Solved Results of testing: locked self-protect mode of Avast Antivirus Pro

Status
Not open for further replies.
systemmistress

systemmistress

Posts: 73   +0
Hi,

I thought I was totally lost, but due to the teasting requirements you recommend, I think my whole problem is because Avast 4 is locked in Self-Protect mode and also is locking me out of my Recovery Drive partition. Maybe this is why the odd test results? I did one weeks worth of investigating, reading, studying and clean-up of my machine and now it all makes sense.

I have a :Summary HP, Compaq Presario, SR1920NX.
Operating System
MS Windows XP Home 32-bit SP3
CPU
AMD Athlon 64 3500+ 43 °C
Venice 90nm Technology
RAM
512MB Dual-Channel DDR @ 200MHz (3-3-3-8)
Motherboard
ASUSTek Computer INC. NAGAMI2L (Socket 939)
Graphics
COMPAQ FS7600 @ 1024x768
nVidia video (HP)
Hard Drives
195GB SAMSUNG SP2004C (IDE) 41 °C
Optical Drives
PHILIPS DVD8851
Audio
Realtek High Definition Audio
Operating System
MS Windows XP Home 32-bit SP3
Installation Date: 30 March 2009, 07:14

CPU
AMD Athlon 64 3500+Core Memory slots
Total memory slots 4
Used memory slots 2
Free memory slots 2
Memory
Type DDR
Size 512 MBytes
Channels # Dual
DRAM Frequency 200.4 MHz
CAS# Latency (CL) 3 clocks
RAS# to CAS# Delay (tRCD) 3 clocks
RAS# Precharge (tRP) 3 clocks
Cycle Time (tRAS) 8 clocks
Bank Cycle Time (tR?) 11 clocks
Command Rate (CR) 2T
SPD
Number Of SPD Modules 2
Slot #1
Type DDR
Size 256 MBytes
Manufacturer Hyundai Electronics

Max Bandwidth PC3200 (200 MHz)

Here are the Results:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4490

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/27/2010 3:46:14 PM
mbam-log-2010-08-27 (15-46-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 182135
Time elapsed: 20 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-27 15:55:39
Windows 5.1.2600 Service Pack 3
Running: k3h5kxm2[1].exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\uwlcraoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

I even tried to delete the above with Revo Uninstaller, CCleaner, Add/Rem Programs, by hand, and withFile Assassin..nothing worked. And I tried more than once.
Alwil Software, Avast4 resides in my Local Drive of all places..I would have thought it would have been in C:\\.

Here is the other result:
[I will give my opinion of the results, based on a popup I got from my computer, which told me I could no longer access my partition "for safety reasons" from Avast]. when you see the testing results]



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fd

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79DC000 \WINDOWS\system32\KDCOM.DLL
0xF78EC000 \WINDOWS\system32\BOOTVID.dll
0xF73AD000 ACPI.sys
0xF79DE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF739C000 pci.sys
0xF74DC000 isapnp.sys
0xF7AA4000 pciide.sys
0xF775C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF79E0000 viaide.sys
0xF79E2000 intelide.sys
0xF74EC000 MountMgr.sys
0xF737D000 ftdisk.sys
0xF7764000 PartMgr.sys
0xF74FC000 VolSnap.sys
0xF72A8000 iaStor.sys
0xF7290000 atapi.sys
0xF750C000 disk.sys
0xF751C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7270000 fltmgr.sys
0xF725E000 sr.sys
0xF752C000 PxHelp20.sys
0xF7247000 KSecDD.sys
0xF71BA000 Ntfs.sys
0xF718D000 NDIS.sys
0xF716E000 xpacket.sys
0xF7154000 Mup.sys
0xF770C000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6BC9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6BB5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7834000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6B91000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF783C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF771C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF772C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF773C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6B6E000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6A51000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7A04000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF784C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6A29000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79C8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF69DE000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF69A7000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF774C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7854000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A08000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7BE9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF755C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6990000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF756C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF757C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF785C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF697F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF758C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7864000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF786C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6943000 \SystemRoot\system32\DRIVERS\parport.sys
0xF759C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7874000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A0C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF68E5000 \SystemRoot\system32\DRIVERS\update.sys
0xF6F4D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75AC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF75BC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF75CC000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF30DA000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF30B6000 \SystemRoot\system32\drivers\portcls.sys
0xF75DC000 \SystemRoot\system32\drivers\drmk.sys
0xF7A10000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B81000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A12000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78BC000 \SystemRoot\System32\drivers\vga.sys
0xF7A14000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A16000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78C4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78CC000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7990000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3033000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF2FDA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF2FB2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF75FC000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF2F90000 \SystemRoot\System32\drivers\afd.sys
0xF760C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF2F6E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF78D4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF2F43000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF2ED3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF762C000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2EAD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF763C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF696F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF764C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF2E64000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF78E4000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF77A4000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF696B000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xF6967000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF695F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF2E40000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF2E28000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A24000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF308E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77BC000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B15000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7894000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xBA51C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA391000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB9A59000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB97BC000 \SystemRoot\system32\drivers\wdmaud.sys
0xB99A1000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9587000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB93F0000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9107000 \SystemRoot\System32\Drivers\HTTP.sys
0xB7BBC000 \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\uwlcraoc.sys
0xB7ACF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
656 csrss.exe
680 C:\WINDOWS\system32\winlogon.exe
724 C:\WINDOWS\system32\services.exe
736 C:\WINDOWS\system32\lsass.exe
900 C:\WINDOWS\system32\svchost.exe
948 svchost.exe
1044 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1184 svchost.exe
1568 C:\WINDOWS\explorer.exe
1780 C:\WINDOWS\RTHDCPL.EXE
1832 C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
1828 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1848 C:\Program Files\Filseclab\xfilter\xfilter.exe
1864 C:\WINDOWS\system32\ctfmon.exe
660 C:\WINDOWS\system32\spoolsv.exe
152 C:\WINDOWS\system\hpsysdrv.exe
1448 svchost.exe
444 C:\Program Files\LSI SoftModem\agrsmsvc.exe
456 aspnet_state.exe
1920 PresentationFontCache.exe
564 C:\Program Files\Java\jre6\bin\jqs.exe
584 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1000 C:\WINDOWS\system32\nvsvc32.exe
2448 alg.exe
2812 C:\PROGRA~1\PeoplePC\ISP7000\Browser\PPShared.exe
2956 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
4092 C:\Program Files\Internet Explorer\iexplore.exe
1932 C:\Program Files\Internet Explorer\iexplore.exe
2820 C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002c`c0050e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP2004C, Rev: VM100-54

