7000 ql1240.sys
0xF7707000 aic78u2.sys
0xF7957000 symc8xx.sys
0xF795F000 sym_hi.sys
0xF7967000 sym_u3.sys
0xF796F000 ABP480N5.SYS
0xF7977000 asc3350p.sys
0xF7BB5000 cd20xrnt.sys
0xF7717000 ultra.sys
0xF75DF000 adpu160m.sys
0xF797F000 dpti2o.sys
0xF7727000 ql1080.sys
0xF7737000 ql1280.sys
0xF7747000 ql12160.sys
0xF7987000 perc2.sys
0xF7BB7000 perc2hib.sys
0xF798F000 hpn.sys
0xF7AE3000 cbidf2k.sys
0xF75B3000 dac2w2k.sys
0xF7757000 disk.sys
0xF7767000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7593000 fltMgr.sys
0xF7581000 sr.sys
0xF755D000 Fastfat.sys
0xF7546000 KSecDD.sys
0xF7519000 NDIS.sys
0xF7777000 sisagp.sys
0xF7787000 viaagp.sys
0xF74FF000 Mup.sys
0xF7797000 alim1541.sys
0xF77A7000 amdagp.sys
0xF77B7000 agp440.sys
0xF77C7000 agpCPQ.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7B63000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6E37000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6E23000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6DFB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6DDF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF6DC8000 \SystemRoot\system32\DRIVERS\jmcr.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6DA4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A07000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A0F000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7A17000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6D6D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7BB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B67000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7CDE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7807000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B6B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D56000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7817000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7827000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A27000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6D45000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7837000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A2F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A37000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7847000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BBB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6D22000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6CC4000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B73000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7857000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7877000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA303000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2DF000 \SystemRoot\system32\drivers\portcls.sys
0xF7887000 \SystemRoot\system32\drivers\drmk.sys
0xF7496000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BBF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D45000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BC1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A77000 \SystemRoot\System32\drivers\vga.sys
0xF7BC3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A7F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A87000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7492000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA16C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA113000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF78A7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA0ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF78B7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA0C5000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0A3000 \SystemRoot\System32\drivers\afd.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA081000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A8F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA056000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF78F7000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9FBF000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7A9F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA9DE6000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xF7917000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7AA7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xA9DCE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BC9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA22F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7AAF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D27000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7AF3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA9CAA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9B0F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA98B2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA989D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9AFF000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9486000 \SystemRoot\system32\DRIVERS\srv.sys
0xA90AD000 \SystemRoot\System32\Drivers\HTTP.sys
0xAA1BF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA8C9C000 \SystemRoot\system32\DRIVERS\athw.sys
0xA8BD1000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
620 C:\WINDOWS\System32\smss.exe
680 csrss.exe
704 C:\WINDOWS\System32\winlogon.exe
748 C:\WINDOWS\System32\services.exe
760 C:\WINDOWS\System32\lsass.exe
928 C:\WINDOWS\System32\svchost.exe
1012 svchost.exe
1072 C:\WINDOWS\System32\svchost.exe
1128 svchost.exe
1220 svchost.exe
1316 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1528 C:\WINDOWS\System32\spoolsv.exe
1708 svchost.exe
1720 C:\WINDOWS\Explorer.EXE
1920 C:\WINDOWS\RTHDCPL.EXE
1936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1964 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1988 C:\Program Files\Bonjour\mDNSResponder.exe
1996 C:\Program Files\Launch Manager\QtZgAcer.EXE
116 C:\Program Files\Java\jre6\bin\jqs.exe
220 C:\Program Files\iTunes\iTunesHelper.exe
240 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
336 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
416 C:\WINDOWS\System32\svchost.exe
464 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
524 C:\Program Files\Common Files\Java\Java Update\jusched.exe
664 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1180 C:\WINDOWS\System32\igfxext.exe
1540 C:\WINDOWS\System32\igfxsrvc.exe
2456 C:\Documents and Settings\Mar\Local Settings\Temp\RtkBtMnt.exe
2532 C:\Program Files\iPod\bin\iPodService.exe
2648 alg.exe
1060 C:\WINDOWS\System32\ctfmon.exe
3648 C:\Program Files\Mozilla Firefox\firefox.exe
1276 C:\Program Files\Mozilla Firefox\plugin-container.exe
2424 C:\Documents and Settings\Mar\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (FAT32)

PhysicalDrive0 Model Number: SSDPAMM0008G1, Rev: Ver2.I0K

Size Device Name MBR Status
--------------------------------------------
7 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

[merm8fan]

Sorry - to directly answer your question: yes, I did save bootkit remover to the desktop. Screenshot of desktop is attached.

