Solved System Check virus?

Timock

Posts: 35   +0
I'm using winXP, A few days ago my avast system seemed to have caught the "virus check virus" which could only be opened in sandbox. I then had the system check pop up appear, fake scan my system and asking me to help fix the problem by purchasing a non existant cure.
Obviously I did not do that. I checked my firewall Macafee and I had several intrusions. Ran Avast scan then did an avast Reboot scan, which found only one infected file, which could not be deleted? Started to the desktop and everything had disappeared accept the start button and empy my documents folder etc,

It seems I can only connect online via in safe mode.

Found TechSpot and tried to follow the procedure that had already been outlined for others. But not as accurately as I should have. My Bad!

Ran - 1) Malwarebytes' Anti-Malware,
2) Unhide - which helped restore some files and applications
3)aswMBR.exe
4) attempted to run Combo Fix, which seems to crash while scanning, I had disabled Avast and nothing else is running, so I was at a loss. Looked at TechSpot in more detail (what I should have done in the first place) So below will be my listed logs.

Any help would be greatly appreciated. Thanks

My First Malwarebytes Scan

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.07.04

Windows XP Service Pack 3 x86 FAT32 (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
Administrator :: [administrator]

07/01/2012 23:44:19
mbam-log-2012-01-07 (23-44-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313899
Time elapsed: 57 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AWteuGLwTAOiU.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\AWteuGLwTAOiU.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Documents and Settings\All Users\Application Data\AWteuGLwTAOiU.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\rvn4Uw7wiU5Dge.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Documents and Settings\wayne\Local Settings\Temp\wera0.7797335485655679.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\wayne\Application Data\Sun\Java\Deployment\cache\6.0\47\4567146f-3699d291 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\wayne\Application Data\Sun\Java\Deployment\cache\6.0\47\4567146f-785d2ed6 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Alcohol Soft\Alcohol 120\keymaker.exe (Password.Stealer) -> Quarantined and deleted successfully.
C:\Program Files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.
D:\stuff\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)



---------------------

My last Malwarebytes Scan

Database version: v2012.01.07.04

Windows XP Service Pack 3 x86 FAT32 (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
Administrator :: [administrator]

11/01/2012 19:49:45
mbam-log-2012-01-11 (19-49-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204486
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----------------


GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-11 20:08:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 IC25N060ATMR04-0 rev.MO3OAD4A
Running: 2xdyqh4m[1].exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxldqpob.sys


---- System - GMER 1.0.15 ----

SSDT spxl.sys ZwCreateKey [0xF87250E0]
SSDT spxl.sys ZwEnumerateKey [0xF8742CA2]
SSDT spxl.sys ZwEnumerateValueKey [0xF8743030]
SSDT spxl.sys ZwOpenKey [0xF87250C0]
SSDT spxl.sys ZwQueryKey [0xF8743108]
SSDT spxl.sys ZwQueryValueKey [0xF8742F88]
SSDT spxl.sys ZwSetValueKey [0xF874319A]