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 3

Done!


My thoughts on this odd results is that Avast has locked me out of my partition [D Drive] and it cannot be read..I am probably wrong.

My symptoms are hangs, freezes to the point when I have to hit the 'kill' button because nothing works. I just blamed all this on Firefox's Plug-in Container...I had better apologize..I do not think this is trhe problem, as I uninstalled FF 3.6.8, and am using 3.5.11. I also read that lots of my symptoms are the same as those on the forums at Mozilla as well. I wonder now.

All of the online scans for malware and viruses came up clean for me except the big one in MBam..I guess I should attach that huge file as well. You did not seem to want it from the other person you helped with a locked Avast..I do have it if needed.

Thanx very much, I am sorry to be so windy, but I want you to know that I tried myself. This is sort of a last resort for me, as I do not give up easily.

Thank you very much.
Systemmistress
 
I'm sorry Broni, I did not say that correctly.

Avira popped up a message stating that for securit reasons, I would "no longer be able to access my partition on D Drive". That was before I uninstalled it using Revo uninstaller set to the 4th level of removal or clean up[ which would include the registry, desktop icon, and all other listings in Documents and Settings, My Documents, and everywhere else.

I wrote to Avira, as I had paid for the program for one year, and told them I needed access to my partition in case..., and their reply was non existant.

I have not tried to do a re-install from D Drive as the last time I did one, all the same stuff was all right there..it was not from scratch.

I do not have a complete backup of my drive, nor did I make a CD from the recovery partition, as if you do that, you can no longer use that partition, and sometimes the Cd does not work. It costs money to buy a Recovery CD and I have very little of that.

I figured that since Avast got locked in self-protect mode that my D Drive was locked as well..I couyld not access the program on D Drive called Recovery.
[ed] RegGuard
I will lost everything now if I have to do a recovery..

HP makes a small proigram that they put on the machines that keeps you from making a mistake and doing a recovery. I forget now what that is exactly, but remember reading about it.

Also, shouldn't that MBAM have checked D Drive as well if it could have?

I prepared the information for another forum called Freeze, hang BSOD. I did what those steps were and probably should have posted this there.

Avast sent me instructions to boot into safe mode, and remove the program Avast4 trhere, but F8 did not work for me. If only I could remove Avast4, and then do these virus steps I woul;d feel so much better.
Then we'd have a more detailed picture of all the results, to ascertain as to whether or not I actually have a virus or not. Don't you think so?

I will do all the virus removal steps but can't we remove that Avast4 first? Then I will rescan and post if necessary.

Please advise.
Sandra
 
here's the rest

I went thru the 8 steps [modified] as you asked



Here are all the zipped files you requested:

Thank you so much for your help..I am lost.
Sandra
 
Broni,

The program that I cannot remove is Avast..here is what the tech person sent me in email:

Hello,

Try to reinstall your avast! using the avast! uninstall utility.