 

[crunchie]

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot and run MBRCheck again and post that log.

 

[merm8fan]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 160):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BA7000 \WINDOWS\system32\KDCOM.DLL
0xF7AB7000 \WINDOWS\system32\BOOTVID.dll
0xF7658000 ACPI.sys
0xF7BA9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7647000 pci.sys
0xF76A7000 isapnp.sys
0xF7ABB000 compbatt.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C6F000 pciide.sys
0xF7927000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7BAB000 aliide.sys
0xF7BAD000 cmdide.sys
0xF7BAF000 toside.sys
0xF7BB1000 viaide.sys
0xF7BB3000 intelide.sys
0xF76B7000 MountMgr.sys
0xF7628000 ftdisk.sys
0xF7AC3000 ACPIEC.sys
0xF7C70000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF792F000 PartMgr.sys
0xF76C7000 VolSnap.sys
0xF7AC7000 cpqarray.sys
0xF7610000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF75F8000 atapi.sys
0xF7ACB000 aha154x.sys
0xF7937000 sparrow.sys
0xF7ACF000 symc810.sys
0xF76D7000 aic78xx.sys
0xF7AD3000 dac960nt.sys
0xF76E7000 ql10wnt.sys
0xF7AD7000 amsint.sys
0xF793F000 asc.sys
0xF7ADB000 asc3550.sys
0xF7947000 mraid35x.sys
0xF794F000 i2omp.sys
0xF7ADF000 ini910u.sys
0xF76F7000 ql1240.sys
0xF7707000 aic78u2.sys
0xF7957000 symc8xx.sys
0xF795F000 sym_hi.sys
0xF7967000 sym_u3.sys
0xF796F000 ABP480N5.SYS
0xF7977000 asc3350p.sys
0xF7BB5000 cd20xrnt.sys
0xF7717000 ultra.sys
0xF75DF000 adpu160m.sys
0xF797F000 dpti2o.sys
0xF7727000 ql1080.sys
0xF7737000 ql1280.sys
0xF7747000 ql12160.sys
0xF7987000 perc2.sys
0xF7BB7000 perc2hib.sys
0xF798F000 hpn.sys
0xF7AE3000 cbidf2k.sys
0xF75B3000 dac2w2k.sys
0xF7757000 disk.sys
0xF7767000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7593000 fltMgr.sys
0xF7581000 sr.sys
0xF755D000 Fastfat.sys
0xF7546000 KSecDD.sys
0xF7519000 NDIS.sys
0xF7777000 sisagp.sys
0xF7787000 viaagp.sys
0xF74FF000 Mup.sys
0xF7797000 alim1541.sys
0xF77A7000 amdagp.sys
0xF77B7000 agp440.sys
0xF77C7000 agpCPQ.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7B63000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6E37000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6E23000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6DFB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6DDF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF6DC8000 \SystemRoot\system32\DRIVERS\jmcr.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6DA4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A07000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A0F000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7A17000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6D6D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7BB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B67000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7CDE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7807000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B6B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D56000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7817000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7827000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A27000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6D45000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7837000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A2F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A37000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7847000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BBB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6D22000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6CC4000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B73000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7857000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7877000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA303000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2DF000 \SystemRoot\system32\drivers\portcls.sys
0xF7887000 \SystemRoot\system32\drivers\drmk.sys
0xF7496000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BBF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D45000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BC1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A77000 \SystemRoot\System32\drivers\vga.sys
0xF7BC3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A7F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A87000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7492000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA16C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA113000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF78A7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA0ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF78B7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA0C5000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0A3000 \SystemRoot\System32\drivers\afd.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA081000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A8F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA056000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF78F7000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9FBF000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7A9F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA9DE6000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xF7917000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7AA7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xA9DCE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BC9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA22F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7AAF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D27000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7AF3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA9CAA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9B0F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA98B2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA989D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9AFF000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9486000 \SystemRoot\system32\DRIVERS\srv.sys
0xA90AD000 \SystemRoot\System32\Drivers\HTTP.sys
0xAA1BF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA8C9C000 \SystemRoot\system32\DRIVERS\athw.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
620 C:\WINDOWS\System32\smss.exe
680 csrss.exe
704 C:\WINDOWS\System32\winlogon.exe
748 C:\WINDOWS\System32\services.exe
760 C:\WINDOWS\System32\lsass.exe
928 C:\WINDOWS\System32\svchost.exe
1012 svchost.exe
1072 C:\WINDOWS\System32\svchost.exe
1128 svchost.exe
1220 svchost.exe
1316 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1528 C:\WINDOWS\System32\spoolsv.exe
1708 svchost.exe
1720 C:\WINDOWS\Explorer.EXE
1920 C:\WINDOWS\RTHDCPL.EXE
1936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1964 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1988 C:\Program Files\Bonjour\mDNSResponder.exe
1996 C:\Program Files\Launch Manager\QtZgAcer.EXE
116 C:\Program Files\Java\jre6\bin\jqs.exe
220 C:\Program Files\iTunes\iTunesHelper.exe
240 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
336 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
416 C:\WINDOWS\System32\svchost.exe
464 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
524 C:\Program Files\Common Files\Java\Java Update\jusched.exe
664 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1180 C:\WINDOWS\System32\igfxext.exe
1540 C:\WINDOWS\System32\igfxsrvc.exe
2456 C:\Documents and Settings\Mar\Local Settings\Temp\RtkBtMnt.exe
2532 C:\Program Files\iPod\bin\iPodService.exe
2648 alg.exe
1060 C:\WINDOWS\System32\ctfmon.exe
3648 C:\Program Files\Mozilla Firefox\firefox.exe
1276 C:\Program Files\Mozilla Firefox\plugin-container.exe
2264 C:\Documents and Settings\Mar\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (FAT32)