INT 0x62 ? 83373BF8
INT 0x73 ? 83333BF8
INT 0xA4 ? 83333BF8
INT 0xB4 ? 83333BF8

---- Kernel code sections - GMER 1.0.15 ----

? spxl.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F852F8AC 5 Bytes JMP 833331D8
.text anoojwv9.SYS F8121384 1 Byte [20]
.text anoojwv9.SYS F8121384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text anoojwv9.SYS F81213AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text anoojwv9.SYS F81213C4 3 Bytes [00, 00, 00]
.text anoojwv9.SYS F81213C9 1 Byte [00]
.text ...
init C:\WINDOWS\system32\Drivers\FireTDI.sys entry point in "init" section [0xF7EED000]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833E22D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F874B6D0] spxl.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F874F708] spxl.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8726046] spxl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8726142] spxl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F87260C4] spxl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F87267CE] spxl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F87266A4] spxl.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833332D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8731D7A] spxl.sys
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlInitUnicodeString] 0000004C
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!swprintf] 00000095
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeSetEvent] 0000000B
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000042
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000FA
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 000000C3
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0000004E
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000008
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 0000002E
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmUnmapIoSpace] 000000A1
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 00000066
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IofCompleteRequest] 00000028
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 000000D9
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IofCallDriver] 00000024
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 000000B2
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000076
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoConnectInterrupt] 0000005B
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoDetachDevice] 000000A2
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000049
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInitializeEvent] 0000006D
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeCancelTimer] 0000008B
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000D1
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000025
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000072
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoQueueWorkItem] 000000F8
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmMapIoSpace] 000000F6
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 00000064
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoReportDetectedDevice] 00000086
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00000068
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000098
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!NlsMbCodePageTag] 00000016
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoRequestPowerIrp] 000000D4
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 000000A4
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 0000005C
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!sprintf] 000000CC
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0000005D
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ObfDereferenceObject] 00000065
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 000000B6
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000092
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwClose] 0000006C
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 00000070
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000048
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 00000050
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 000000FD
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoCreateDevice] 000000ED
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B9
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 000000DA
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000005E
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwOpenKey] 00000015
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 00000046
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoStartTimer] 00000057
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInitializeTimer] 000000A7
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoInitializeTimer] 0000008D
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInitializeDpc] 0000009D
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInitializeSpinLock] 00000084
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoInitializeIrp] 00000090
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwCreateKey] 000000D8
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AB
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 00000000
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ZwSetValueKey] 0000008C
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000BC
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 000000D3
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoStartPacket] 0000000A
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 000000F7
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000E4
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoFreeMdl] 00000058
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmUnlockPages] 00000005
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 000000B8
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 000000B3
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00000045
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 00000006
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeSynchronizeExecution] 000000D0
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoStartNextPacket] 0000002C
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeBugCheckEx] 0000001E
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeSetTimer] 000000CA
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!_allmul] 0000003F
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmProbeAndLockPages] 0000000F
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!_except_handler3] 00000002
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoSetPowerState] 000000C1
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000AF
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000BD
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000003
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!_aulldiv] 00000001
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!strstr] 00000013
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!_strupr] 0000008A
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeQuerySystemTime] 0000006B
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000003A
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!KeTickCount] 00000091
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000011
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoDeleteDevice] 00000041
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000004F
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000067
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateIrp] 000000DC
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoAllocateMdl] 000000EA
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 00000097
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000F2
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 000000CF
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 000000CE
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!ExFreePoolWithTag] 000000F0
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoFreeIrp] 000000B4
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!IoFreeWorkItem] 000000E6
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!RtlCompareMemory] 00000096
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!PoCallDriver] 000000AC
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!memmove] 00000074
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[ntoskrnl.exe!MmHighestUserAddress] 00000022
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KfAcquireSpinLock] 00000034
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KeGetCurrentIrql] 00000043
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KfRaiseIrql] 00000044
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KfLowerIrql] 000000C4
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!HalGetInterruptVector] 000000DE
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!HalTranslateBusAddress] 000000E9
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!KfReleaseSpinLock] 00000054
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!READ_PORT_USHORT] 00000094
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[WMILIB.SYS!WmiSystemControl] 00000023
IAT \SystemRoot\System32\Drivers\anoojwv9.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D
 
---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom 833721F8

AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee Desktop Firewall Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\sptd \Device\3091846462 spxl.sys
Device \Driver\usbuhci \Device\USBPDO-0 8330D1F8
Device \Driver\usbuhci \Device\USBPDO-1 8330D1F8
Device \Driver\usbuhci \Device\USBPDO-2 8330D1F8
Device \Driver\usbuhci \Device\USBPDO-3 8330D1F8
Device \Driver\usbehci \Device\USBPDO-4 8329C1F8

AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee Desktop Firewall Application Firewall Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 833E01F8
Device \Driver\PCI_PNP5212 \Device\00000058 spxl.sys
Device \Driver\Ftdisk \Device\HarddiskVolume2 833E01F8
Device \Driver\Cdrom \Device\CdRom0 832FF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 833E01F8
Device \Driver\atapi \Device\Ide\IdePort0 [F8681B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F8681B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F8681B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 832FF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F7664C59-6D67-4EA2-B58D-3D95461A431F} 829291F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 829291F8
Device \Driver\NetBT \Device\NetbiosSmb 829291F8

AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee Desktop Firewall Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee Desktop Firewall Application Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 8330D1F8
Device \Driver\usbuhci \Device\USBFDO-1 8330D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 829571F8
Device \Driver\usbuhci \Device\USBFDO-2 8330D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 829571F8
Device \Driver\usbuhci \Device\USBFDO-3 8330D1F8
Device \Driver\usbehci \Device\USBFDO-4 8329C1F8
Device \Driver\Ftdisk \Device\FtControl 833E01F8
Device \Driver\anoojwv9 \Device\Scsi\anoojwv91Port1Path0Target0Lun0 8321C1F8
Device \Driver\anoojwv9 \Device\Scsi\anoojwv91 8321C1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{30C5CD6C-675B-4475-9EDB-9A858CFE2CEB} 829291F8
Device \FileSystem\Fastfat \Fat 833721F8
Device \FileSystem\Cdfs \Cdfs 8298D1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0x22 0x62 0x35 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7C 0xD4 0xB5 0x99 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x51 0x1A 0xED 0x7D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{1036D5BA-CA0B-6EFB-A816166A3C4364C2}\{9AB25E74-55C5-EF48-A2C588CFA5A2438C}\{DC8259A3-8AE9-348D-2F7CC1007F2DBE93}
Reg HKLM\SOFTWARE\Classes\CLSID\{1036D5BA-CA0B-6EFB-A816166A3C4364C2}\{9AB25E74-55C5-EF48-A2C588CFA5A2438C}\{DC8259A3-8AE9-348D-2F7CC1007F2DBE93}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{286D4131-3821-6CBF-08770360589374C2}\{48BEB065-0DEC-1314-6E019AD5B66531AE}\{E2D4EA90-E228-BF00-D20DE2AD05099BA2}
Reg HKLM\SOFTWARE\Classes\CLSID\{286D4131-3821-6CBF-08770360589374C2}\{48BEB065-0DEC-1314-6E019AD5B66531AE}\{E2D4EA90-E228-BF00-D20DE2AD05099BA2}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9F5A92A2-B329-46CC-1B7090FE4262F142}\{3D41E9B5-DA3D-E370-0314048CD4A11D7E}\{F612533D-2F2D-C745-8F22D9CBAAB0FDB6}
Reg HKLM\SOFTWARE\Classes\CLSID\{9F5A92A2-B329-46CC-1B7090FE4262F142}\{3D41E9B5-DA3D-E370-0314048CD4A11D7E}\{F612533D-2F2D-C745-8F22D9CBAAB0FDB6}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xCC 0xC0 0x71 0x52 ...

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank You, for your Welcome.

I've been attempting the DDS Scan /Log

But everytime I run it, it never completes and then freezes up. As far that I'm aware I have no script blocking protection on. I will continue trying to run DDS and get that log available, ASAP.
 
Very well.
That's what you need to tell me.
If I had a crystal ball.....LOL

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

============================================================

Please download and run ListParts by Farbar

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.
 
aswMBR Log

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-12 00:21:43
-----------------------------
00:21:43.984 OS Version: Windows 5.1.2600 Service Pack 3
00:21:43.984 Number of processors: 1 586 0xD08
00:21:43.984 ComputerName: WAYNES UserName:
00:21:44.953 Initialize success
00:23:42.062 AVAST engine defs: 12011101
00:24:00.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
00:24:00.781 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
00:24:00.828 Disk 0 MBR read successfully
00:24:00.828 Disk 0 MBR scan
00:24:00.906 Disk 0 unknown MBR code
00:24:00.921 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 3004 MB offset 63
00:24:00.953 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 27023 MB offset 6152895
00:24:00.968 Disk 0 Partition - 00 0F Extended LBA 27203 MB offset 61496820
00:24:01.000 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 27203 MB offset 61496883
00:24:01.015 Disk 0 scanning sectors +117210240
00:24:01.281 Disk 0 scanning C:\WINDOWS\system32\drivers
00:24:19.187 Service scanning
00:24:23.593 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
00:24:25.281 Modules scanning
00:24:36.593 Disk 0 trace - called modules:
00:24:36.656 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spst.sys >>UNKNOWN [0x83393944]<<
00:24:36.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x832b66b0]
00:24:36.734 3 CLASSPNP.SYS[f88a3fd7] -> nt!IofCallDriver -> \Device\00000087[0x83335030]
00:24:36.781 5 ACPI.sys[f86e4620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83314190]
00:24:37.468 AVAST engine scan C:\WINDOWS
00:25:04.078 File: C:\WINDOWS\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
00:25:04.953 AVAST engine scan C:\WINDOWS\system32
00:27:45.921 AVAST engine scan C:\WINDOWS\system32\drivers
00:28:06.703 AVAST engine scan C:\Documents and Settings\Administrator
00:28:19.406 AVAST engine scan C:\Documents and Settings\All Users
00:28:48.640 Scan finished successfully
00:29:33.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
00:29:33.937 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR SCAN.txt"