The avast! uninstall utility (aswClear.exe) can be found on this page:
http://public.avast.com/dev/aswClear_3.exe

and follow these instructions:

1. Download aswClear.exe on to your desktop
2. Either, start Windows in Safe Mode if you know how (http://www.computerhope.com/issues/chsafe.htm)
3. Open (execute) the uninstall utility
4. If you installed avast! in a folder other than the default folder, use the browse facility to locate it. (Note: Be careful! The content of any folder you choose will be deleted!)
5. Click REMOVE
6. Restart your computer

Now download the latest version of avast! and install it again (http://files.avast.com/iavs5x/setup_av_free.exe). If you have Windows 7 or Vista run the setup file as an administrator (right-click on avast! setup file and from the Drop Down Menu select the Run As Administrator option).

Best regards,

Jakub Vanous
AVAST Software a.s.

Ticket Details
===================
Ticket ID: NTW-571558
Department: [ENG] Technical support
Priority: Default
Status: On Hold


I tried it amd it would not install to uninastall..the old Avast4 is on self=proptect mode. I could not even start in Safe Mode.

Thanx once again,
Sandra
 
Please, never zip any files. It's an extra work for us to unzip them.
Our instructions don't ask for zipping.
Please, repost with straight files attached.
 
Sorry,Broni,
I could swear I read that I can never post any text files-they contain viruses..that they must be zipped. I am always wrong - this is judt another time.

here is the info you requested:

SuperAntiSpyware scan log 8-27-2010

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/27/2010 at 11:43 PM

Application Version : 4.41.1000

Core Rules Database Version : 5362
Trace Rules Database Version: 3174

Scan type : Complete Scan
Total Scan Time : 00:21:40

Memory items scanned : 380
Memory threats detected : 0
Registry items scanned : 6388
Registry threats detected : 0
File items scanned : 19829
File threats detected : 1

Trojan.Agent/Gen-Nullo[Short]
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWSCAN.DLL

this was already quarantined and removed in the middle of August, 2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fd

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79DC000 \WINDOWS\system32\KDCOM.DLL
0xF78EC000 \WINDOWS\system32\BOOTVID.dll
0xF73AD000 ACPI.sys
0xF79DE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF739C000 pci.sys
0xF74DC000 isapnp.sys
0xF7AA4000 pciide.sys
0xF775C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF79E0000 viaide.sys
0xF79E2000 intelide.sys
0xF74EC000 MountMgr.sys
0xF737D000 ftdisk.sys
0xF7764000 PartMgr.sys
0xF74FC000 VolSnap.sys
0xF72A8000 iaStor.sys
0xF7290000 atapi.sys
0xF750C000 disk.sys
0xF751C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7270000 fltmgr.sys
0xF725E000 sr.sys
0xF752C000 PxHelp20.sys
0xF7247000 KSecDD.sys
0xF71BA000 Ntfs.sys
0xF718D000 NDIS.sys
0xF716E000 xpacket.sys
0xF7154000 Mup.sys
0xF770C000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6BC9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6BB5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7834000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6B91000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF783C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF771C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF772C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF773C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6B6E000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6A51000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7A04000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF784C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6A29000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79C8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF69DE000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF69A7000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF774C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7854000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A08000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7BE9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF755C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6990000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF756C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF757C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF785C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF697F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF758C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7864000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF786C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6943000 \SystemRoot\system32\DRIVERS\parport.sys
0xF759C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7874000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A0C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF68E5000 \SystemRoot\system32\DRIVERS\update.sys
0xF6F4D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75AC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF75BC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF75CC000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF30DA000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF30B6000 \SystemRoot\system32\drivers\portcls.sys
0xF75DC000 \SystemRoot\system32\drivers\drmk.sys
0xF7A10000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B81000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A12000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78BC000 \SystemRoot\System32\drivers\vga.sys
0xF7A14000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A16000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78C4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78CC000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7990000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3033000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF2FDA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF2FB2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF75FC000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF2F90000 \SystemRoot\System32\drivers\afd.sys
0xF760C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF2F6E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF78D4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF2F43000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF2ED3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF762C000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2EAD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF763C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF696F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF764C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF2E64000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF78E4000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF77A4000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF696B000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xF6967000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF695F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF2E40000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF2E28000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A24000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF308E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77BC000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B15000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7894000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xBA51C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA391000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB9A59000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB97BC000 \SystemRoot\system32\drivers\wdmaud.sys
0xB99A1000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9587000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB93F0000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9107000 \SystemRoot\System32\Drivers\HTTP.sys
0xB7BBC000 \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\uwlcraoc.sys
0xB7ACF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
656 csrss.exe
680 C:\WINDOWS\system32\winlogon.exe
724 C:\WINDOWS\system32\services.exe
736 C:\WINDOWS\system32\lsass.exe
900 C:\WINDOWS\system32\svchost.exe
948 svchost.exe
1044 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1184 svchost.exe
1568 C:\WINDOWS\explorer.exe
1780 C:\WINDOWS\RTHDCPL.EXE
1832 C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
1828 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1848 C:\Program Files\Filseclab\xfilter\xfilter.exe
1864 C:\WINDOWS\system32\ctfmon.exe
660 C:\WINDOWS\system32\spoolsv.exe
152 C:\WINDOWS\system\hpsysdrv.exe
1448 svchost.exe
444 C:\Program Files\LSI SoftModem\agrsmsvc.exe
456 aspnet_state.exe
1920 PresentationFontCache.exe
564 C:\Program Files\Java\jre6\bin\jqs.exe
584 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1000 C:\WINDOWS\system32\nvsvc32.exe
2448 alg.exe
2812 C:\PROGRA~1\PeoplePC\ISP7000\Browser\PPShared.exe
2956 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
4092 C:\Program Files\Internet Explorer\iexplore.exe
1932 C:\Program Files\Internet Explorer\iexplore.exe
2820 C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002c`c0050e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP2004C, Rev: VM100-54

