Solved PUM.hijack.system.hidden symptoms?

OTL logfile created on: 10/11/2013 1:25:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Star\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.16 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 91.66% Memory free
7.17 Gb Paging File | 7.09 Gb Available in Paging File | 98.87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0F:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.93 Gb Total Space | 27.92 Gb Free Space | 69.91% Space Free | Partition Type: NTFS
Drive D: | 29.30 Gb Total Space | 9.49 Gb Free Space | 32.37% Space Free | Partition Type: NTFS
Drive E: | 15.63 Gb Total Space | 2.99 Gb Free Space | 19.11% Space Free | Partition Type: NTFS
Drive F: | 29.30 Gb Total Space | 5.33 Gb Free Space | 18.20% Space Free | Partition Type: NTFS
Drive G: | 2.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 14.90 Gb Total Space | 8.94 Gb Free Space | 60.02% Space Free | Partition Type: FAT32

Computer Name: STAR43715 | User Name: Star | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/11 11:23:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Star\Desktop\OTL.exe
PRC - [2008/07/03 04:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- h:\e5500 xp drivers (cab)\e5500\xp\x86\audio\r267815\wdm\stacsv.exe -- (STacSV)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/11/29 06:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/03/06 01:45:36 | 000,198,520 | ---- | M] (Juniper Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2011/08/10 08:13:48 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Programme\OnlineUpdateBG\schedservicemain.exe -- (oubgschedservice)
SRV - [2011/03/09 12:04:12 | 000,326,616 | ---- | M] (Transaction Software, D 81829 Munich) [Auto | Stopped] -- C:\Programme\ewa\database\TransBase WIS\tbmux32.exe -- (EWA net DB WIS)
SRV - [2011/03/09 12:04:12 | 000,326,616 | ---- | M] (Transaction Software, D 81829 Munich) [Auto | Stopped] -- C:\Programme\ewa\database\TransBase EWA\tbmux32.exe -- (EWA net DB Core)
SRV - [2010/02/10 18:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2007/11/27 13:33:52 | 000,417,792 | ---- | M] (Transaction Software, D 81829 Munich) [Auto | Stopped] -- C:\Programme\ewa\database\TransBase EPC\tbmux32.exe -- (EWA net DB EPC)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2004/11/16 17:07:26 | 000,094,208 | ---- | M] (KoDiSys GmbH) [Auto | Stopped] -- C:\WINDOWS\zak\service.exe -- (SDImpersonationService)
SRV - [2004/10/25 11:00:52 | 000,007,680 | ---- | M] (Gigatronik) [Auto | Stopped] -- c:\Programme\HardwareAssistent\HWAssistentService.exe -- (HWAssistentService)
SRV - [2003/07/31 19:29:04 | 000,065,536 | ---- | M] (Alexandria Software Consulting) [Auto | Stopped] -- C:\Programme\ewa\server\bin\tomcat.exe -- (EWA net Server)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wudfrd.sys -- (WudfRd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\WudfPf.sys -- (WudfPf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmxnet.sys -- (vmxnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmx_svga.sys -- (vmx_svga)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmmouse.sys -- (vmmouse)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Star\LOCALS~1\Temp\Mydrivers32.SYS -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\oz776.sys -- (guardian2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Accelern.sys -- (Acceler)
DRV - [2013/10/09 13:48:57 | 000,048,728 | ---- | M] (MalwareBytes) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/08/17 12:40:12 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/07/11 17:20:36 | 000,116,224 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2012/07/11 17:20:34 | 006,650,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32)
DRV - [2012/07/11 17:20:22 | 001,656,499 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2012/07/11 17:20:22 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2012/07/11 17:20:20 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2012/04/13 12:05:06 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/02/15 12:00:28 | 003,369,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/03/23 14:51:56 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdjxp.sys -- (O2SDJRDR)
DRV - [2011/01/26 15:48:50 | 000,229,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2011/01/04 03:58:42 | 000,061,728 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdrxp.sys -- (O2MDRRDR)
DRV - [2010/10/19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2010/10/15 09:29:16 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/10/07 13:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2009/08/14 14:24:07 | 000,017,968 | R--- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)
DRV - [2007/06/27 13:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2004/06/08 16:35:00 | 000,030,208 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\Programme\Temp\JidaN.sys -- (JidaN)
DRV - [2001/08/17 13:17:44 | 000,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://aftersales.I.daimler.com
IE - HKU\S-1-5-21-343818398-861567501-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-343818398-861567501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\