----------

I wasn't able to copy paste into notepad, so I wrote the Bootkit Remover below. LOL

Program version : 1.2.0.1
OS Version : Miscosoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.C - >\\.\PhysicalDrive0 at offset 0x00000000 'bbc57e00
Boot sector MD5 is : 4857c98ecdcb93636f1a53bbb301a72f

size device name MBR status
------------------------------------------------------------------------------------------
55GB \\.\ PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump (device_name) [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix (device_name)

---------------

ListParts by Farbar Log
Ran by Administrator on 12-01-2012 at 01:03:02
Windows XP (X86)
Running From: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U89JJT3E
************************************************************

========================= Memory info ======================

Percentage of memory in use: 31%
Total physical RAM: 502.05 MB
Available physical RAM: 341.5 MB
Total Pagefile: 1225.5 MB
Available Pagefile: 930.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 2006.99 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:26.38 GB) (Free:3.14 GB) FAT32 ==>[Drive with boot components (Windows XP)]
2 Drive d: (ACERDATA) (Fixed) (Total:26.55 GB) (Free:5 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 56 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 3004 MB 32 KB
Partition 2 Primary 26 GB 3004 MB
Partition 3 Extended 27 GB 29 GB
Partition 4 Logical 27 GB 29 GB

Disk: 0
The disk management services could not complete the operation.

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C ACER FAT32 Partition 26 GB Healthy System (partition with boot components)

Disk: 0
Partition 4
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D ACERDATA FAT32 Partition 27 GB Healthy


****** End Of Log ******
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I have run the first RKill, it seemed to run. I imediately started Combo fix under "your_name.exe" (tried orignal already). I ran it, it did not seem to freeze, but left it for about an hour with still no result. So I stopped it. Should it take any longer than the 10 to 20 mins it says it should take when waiting for a log ?

RKill log
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/01/2012 at 19:33:08.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\verclsid.exe


Rkill completed on 12/01/2012 at 19:33:14.

---------------

I shall attempt to run Combo fix with the other two Rkill options you posted

Rkill.scr
Rkill.exe

I'm still operating in safe mode.
 
Try to run Combofix from safe mode and be patient.
If there is a serious infection it may take a while.
 