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-27 16:34:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\uwlcraoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4490

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/27/2010 3:46:14 PM
mbam-log-2010-08-27 (15-46-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 182135
Time elapsed: 20 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Owner at 17:21:48.96 on Fri 08/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.57 [GMT -4:00]

AV: avast! antivirus 4.8.0 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Filseclab Personal Firewall *enabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PeoplePC\ISP7000\Browser\Bartshel.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system\hpsysdrv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\PeoplePC\ISP7000\Browser\PPShared.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.peoplepc.com/websearch
uSearch Page =
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://home.peoplepc.com/search/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = local
mSearchAssistant =
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: ZoomInto: {2f3d6d62-fab0-401a-90b6-1b20c2d4448d} - c:\program files\zoominto solutions\zoominto 13.1.1\ZoomInto.dll
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL
BHO: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Bart Station] c:\program files\peoplepc\isp7000\bin\PPCOLink.exe -STATION
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [XFILTER] "c:\program files\filseclab\xfilter\xfilter.exe" -a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: ZoomInto - c:\documents and settings\compaq_owner\application data\zoominto\zoominto.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\filseclab\xfilter\XFILTER.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238518495328
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {523E608B-4D4B-41B8-908D-FEA1131E7ED1} = 207.69.188.185,207.69.188.186
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\o80qd9p5.sandra\
FF - prefs.js: browser.search.selectedEngine - Scroogle SSL
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [2010-3-3 124752]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-17 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-17 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-17 138680]
S3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast5\avastsvc.exe" --> c:\program files\alwil software\avast5\AvastSvc.exe [?]
S3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashwebsv.exe" /service --> c:\program files\alwil software\avast4\ashWebSv.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14f.tmp --> c:\windows\system32\14F.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-3-23 120168]

=============== Created Last 30 ================

2010-08-20 18:39:04 0 d-----w- c:\program files\Trend Micro
2010-08-16 17:37:23 0 d-----w- c:\docume~1\compaq~1\applic~1\VSRevoGroup
2010-08-16 04:20:45 0 d-----w- c:\program files\Sophos
2010-08-16 03:43:09 2626 ----a-w- c:\windows\system32\config.bak
2010-08-16 03:43:09 2577 ----a-w- c:\windows\config.nt
2010-08-16 03:43:09 1688 ----a-w- c:\windows\system32\autoexec.bak
2010-08-16 03:43:09 1688 ----a-w- c:\windows\autoexec.nt
2010-08-16 02:16:58 0 d-----w- c:\program files\Speccy
2010-08-14 21:00:40 0 d-----w- c:\program files\SRWare Iron
2010-08-13 17:28:18 0 d-----w- C:\AV-CLS
2010-08-12 22:17:06 165032 ----a-w- c:\windows\system32\asw2B4.tmp
2010-08-10 07:21:41 0 d-----w- c:\docume~1\compaq~1\applic~1\DiskSpaceFan
2010-08-10 07:20:49 0 d-----w- c:\program files\DiskSpaceFan
2010-08-10 07:05:07 0 d-----w- c:\program files\ZPaint 1.4
2010-07-29 14:13:20 0 d-----w- c:\program files\Citrix
2010-07-29 14:13:03 103784 ----a-w- c:\documents and settings\compaq_owner\GoToAssistDownloadHelper.exe

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 21:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\dllcache\msxml3.dll
2009-03-31 19:23:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009033120090401\index.dat