O1 HOSTS File: ([2013/10/10 18:36:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebCGMHlprObj Class) - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll (CGM Open Consortium, Inc.)
O4 - HKLM..\Run: [BWK] c:\programme\BWK\Startup.lnk ()
O4 - HKLM..\Run: [HotFixInstaller] C:\Programme\HotFixInst\HotfixInst.exe (GIGATRONIK Stuttgart GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchComServer] C:\Program Files\SDconnect Toolkit\bin\TKTray.exe (I+ME ACTIA GmbH, DE, Braunschweig)
O4 - HKLM..\Run: [SDNC] C:\Programme\SDnetControl\SDNC.exe (GIGATRONIK Stuttgart GmbH)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-343818398-861567501-725345543-1003..\Run: [SDprinterConfig] C:\Programme\SDprinterConfig\SDprinterConfig.exe (GIGATRONIK Stuttgart GmbH)
O4 - HKU\S-1-5-21-343818398-861567501-725345543-1003..\Run: [StarInsecure] C:\WINDOWS\StarInsecure\hstart.exe (NTWind Software)
O4 - HKU\S-1-5-21-343818398-861567501-725345543-1003..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: daimler.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: daimler.com ([*.I] * in Trusted sites)
O15 - HKLM\..Trusted Domains: dccac.net ([www] * in Trusted sites)
O15 - HKLM\..Trusted Domains: mercedes-benz.com ([ewa-brasil] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mercedes-benz.com ([retailfactory] * in Trusted sites)
O15 - HKLM\..Trusted Domains: mercedes-benz.com ([retailfactory2] * in Trusted sites)
O15 - HKLM\..Trusted Domains: mercedes-benz-mobile.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: startekinfo.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: daimler.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: daimler.com ([*.I] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: dccac.net ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: evobus.com ([*] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-amg.com ([*] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-benz.com ([ewa-brasil] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-benz.com ([retailfactory] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-benz.com ([retailfactory2] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-benz-mobile.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: servicecode.net ([*] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: startekinfo.com ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1710BAF9-63EA-466A-802B-8FACFAC57DAA}: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CFDA05D-9B30-4048-926E-9765644CE039}: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25B05A5C-CA65-437F-9890-FC01F87D3A45}: DhcpNameServer = 202.96.128.166 202.96.134.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCE70BE3-A753-49B6-8C38-AD91DE2E2C74}: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF053F6B-6113-4261-B905-06D24EF2AAD0}: DhcpNameServer = 192.168.0.1 205.171.2.65
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Star\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Star\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/22 15:55:26 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/10/08 15:02:32 | 000,000,059 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/11 13:24:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Star\Desktop\OTL.exe
[2013/10/11 13:14:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/11 13:13:35 | 001,032,220 | ---- | C] (Thisisu) -- C:\Documents and Settings\Star\Desktop\JRT.exe
[2013/10/11 13:05:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/10 18:37:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2013/10/10 18:35:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/10/10 18:31:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/10/10 15:32:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/10/10 15:28:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/10/10 13:57:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/10/10 13:57:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/10/10 13:57:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/10/10 13:57:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/10/10 13:57:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/10 13:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/10/10 13:53:14 | 005,131,844 | R--- | C] (Swearware) -- C:\Documents and Settings\Star\Desktop\ComboFix.exe
[2013/10/09 13:48:57 | 000,048,728 | ---- | C] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/10/09 11:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Star\Desktop\RK_Quarantine
[2013/10/09 11:04:07 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/10/09 10:46:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/10/09 10:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2013/10/08 16:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Star\Start Menu\Programs\WinRAR
[2013/10/08 16:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Star\Application Data\WinRAR
[2013/10/08 16:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2013/10/08 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/10/08 11:15:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Star\My Documents\My Videos
[2013/10/08 11:13:11 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/07 14:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Star\Desktop\mbar
[2013/10/07 11:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/10/07 11:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/11 13:10:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/11 11:23:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Star\Desktop\OTL.exe
[2013/10/11 11:13:12 | 001,032,220 | ---- | M] (Thisisu) -- C:\Documents and Settings\Star\Desktop\JRT.exe
[2013/10/11 11:04:22 | 001,048,960 | ---- | M] () -- C:\Documents and Settings\Star\Desktop\adwcleaner.exe
[2013/10/10 18:36:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/10/10 15:32:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/10/10 13:22:29 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DCCAB0E0-E10A-4CD2-83F1-30DB1E240CAC}.job
[2013/10/10 11:52:50 | 005,131,844 | R--- | M] (Swearware) -- C:\Documents and Settings\Star\Desktop\ComboFix.exe
[2013/10/09 13:48:57 | 000,048,728 | ---- | M] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/10/09 11:33:54 | 000,002,978 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/10/09 10:41:10 | 000,950,272 | ---- | M] () -- C:\Documents and Settings\Star\Desktop\RogueKiller.exe
[2013/10/07 11:34:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/19 11:55:49 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2013/09/19 11:55:28 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/11 13:05:10 | 001,048,960 | ---- | C] () -- C:\Documents and Settings\Star\Desktop\adwcleaner.exe
[2013/10/10 15:32:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/10/10 15:32:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/10/10 13:57:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/10/10 13:57:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/10/10 13:57:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/10/10 13:57:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/10/10 13:57:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/10/09 17:04:09 | 000,950,272 | ---- | C] () -- C:\Documents and Settings\Star\Desktop\RogueKiller.exe
[2013/10/09 11:33:53 | 000,002,978 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/08/02 12:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2013/06/24 17:15:48 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2013/06/24 17:15:44 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2013/06/24 16:28:43 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2013/06/24 16:26:51 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2013/02/11 12:07:25 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\instsrv.exe
[2013/02/11 12:07:25 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2013/02/11 12:04:57 | 000,195,480 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2013/02/11 12:04:57 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2013/02/11 12:04:54 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2013/02/11 12:04:54 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2013/02/11 12:04:53 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2012/08/17 19:32:30 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Star\.ewanapi_cookie
[2012/08/17 19:26:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/08/17 14:11:24 | 000,001,606 | ---- | C] () -- C:\WINDOWS\System32\font.ini
[2012/08/16 06:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DAS32R2.INI
[2012/08/16 03:53:54 | 000,000,078 | ---- | C] () -- C:\WINDOWS\init.ini
[2012/08/16 03:50:38 | 000,000,033 | ---- | C] () -- C:\WINDOWS\starfont.ini
[2012/08/16 03:34:25 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Star\Local Settings\Application Data\fusioncache.dat
[2012/08/16 03:23:04 | 000,360,549 | ---- | C] () -- C:\WINDOWS\System32\ivm_lic.dll
[2012/08/16 03:23:04 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\D990TRAN.sys
[2012/08/16 03:15:00 | 000,114,742 | ---- | C] () -- C:\WINDOWS\System32\SerialNumberAccessDll.dll.old
[2012/08/16 03:15:00 | 000,114,742 | ---- | C] () -- C:\WINDOWS\System32\SerialNumberAccessDll.dll
[2012/08/16 03:07:37 | 000,000,784 | ---- | C] () -- C:\WINDOWS\starpad.ini
[2012/08/16 03:01:42 | 000,298,496 | ---- | C] () -- C:\WINDOWS\System32\StarInsecure.dll