PhysicalDrive0 Model Number: SSDPAMM0008G1, Rev: Ver2.I0K

Size Device Name MBR Status
--------------------------------------------
7 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

 

[merm8fan]

Looks like the same MBR response after the 'fix' and restart. I do still have the prompt open if you would like me to go through the 'Y' steps again.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 160):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BA7000 \WINDOWS\system32\KDCOM.DLL
0xF7AB7000 \WINDOWS\system32\BOOTVID.dll
0xF7658000 ACPI.sys
0xF7BA9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7647000 pci.sys
0xF76A7000 isapnp.sys
0xF7ABB000 compbatt.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C6F000 pciide.sys
0xF7927000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7BAB000 aliide.sys
0xF7BAD000 cmdide.sys
0xF7BAF000 toside.sys
0xF7BB1000 viaide.sys
0xF7BB3000 intelide.sys
0xF76B7000 MountMgr.sys
0xF7628000 ftdisk.sys
0xF7AC3000 ACPIEC.sys
0xF7C70000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF792F000 PartMgr.sys
0xF76C7000 VolSnap.sys
0xF7AC7000 cpqarray.sys
0xF7610000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF75F8000 atapi.sys
0xF7ACB000 aha154x.sys
0xF7937000 sparrow.sys
0xF7ACF000 symc810.sys
0xF76D7000 aic78xx.sys
0xF7AD3000 dac960nt.sys
0xF76E7000 ql10wnt.sys
0xF7AD7000 amsint.sys
0xF793F000 asc.sys
0xF7ADB000 asc3550.sys
0xF7947000 mraid35x.sys
0xF794F000 i2omp.sys
0xF7ADF000 ini910u.sys
0xF76F7000 ql1240.sys
0xF7707000 aic78u2.sys
0xF7957000 symc8xx.sys
0xF795F000 sym_hi.sys
0xF7967000 sym_u3.sys
0xF796F000 ABP480N5.SYS
0xF7977000 asc3350p.sys
0xF7BB5000 cd20xrnt.sys
0xF7717000 ultra.sys
0xF75DF000 adpu160m.sys
0xF797F000 dpti2o.sys
0xF7727000 ql1080.sys
0xF7737000 ql1280.sys
0xF7747000 ql12160.sys
0xF7987000 perc2.sys
0xF7BB7000 perc2hib.sys
0xF798F000 hpn.sys
0xF7AE3000 cbidf2k.sys
0xF75B3000 dac2w2k.sys
0xF7757000 disk.sys
0xF7767000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7593000 fltMgr.sys
0xF7581000 sr.sys
0xF755D000 Fastfat.sys
0xF7546000 KSecDD.sys
0xF7519000 NDIS.sys
0xF7777000 sisagp.sys
0xF7787000 viaagp.sys
0xF74FF000 Mup.sys
0xF7797000 alim1541.sys
0xF77A7000 amdagp.sys
0xF77B7000 agp440.sys
0xF77C7000 agpCPQ.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7B63000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6E37000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6E23000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6DFB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6DDF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF6C9E000 \SystemRoot\system32\DRIVERS\athw.sys
0xF6C87000 \SystemRoot\system32\DRIVERS\jmcr.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6C63000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A07000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A0F000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7A17000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6C2C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7BB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B67000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7CDF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7807000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B6B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C15000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7817000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7827000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A27000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C04000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7837000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A2F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A37000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7847000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BBB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BE1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6B83000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B73000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7857000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7877000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAA303000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2DF000 \SystemRoot\system32\drivers\portcls.sys
0xF7887000 \SystemRoot\system32\drivers\drmk.sys