============= FINISH: 17:22:28.76 ===============
 
Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fd

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79DC000 \WINDOWS\system32\KDCOM.DLL
0xF78EC000 \WINDOWS\system32\BOOTVID.dll
0xF73AD000 ACPI.sys
0xF79DE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF739C000 pci.sys
0xF74DC000 isapnp.sys
0xF7AA4000 pciide.sys
0xF775C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF79E0000 viaide.sys
0xF79E2000 intelide.sys
0xF74EC000 MountMgr.sys
0xF737D000 ftdisk.sys
0xF7764000 PartMgr.sys
0xF74FC000 VolSnap.sys
0xF72A8000 iaStor.sys
0xF7290000 atapi.sys
0xF750C000 disk.sys
0xF751C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7270000 fltmgr.sys
0xF725E000 sr.sys
0xF752C000 PxHelp20.sys
0xF7247000 KSecDD.sys
0xF71BA000 Ntfs.sys
0xF718D000 NDIS.sys
0xF716E000 xpacket.sys
0xF7154000 Mup.sys
0xF772C000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6DAC000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6D98000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF781C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6D74000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7824000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF773C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF774C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF755C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D51000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6C34000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7A00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF782C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6C0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79D0000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6BC1000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6B8A000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF756C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF783C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A02000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7BEE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF757C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6B73000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF758C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF759C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7844000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6B62000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75AC000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF784C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7854000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6B26000 \SystemRoot\system32\DRIVERS\parport.sys
0xF75BC000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF785C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A06000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6A94000 \SystemRoot\system32\DRIVERS\update.sys
0xF7124000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75CC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF75DC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF75EC000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF32BD000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3299000 \SystemRoot\system32\drivers\portcls.sys
0xF75FC000 \SystemRoot\system32\drivers\drmk.sys
0xF7A0C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B81000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A0E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7894000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF789C000 \SystemRoot\System32\drivers\vga.sys
0xF7A10000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A12000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78A4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78AC000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF799C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3216000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF31BD000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3195000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF761C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF3173000 \SystemRoot\System32\drivers\afd.sys
0xF762C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3151000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF78B4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF312B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF764C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF3100000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3090000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF765C000 \SystemRoot\System32\Drivers\Fips.SYS
0xF78BC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6B5A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF767C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF306F000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF78C4000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF78CC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF6B52000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xF6B4E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6B46000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF3023000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF300B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A1E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF326D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78E4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B1E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF77D4000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xF3251000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA391000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB99C4000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9B59000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9A49000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB95D7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB94B8000 \SystemRoot\system32\DRIVERS\srv.sys
0xB91CF000 \SystemRoot\System32\Drivers\HTTP.sys
0xB53CD000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
916 C:\WINDOWS\system32\svchost.exe
964 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1112 svchost.exe
1156 svchost.exe
1420 C:\WINDOWS\system32\spoolsv.exe
1640 C:\WINDOWS\explorer.exe
1872 C:\WINDOWS\RTHDCPL.EXE
1916 C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
1932 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1940 C:\Program Files\Filseclab\xfilter\xfilter.exe
1952 C:\WINDOWS\system32\ctfmon.exe
640 svchost.exe
676 C:\Program Files\LSI SoftModem\agrsmsvc.exe
820 aspnet_state.exe
924 PresentationFontCache.exe
1148 C:\Program Files\Java\jre6\bin\jqs.exe
1192 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1248 C:\WINDOWS\system32\nvsvc32.exe
2072 alg.exe
2400 C:\PROGRA~1\PeoplePC\ISP7000\Browser\PPShared.exe
2612 C:\WINDOWS\system\hpsysdrv.exe
2636 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1976 C:\Program Files\Internet Explorer\iexplore.exe
3092 C:\Program Files\Internet Explorer\iexplore.exe
1520 C:\Program Files\Internet Explorer\iexplore.exe
2852 C:\Program Files\Internet Explorer\iexplore.exe
2512 C:\Program Files\Internet Explorer\iexplore.exe
4092 C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002c`c0050e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP2004C, Rev: VM100-54

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
 
Do I follow the last instructions or is this what you want?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fd