========== ZeroAccess Check ==========

[2012/08/16 04:00:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/04/14 05:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 
redtarget.gif
Make sure you reinstall AVG.

redtarget.gif
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
[/list]
Code: 
:OTL
SRV - File not found [Auto | Stopped] -- h:\e5500 xp drivers (cab)\e5500\xp\x86\audio\r267815\wdm\stacsv.exe -- (STacSV)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wudfrd.sys -- (WudfRd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\WudfPf.sys -- (WudfPf)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmxnet.sys -- (vmxnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmx_svga.sys -- (vmx_svga)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmmouse.sys -- (vmmouse)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Star\LOCALS~1\Temp\Mydrivers32.SYS -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\oz776.sys -- (guardian2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Accelern.sys -- (Acceler)
O4 - HKU\S-1-5-21-343818398-861567501-725345543-1003..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O15 - HKLM\..Trusted Domains: daimler.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: daimler.com ([*.I] * in Trusted sites)
O15 - HKLM\..Trusted Domains: dccac.net ([www] * in Trusted sites)
O15 - HKLM\..Trusted Domains: mercedes-benz.com ([ewa-brasil] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mercedes-benz.com ([retailfactory] * in Trusted sites)
O15 - HKLM\..Trusted Domains: mercedes-benz.com ([retailfactory2] * in Trusted sites)
O15 - HKLM\..Trusted Domains: mercedes-benz-mobile.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: startekinfo.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: daimler.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: daimler.com ([*.I] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: dccac.net ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: evobus.com ([*] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-amg.com ([*] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-benz.com ([ewa-brasil] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-benz.com ([retailfactory] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-benz.com ([retailfactory2] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: mercedes-benz-mobile.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: servicecode.net ([*] * in Trusted sites)
O15 - HKU\S-1-5-21-343818398-861567501-725345543-1003\..Trusted Domains: startekinfo.com ([www] * in Trusted sites)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL Custom Scan -