0xF7496000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BBF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D46000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BC1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A77000 \SystemRoot\System32\drivers\vga.sys
0xF7BC3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A7F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A87000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7492000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA16C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA113000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF78B7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA0ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA0C5000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0A3000 \SystemRoot\System32\drivers\afd.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA081000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A8F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA056000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7907000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9FBF000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7A9F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA9DE6000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xF745D000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7AA7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xA9DCE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BC9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA22F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7AAF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D29000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9DA6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA9CAE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9B0F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA98B2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9875000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9A87000 \SystemRoot\system32\drivers\sysaudio.sys
0xA94AE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA90AD000 \SystemRoot\System32\Drivers\HTTP.sys
0xAA1CF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
676 C:\WINDOWS\System32\smss.exe
736 csrss.exe
760 C:\WINDOWS\System32\winlogon.exe
804 C:\WINDOWS\System32\services.exe
816 C:\WINDOWS\System32\lsass.exe
980 C:\WINDOWS\System32\svchost.exe
1044 svchost.exe
1104 C:\WINDOWS\System32\svchost.exe
1188 svchost.exe
1272 svchost.exe
1444 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1792 C:\WINDOWS\System32\spoolsv.exe
516 svchost.exe
664 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
724 C:\WINDOWS\Explorer.EXE
820 C:\Program Files\Bonjour\mDNSResponder.exe
1140 C:\Program Files\Java\jre6\bin\jqs.exe
244 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1528 C:\WINDOWS\System32\svchost.exe
556 C:\WINDOWS\System32\wuauclt.exe
1264 C:\WINDOWS\RTHDCPL.EXE
1228 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1888 C:\Program Files\Launch Manager\QtZgAcer.EXE
2148 C:\Program Files\iTunes\iTunesHelper.exe
2160 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2192 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2212 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2236 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2252 C:\WINDOWS\System32\ctfmon.exe
2348 C:\WINDOWS\System32\igfxext.exe
2388 C:\WINDOWS\System32\igfxsrvc.exe
2660 alg.exe
2900 C:\Program Files\iPod\bin\iPodService.exe
3180 C:\Documents and Settings\Mar\Local Settings\Temp\RtkBtMnt.exe
2540 C:\Documents and Settings\Mar\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (FAT32)

PhysicalDrive0 Model Number: SSDPAMM0008G1, Rev: Ver2.I0K

Size Device Name MBR Status
--------------------------------------------
7 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

[crunchie]

Can try again, but will likely get the same result.

Do you have your XP CD?

 

[merm8fan]

No disc - this is a netbook that had XP pre-loaded. I do have an external optical drive I could use if I can dig up an XP CD from another laptop, but I am not certain the full size laptop came with a CD either.

The redirect issue is happening on the following other computers in the house, if you think this particular problem with this netbook is holding up a solution:
XP Media Edition desktop,
Vista laptop,
XP laptop,
XP nettop

Thanks again for your help. I will try the 'y' prompt steps again, just for luck!