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79DC000 \WINDOWS\system32\KDCOM.DLL
0xF78EC000 \WINDOWS\system32\BOOTVID.dll
0xF73AD000 ACPI.sys
0xF79DE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF739C000 pci.sys
0xF74DC000 isapnp.sys
0xF7AA4000 pciide.sys
0xF775C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF79E0000 viaide.sys
0xF79E2000 intelide.sys
0xF74EC000 MountMgr.sys
0xF737D000 ftdisk.sys
0xF7764000 PartMgr.sys
0xF74FC000 VolSnap.sys
0xF72A8000 iaStor.sys
0xF7290000 atapi.sys
0xF750C000 disk.sys
0xF751C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7270000 fltmgr.sys
0xF725E000 sr.sys
0xF752C000 PxHelp20.sys
0xF7247000 KSecDD.sys
0xF71BA000 Ntfs.sys
0xF718D000 NDIS.sys
0xF716E000 xpacket.sys
0xF7154000 Mup.sys
0xF771C000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6DAC000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6D98000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7824000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6D74000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF782C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF772C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF773C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF774C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D51000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6C34000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7A02000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7834000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6C0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79D0000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6BC1000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6B8A000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF755C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF783C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A04000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7BEB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF756C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6B73000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF757C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF758C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7844000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6B62000 \SystemRoot\system32\DRIVERS\psched.sys
0xF759C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF784C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7854000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6B26000 \SystemRoot\system32\DRIVERS\parport.sys
0xF75AC000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF785C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A08000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6AC8000 \SystemRoot\system32\DRIVERS\update.sys
0xF7124000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75CC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF75DC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF75EC000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF32BD000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3299000 \SystemRoot\system32\drivers\portcls.sys
0xF75FC000 \SystemRoot\system32\drivers\drmk.sys
0xF7A0E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B81000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A10000 \SystemRoot\System32\Drivers\Beep.SYS
0xF789C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78A4000 \SystemRoot\System32\drivers\vga.sys
0xF7A12000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A14000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78AC000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78B4000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF799C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3216000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF31BD000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3195000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF761C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF3173000 \SystemRoot\System32\drivers\afd.sys
0xF762C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3151000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF78BC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF3126000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF30B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF764C000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3090000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF765C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF78C4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6B4E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF766C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF3047000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF78CC000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF78D4000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF6B4A000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xF6B46000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6B3E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF3023000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF300B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A2A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF3261000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77AC000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B2D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7884000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xBA514000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA391000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB999C000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA2C9000 \SystemRoot\system32\drivers\sysaudio.sys
0xB981C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB96C7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9440000 \SystemRoot\system32\DRIVERS\srv.sys
0xB91F7000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8428000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
916 C:\WINDOWS\system32\svchost.exe
964 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1112 svchost.exe
1204 svchost.exe
1556 C:\WINDOWS\system32\spoolsv.exe
1676 C:\WINDOWS\explorer.exe
284 C:\WINDOWS\RTHDCPL.EXE
440 C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
444 C:\Program Files\Common Files\Java\Java Update\jusched.exe
472 C:\Program Files\Filseclab\xfilter\xfilter.exe
500 C:\WINDOWS\system32\ctfmon.exe
756 svchost.exe
1136 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1096 aspnet_state.exe
1472 PresentationFontCache.exe
1548 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
1652 C:\Program Files\Java\jre6\bin\jqs.exe
1696 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1716 C:\WINDOWS\system32\nvsvc32.exe
2124 alg.exe
2452 C:\PROGRA~1\PeoplePC\ISP7000\Browser\PPShared.exe
2560 C:\WINDOWS\system\hpsysdrv.exe
2600 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2888 C:\Program Files\Internet Explorer\iexplore.exe
3032 C:\Program Files\Internet Explorer\iexplore.exe
3440 C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002c`c0050e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP2004C, Rev: VM100-54

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Unfortunately, our fix didn't work.
We need to use different way to do it.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted run MBRCheck one more time and let me have the log produced.
 
Good Morning,

I went to Bios and had a look. I have questions:
1. On top row choices: Main - Advanced - Power - Boot - Exit
Under Advanced - the only reference to "boot" is this Onborad LAN BOOT ROM

2. Under Boot menu: it lists first BOOT-TIME DIAGNOSTIC [disabled]
Boot Device Priority
1st [floppy] TEAC USB
2nd [CD-ROM Group] Phillips DVD88
3rd [HDD Group] Samsung
4th [Network Boot Group] Not Installed

What order do I put these in, please?
Do I change any other setting?

3. What is 'Onboard LAN BOOT ROM? under 'Advanced" in upper menu?

This BIOS is a little different than example cited in 'How to Set BIOS from CDROM' article.

Thank you very much.
 
Sorry. Broni,
Please ignore the last post..
this is the new one:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fd