All processes killed
========== OTL ==========
Service STacSV stopped successfully!
Service STacSV deleted successfully!
File h:\e5500 xp drivers (cab)\e5500\xp\x86\audio\r267815\wdm\stacsv.exe not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service WudfRd stopped successfully!
Service WudfRd deleted successfully!
File C:\WINDOWS\system32\wudfrd.sys not found.
Service WudfPf stopped successfully!
Service WudfPf deleted successfully!
File C:\WINDOWS\system32\WudfPf.sys not found.
Service winachsf stopped successfully!
Service winachsf deleted successfully!
File system32\DRIVERS\HSF_CNXT.sys not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service vmxnet stopped successfully!
Service vmxnet deleted successfully!
File system32\DRIVERS\vmxnet.sys not found.
Service vmx_svga stopped successfully!
Service vmx_svga deleted successfully!
File system32\DRIVERS\vmx_svga.sys not found.
Service vmmouse stopped successfully!
Service vmmouse deleted successfully!
File system32\DRIVERS\vmmouse.sys not found.
Service vmci stopped successfully!
Service vmci deleted successfully!
File system32\DRIVERS\vmci.sys not found.
Error: No service named TrueSight was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrueSight deleted successfully.
File C:\WINDOWS\system32\TrueSight.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service mdmxsdk stopped successfully!
Service mdmxsdk deleted successfully!
File system32\DRIVERS\mdmxsdk.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service HWiNFO32 stopped successfully!
Service HWiNFO32 deleted successfully!
File C:\DOCUME~1\Star\LOCALS~1\Temp\Mydrivers32.SYS not found.
Service HSFHWAZL stopped successfully!
Service HSFHWAZL deleted successfully!
File system32\DRIVERS\HSFHWAZL.sys not found.
Service HSF_DPV stopped successfully!
Service HSF_DPV deleted successfully!
File system32\DRIVERS\HSF_DPV.sys not found.
Service guardian2 stopped successfully!
Service guardian2 deleted successfully!
File System32\Drivers\oz776.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service Acceler stopped successfully!
Service Acceler deleted successfully!
File system32\DRIVERS\Accelern.sys not found.
Registry value HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report not found.
C:\AdwCleaner\AdwCleaner[S0].txt moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\daimler.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\daimler.com\*.I\ not found.
Invalid CLSID key: *.I
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dccac.net\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mercedes-benz.com\ewa-brasil\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mercedes-benz.com\retailfactory\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mercedes-benz.com\retailfactory2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mercedes-benz-mobile.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\startekinfo.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\daimler.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\daimler.com\*.I\ not found.
Invalid CLSID key: *.I
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dccac.net\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\evobus.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mercedes-amg.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mercedes-benz.com\ewa-brasil\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mercedes-benz.com\retailfactory\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mercedes-benz.com\retailfactory2\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mercedes-benz-mobile.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\servicecode.net\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_USERS\S-1-5-21-343818398-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\startekinfo.com\www\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Star
->Temp folder emptied: 17024472 bytes
->Temporary Internet Files folder emptied: 6770435 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 607 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4804088 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86179 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27.00 mb


[EMPTYJAVA]

User: administrator

User: All Users

User: Default User
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Star
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Star
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142013_120415