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79DC000 \WINDOWS\system32\KDCOM.DLL
0xF78EC000 \WINDOWS\system32\BOOTVID.dll
0xF73AD000 ACPI.sys
0xF79DE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF739C000 pci.sys
0xF74DC000 isapnp.sys
0xF7AA4000 pciide.sys
0xF775C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF79E0000 viaide.sys
0xF79E2000 intelide.sys
0xF74EC000 MountMgr.sys
0xF737D000 ftdisk.sys
0xF7764000 PartMgr.sys
0xF74FC000 VolSnap.sys
0xF72A8000 iaStor.sys
0xF7290000 atapi.sys
0xF750C000 disk.sys
0xF751C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7270000 fltmgr.sys
0xF725E000 sr.sys
0xF752C000 PxHelp20.sys
0xF7247000 KSecDD.sys
0xF71BA000 Ntfs.sys
0xF718D000 NDIS.sys
0xF716E000 xpacket.sys
0xF7154000 Mup.sys
0xF756C000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6DAC000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6D98000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF781C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6D74000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7824000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF757C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF758C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF759C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D51000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6C34000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF79FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF782C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6C0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79D8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6BC1000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6B8A000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF75AC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF783C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A00000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7BEA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75BC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7130000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6B73000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75DC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF784C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6B62000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75EC000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7854000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF785C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6AF2000 \SystemRoot\system32\DRIVERS\parport.sys
0xF75FC000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7864000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A04000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6A94000 \SystemRoot\system32\DRIVERS\update.sys
0xF7120000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF760C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF761C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF762C000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF32BD000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3299000 \SystemRoot\system32\drivers\portcls.sys
0xF763C000 \SystemRoot\system32\drivers\drmk.sys
0xF7A08000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B81000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A0A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78AC000 \SystemRoot\System32\drivers\vga.sys
0xF7A0C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A0E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78B4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78BC000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF79A0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3216000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF31BD000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3195000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF765C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF3173000 \SystemRoot\System32\drivers\afd.sys
0xF766C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3151000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF78C4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF3126000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF30B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF768C000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3090000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF769C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF78CC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6B52000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF76AC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF3047000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF78D4000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF78DC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF6B4A000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xF6B46000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6B3E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF3023000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF300B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A22000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF3259000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77B4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B3A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF788C000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0xBA518000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA391000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB999C000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA430000 \SystemRoot\system32\drivers\sysaudio.sys
0xB98EE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB96C7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9468000 \SystemRoot\system32\DRIVERS\srv.sys
0xB91F7000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
916 C:\WINDOWS\system32\svchost.exe
964 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1108 svchost.exe
1172 svchost.exe
1548 C:\WINDOWS\system32\spoolsv.exe
1652 C:\WINDOWS\explorer.exe
248 C:\WINDOWS\RTHDCPL.EXE
292 C:\Program Files\PeoplePC\ISP7000\Browser\BartShel.exe
436 C:\Program Files\Common Files\Java\Java Update\jusched.exe
456 C:\Program Files\Filseclab\xfilter\xfilter.exe
496 C:\WINDOWS\system32\ctfmon.exe
816 svchost.exe
1104 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1148 aspnet_state.exe
1436 PresentationFontCache.exe
1492 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
1668 C:\Program Files\Java\jre6\bin\jqs.exe
1728 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1752 C:\WINDOWS\system32\nvsvc32.exe
232 C:\WINDOWS\system32\wuauclt.exe
1948 alg.exe
2448 C:\PROGRA~1\PeoplePC\ISP7000\Browser\PPShared.exe
2564 C:\WINDOWS\system\hpsysdrv.exe
2584 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2684 C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
2728 wmiprvse.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002c`c0050e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP2004C, Rev: VM100-54

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
We go it. Good job :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I am afraid to try to delete Avast4 in Self-Protect mode.
In facty I am going to wait and hear what you have to say about this issue.
I do need to put Avira back on ASAP.
Thank you.,
s
 
Do nothing else, but what I tell you.
Make sure, Windows firewall is ON and you're safe.
 