Files\Folders moved on Reboot...
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\KVBMYTO1\1996[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\KVBMYTO1\918[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\KVBMYTO1\ads[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\KVBMYTO1\ba[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\KVBMYTO1\pum-hijack-system-hidden-symptoms[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\KVBMYTO1\push[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\KLYW7W78\ads[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\KLYW7W78\search[4].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\KLYW7W78\zrt_lookup[1].html moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\2X16JLW3\adServer[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\2VK2TDPG\comScore[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\2VK2TDPG\partner[1].htm moved successfully.
C:\Documents and Settings\Star\Local Settings\Temporary Internet Files\Content.IE5\2VK2TDPG\si[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\hsperfdata_SYSTEM\2672 not found!
File\Folder C:\WINDOWS\temp\avg-0528014a-f31a-405b-a9af-4c1292623d2f.tmp not found!
File\Folder C:\WINDOWS\temp\avg-0ca9b37c-352b-4e5e-8e70-006ff95a322d.tmp not found!
File\Folder C:\WINDOWS\temp\avg-0f6adf6c-9c40-4c6f-8a4c-9d5be614266c.tmp not found!
File\Folder C:\WINDOWS\temp\avg-14449872-edef-4757-b038-7a71639bed44.tmp not found!
File\Folder C:\WINDOWS\temp\avg-1d885a30-4ba8-4206-8b29-7b6c37dae324.tmp not found!
File\Folder C:\WINDOWS\temp\avg-239a2d28-9924-403e-a388-2d74a87c8716.tmp not found!
File\Folder C:\WINDOWS\temp\avg-246aa925-bc8e-497a-9e9f-dd7723951c7f.tmp not found!
File\Folder C:\WINDOWS\temp\avg-2ab2ba7e-c1b7-4e34-b2e7-bd45f76e3640.tmp not found!
File\Folder C:\WINDOWS\temp\avg-2da95942-c845-4113-9365-f4222ac5fe23.tmp not found!
File\Folder C:\WINDOWS\temp\avg-2e8aa03d-dec6-404c-80c6-9b16ede0614e.tmp not found!
File\Folder C:\WINDOWS\temp\avg-30d6343f-4126-4420-a230-6c7bf3b5ff0b.tmp not found!
File\Folder C:\WINDOWS\temp\avg-32a4be57-05f2-4f71-8caf-9803157ab764.tmp not found!
File\Folder C:\WINDOWS\temp\avg-3350024c-fbfe-4b69-9377-545bc11c1f57.tmp not found!
File\Folder C:\WINDOWS\temp\avg-3662491d-5568-4970-9b21-3c75b79cc305.tmp not found!
File\Folder C:\WINDOWS\temp\avg-419d896d-d8fd-4a23-8dbe-1f6f8d2c2d2a.tmp not found!
File\Folder C:\WINDOWS\temp\avg-4ce9e172-ae96-4b61-9774-fb052b531a4a.tmp not found!
File\Folder C:\WINDOWS\temp\avg-503db922-b8d0-4253-b41a-081fd5899906.tmp not found!
File\Folder C:\WINDOWS\temp\avg-525cc046-64b3-495e-930b-92782ce4396e.tmp not found!
File\Folder C:\WINDOWS\temp\avg-5eb61a10-4839-4e2c-bf94-3751c60cf90e.tmp not found!
File\Folder C:\WINDOWS\temp\avg-61a5d354-89e3-487d-9ee2-4c7b72cacf62.tmp not found!
File\Folder C:\WINDOWS\temp\avg-6e108837-b847-4374-af39-be7d5f1a0335.tmp not found!
File\Folder C:\WINDOWS\temp\avg-713baa52-401f-4641-8861-201bffde613b.tmp not found!
File\Folder C:\WINDOWS\temp\avg-7666a805-b002-4a2c-8ed4-4c06a098c651.tmp not found!
File\Folder C:\WINDOWS\temp\avg-7d8a9675-3bff-4647-b5eb-0d4ea9d4f36a.tmp not found!
File\Folder C:\WINDOWS\temp\avg-823f063b-fbce-4a16-9b5e-495203889668.tmp not found!
File\Folder C:\WINDOWS\temp\avg-9146383b-c7ac-4622-b1ec-fe0c34a30d69.tmp not found!
File\Folder C:\WINDOWS\temp\avg-99615b51-97ab-4701-a12f-ae417edd1e1a.tmp not found!
File\Folder C:\WINDOWS\temp\avg-a2db4064-6ca2-4834-97d8-af36c12e6317.tmp not found!
File\Folder C:\WINDOWS\temp\avg-a796332d-7a89-464f-8aff-094c32ec6429.tmp not found!
File\Folder C:\WINDOWS\temp\avg-adbc5c0b-3506-4238-a2c7-6e68fc50d510.tmp not found!
File\Folder C:\WINDOWS\temp\avg-b77a9317-2cce-4e0d-b0ac-3a40eb6bcf06.tmp not found!
File\Folder C:\WINDOWS\temp\avg-bbb21d03-2632-4209-b720-dd71df2e0a72.tmp not found!
File\Folder C:\WINDOWS\temp\avg-c119c61b-3809-466d-8107-2178b80af972.tmp not found!
File\Folder C:\WINDOWS\temp\avg-c7327f57-191f-4f38-bbb7-83235817d810.tmp not found!
File\Folder C:\WINDOWS\temp\avg-c73b0122-8644-4a4f-876a-0a5a7329f26c.tmp not found!
File\Folder C:\WINDOWS\temp\avg-ca5ab518-a539-4509-be8c-2019d2e10b2c.tmp not found!
File\Folder C:\WINDOWS\temp\avg-da6c7b09-dfec-4f44-8ab7-fb52960b3c55.tmp not found!
File\Folder C:\WINDOWS\temp\avg-f1342d52-506c-4d47-99ea-f963f12a634a.tmp not found!
File\Folder C:\WINDOWS\temp\avg-f74d542d-5b3f-493b-9fa7-5c5953127b78.tmp not found!
File\Folder C:\WINDOWS\temp\avg-fa2fd704-6e2f-4667-b077-777b028c7513.tmp not found!
File\Folder C:\WINDOWS\temp\avg-fb6f2963-f016-4970-9f00-170c6fcc7633.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_3e0.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security Business Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 24
Java version out of Date!
Adobe Reader 7 Adobe Reader out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 13-09-2013
Ran by Star (administrator) on 14-10-2013 at 12:22:15
Running from "C:\Documents and Settings\Star\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2008-07-28 04:53] - [2008-07-28 04:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2010-09-02 10:13] - [2008-08-16 05:09] - 0025800 ____A (Microsoft Corporation) E53AE6443F6319D7EC22672CD473EADB

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgfwfd(10) Avgtdix(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B000000050000000100000002000000030000000400000008000000090000000A0000000B0000000600000007000000
IpSec Tag value is correct.

**** End of log ****
 
ESET

C:\Qoobox\Quarantine\C\Autorun.inf.virWin32/PSW.OnLineGames.NNU trojan
C:\Qoobox\Quarantine\D\autorun.inf.virWin32/PSW.OnLineGames.NNU trojan
C:\Qoobox\Quarantine\E\Autorun.inf.virWin32/PSW.OnLineGames.NNU trojan
C:\Qoobox\Quarantine\F\autorun.inf.virWin32/PSW.OnLineGames.NNU trojan
C:\System Volume Information\_restore{E928BD85-A8F8-4785-8D77-34F153C45429}\RP109\A0007227.exeWin32/PSW.OnLineGames.NNU trojan
C:\System Volume Information\_restore{E928BD85-A8F8-4785-8D77-34F153C45429}\RP109\A0007228.infWin32/PSW.OnLineGames.NNU trojan
C:\System Volume Information\_restore{E928BD85-A8F8-4785-8D77-34F153C45429}\RP110\A0007238.exeWin32/PSW.OnLineGames.NNU trojan
C:\System Volume Information\_restore{E928BD85-A8F8-4785-8D77-34F153C45429}\RP110\A0007239.infWin32/PSW.OnLineGames.NNU trojan
C:\System Volume Information\_restore{E928BD85-A8F8-4785-8D77-34F153C45429}\RP111\A0007249.exeWin32/PSW.OnLineGames.NNU trojan
C:\System Volume Information\_restore{E928BD85-A8F8-4785-8D77-34F153C45429}\RP111\A0007250.infWin32/PSW.OnLineGames.NNU trojan
C:\System Volume Information\_restore{E928BD85-A8F8-4785-8D77-34F153C45429}\RP112\A0007655.infWin32/PSW.OnLineGames.NNU trojan
 
redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader and install one of two free alternatives:

- Foxit PDF Reader from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

- PDF-XChange Viewer: http://www.tracker-software.com/product/pdf-xchange-viewer

redtarget.gif
1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
In all of those logs did you find something that could indeed be manipulating the MBR? Like what I wrote in my original post I am using something that latches onto the MBR enabling more then 4 primary windows partitions. Something was manipulating the MBR before the Boot It Bare Metal Manager would load and it would dis-rail it's install.

Time will tell about how my computer is doing, it's a rather random occurrence when the MBR is manipulated, whether or not we did indeed get rid of the infection.

Appreciate your time.
 
You must log in or register to reply here.

Similar threads

Humza
Critical flaw in VLC media player leaves PCs exposed, VideoLAN says otherwise
Replies
9
Views
2K
InTheWings
InTheWings
David Matthews
CCleaner may be installing Avast anti-virus without your permission
2
Replies
30
Views
9K
captaincranky
captaincranky
G
Encrypted flash drives: convenience and performance unmatched by the cloud
Replies
5
Views
2K
pssst3
pssst3

Latest posts

Back