ComboFix 10-08-28.02 - Compaq_Owner 08/29/2010 22:26:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.220 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.0 [VPS 000000-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\GoToAssistDownloadHelper.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-28 04:28 . 2010-08-28 04:28 -------- d-----w- c:\program files\7-Zip
2010-08-27 19:14 . 2010-08-27 19:14 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-08-27 19:13 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 19:13 . 2010-08-27 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 19:13 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 16:24 . 2006-09-02 02:45 222 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\extensions\Extended@spanglerco.com\open.cmd
2010-08-27 10:41 . 2010-08-27 10:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Temp
2010-08-27 10:40 . 2010-08-27 10:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google
2010-08-23 19:29 . 2008-04-14 00:12 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-08-22 17:35 . 2010-08-22 17:35 -------- d-----w- c:\program files\MSECache
2010-08-21 08:01 . 2010-08-21 08:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Help
2010-08-20 18:39 . 2010-08-20 18:39 388096 ------r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-20 18:39 . 2010-08-20 18:39 -------- d-----w- c:\program files\Trend Micro
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\VSRevoGroup
2010-08-16 04:20 . 2010-08-16 04:20 -------- d-----w- c:\program files\Sophos
2010-08-16 02:16 . 2010-08-16 02:17 -------- d-----w- c:\program files\Speccy
2010-08-14 22:28 . 2010-08-14 22:28 -------- d-----w- c:\program files\Common Files\Java
2010-08-14 22:28 . 2010-08-14 22:28 503808 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\msvcp71.dll
2010-08-14 22:28 . 2010-08-14 22:28 499712 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\jmc.dll
2010-08-14 22:28 . 2010-08-14 22:28 348160 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a4b79aa-n\msvcr71.dll
2010-08-14 22:27 . 2010-08-14 22:27 61440 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5157a20a-n\decora-sse.dll
2010-08-14 22:27 . 2010-08-14 22:27 12800 ------w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5157a20a-n\decora-d3d.dll
2010-08-14 21:00 . 2010-08-14 21:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Chromium
2010-08-14 21:00 . 2010-08-14 21:00 -------- d-----w- c:\program files\SRWare Iron
2010-08-13 17:28 . 2010-08-16 03:54 -------- d-----w- C:\AV-CLS
2010-08-13 00:25 . 2010-08-13 03:48 -------- d-----w- c:\windows\BDOSCAN8
2010-08-10 07:21 . 2010-08-10 07:48 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DiskSpaceFan
2010-08-10 07:20 . 2010-08-10 07:20 -------- d-----w- c:\program files\DiskSpaceFan
2010-08-10 07:05 . 2010-08-10 07:05 -------- d-----w- c:\program files\ZPaint 1.4
2010-08-07 07:50 . 2010-08-16 03:59 63488 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-05 20:43 . 2010-08-05 20:43 52224 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 02:21 . 2009-03-30 11:33 50880 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 02:00 . 2009-04-07 14:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-30 01:42 . 2010-01-28 18:15 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\StumbleUpon
2010-08-30 01:32 . 2010-06-28 21:45 243840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-26 21:40 . 2010-01-16 14:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PeoplePal
2010-08-26 21:22 . 2009-04-20 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\VistaCodecs
2010-08-25 17:38 . 2010-03-03 04:40 -------- d-----w- c:\program files\Common Files\Filseclab
2010-08-22 17:08 . 2010-02-16 20:16 -------- d-----w- c:\program files\Recuva
2010-08-21 10:01 . 2001-06-27 22:29 1134592 ----a-w- c:\windows\system32\ntbackup.exe
2010-08-20 19:36 . 2009-03-30 12:23 -------- d-----w- c:\program files\Alwil Software
2010-08-17 06:46 . 2009-03-30 15:31 -------- d-----w- c:\program files\VS Revo Group
2010-08-16 03:58 . 2009-04-05 19:18 117760 ------w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-16 02:13 . 2009-04-01 04:49 -------- d-----w- c:\program files\CCleaner
2010-08-14 22:27 . 2005-05-11 00:28 -------- d-----w- c:\program files\Java
2010-08-05 20:59 . 2009-04-05 19:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-29 14:13 . 2010-07-29 14:13 -------- d-----w- c:\program files\Citrix
2010-07-27 11:56 . 2009-12-09 21:53 -------- d-----w- c:\program files\HeyDoc
2010-07-17 09:00 . 2010-04-16 22:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Bart Station"="c:\program files\PeoplePC\ISP7000\BIN\PPCOLink.exe" [2008-02-25 25944]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"XFILTER"="c:\program files\Filseclab\xfilter\xfilter.exe" [2006-12-23 901120]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-5-10 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-26 04:37 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\AV-CLS\\WGET.EXE"=

R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [3/3/2010 12:40 AM 126224]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/17/2009 12:11 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/17/2009 12:11 AM 20560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14F.tmp --> c:\windows\system32\14F.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [3/23/2009 11:43 PM 120168]
.
Contents of the 'Scheduled Tasks' folder

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 10:40]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204943530-153763967-1977393198-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 10:40]

2010-08-24 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 02:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.peoplepc.com/websearch
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: ZoomInto - c:\documents and settings\Compaq_Owner\Application Data\Zoominto\zoominto.htm
LSP: c:\program files\Filseclab\xfilter\XFILTER.DLL
TCP: {523E608B-4D4B-41B8-908D-FEA1131E7ED1} = 207.69.188.185,207.69.188.186
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o80qd9p5.Sandra\
FF - prefs.js: browser.search.selectedEngine - Scroogle SSL
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-LSI Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 22:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\14F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2204943530-153763967-1977393198-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(752)
c:\program files\Filseclab\xfilter\XFILTER.DLL
.
Completion time: 2010-08-29 22:33:48
ComboFix-quarantined-files.txt 2010-08-30 02:33

Pre-Run: 175,249,088,512 bytes free
Post-Run: 175,208,292,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - F445B8A5A44FAA501928C7C52F50B01B
 
It looks good :)

Now, we'll try to remove Avast.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I tried to post log files from OTL and got a message that the file is too long (780000 and max is (20000)

How do you want this split?
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back