Okay, I ran combo fix over the night it crashed after 15 hours approx. Having looked at how combo fix should run over at bleeping computer. Its seems my combo fix does not even start scanning, as it doesn't even show it completing stage 1 on the blue screen. All I have is a flashing white underscore symbol, as it waits to scan, I assume.
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
21:23:58.0078 0632 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
21:23:58.0234 0632 ============================================================
21:23:58.0234 0632 Current date / time: 2012/01/13 21:23:58.0234
21:23:58.0234 0632 SystemInfo:
21:23:58.0234 0632
21:23:58.0234 0632 OS Version: 5.1.2600 ServicePack: 3.0
21:23:58.0234 0632 Product type: Workstation
21:23:58.0234 0632 ComputerName: WAYNES
21:23:58.0234 0632 UserName: Administrator
21:23:58.0234 0632 Windows directory: C:\WINDOWS
21:23:58.0234 0632 System windows directory: C:\WINDOWS
21:23:58.0234 0632 Processor architecture: Intel x86
21:23:58.0234 0632 Number of processors: 1
21:23:58.0234 0632 Page size: 0x1000
21:23:58.0234 0632 Boot type: Safe boot with network
21:23:58.0234 0632 ============================================================
21:24:00.0765 0632 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000, SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
21:24:01.0187 0632 Initialize success
21:24:06.0296 0680 ============================================================
21:24:06.0296 0680 Scan started
21:24:06.0296 0680 Mode: Manual;
21:24:06.0296 0680 ============================================================
21:24:07.0750 0680 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
21:24:07.0750 0680 61883 - ok
21:24:07.0937 0680 Abiosdsk - ok
21:24:08.0109 0680 abp480n5 - ok
21:24:08.0250 0680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:24:08.0250 0680 ACPI - ok
21:24:08.0328 0680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:24:08.0343 0680 ACPIEC - ok
21:24:08.0562 0680 adpu160m - ok
21:24:08.0718 0680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:24:08.0718 0680 aec - ok
21:24:08.0875 0680 AegisP (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:24:08.0875 0680 AegisP - ok
21:24:08.0984 0680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:24:08.0984 0680 AFD - ok
21:24:09.0156 0680 Aha154x - ok
21:24:09.0312 0680 aic78u2 - ok
21:24:09.0484 0680 aic78xx - ok
21:24:09.0687 0680 AliIde - ok
21:24:09.0859 0680 amsint - ok
21:24:10.0062 0680 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys
21:24:10.0078 0680 AR5211 - ok
21:24:10.0187 0680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:24:10.0187 0680 Arp1394 - ok
21:24:10.0359 0680 asc - ok
21:24:10.0515 0680 asc3350p - ok
21:24:10.0687 0680 asc3550 - ok
21:24:10.0843 0680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:24:10.0843 0680 AsyncMac - ok
21:24:10.0968 0680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:24:10.0968 0680 atapi - ok
21:24:11.0156 0680 Atdisk - ok
21:24:11.0265 0680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:24:11.0265 0680 Atmarpc - ok
21:24:11.0421 0680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:24:11.0421 0680 audstub - ok
21:24:11.0562 0680 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
21:24:11.0578 0680 Avc - ok
21:24:11.0734 0680 b57w2k (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:24:11.0750 0680 b57w2k - ok
21:24:11.0921 0680 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:24:11.0921 0680 bcm4sbxp - ok
21:24:11.0968 0680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:24:11.0968 0680 Beep - ok
21:24:12.0125 0680 CAMCAUD (baa90d983f77759fc70c65a1ce3d3566) C:\WINDOWS\system32\drivers\camcaud.sys
21:24:12.0140 0680 CAMCAUD - ok
21:24:12.0234 0680 CAMCHALA (90d9c324df48bb8e3024e79f5c181784) C:\WINDOWS\system32\drivers\camchal.sys
21:24:12.0234 0680 CAMCHALA - ok
21:24:12.0281 0680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:24:12.0296 0680 cbidf2k - ok
21:24:12.0390 0680 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:24:12.0390 0680 CCDECODE - ok
21:24:12.0546 0680 cd20xrnt - ok
21:24:12.0625 0680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:24:12.0625 0680 Cdaudio - ok
21:24:12.0718 0680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:24:12.0718 0680 Cdfs - ok
21:24:12.0843 0680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:24:12.0843 0680 Cdrom - ok
21:24:13.0015 0680 Changer - ok
21:24:13.0171 0680 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:24:13.0171 0680 CmBatt - ok
21:24:13.0328 0680 CmdIde - ok
21:24:13.0390 0680 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:24:13.0390 0680 Compbatt - ok
21:24:13.0593 0680 Cpqarray - ok
21:24:13.0765 0680 dac2w2k - ok
21:24:13.0937 0680 dac960nt - ok
21:24:14.0062 0680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:24:14.0062 0680 Disk - ok
21:24:14.0218 0680 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
21:24:14.0218 0680 DKbFltr - ok
21:24:14.0390 0680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:24:14.0421 0680 dmboot - ok
21:24:14.0578 0680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:24:14.0593 0680 dmio - ok
21:24:14.0625 0680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:24:14.0625 0680 dmload - ok
21:24:14.0750 0680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:24:14.0750 0680 DMusic - ok
21:24:14.0953 0680 dpti2o - ok
21:24:15.0046 0680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:24:15.0062 0680 drmkaud - ok
21:24:15.0203 0680 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
21:24:15.0203 0680 EpmPsd - ok
21:24:15.0359 0680 EpmShd (b2d71ba438701b5f0368b958bea2dc62) C:\WINDOWS\system32\drivers\epm-shd.sys
21:24:15.0359 0680 EpmShd - ok
21:24:15.0468 0680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:24:15.0468 0680 Fastfat - ok
21:24:15.0578 0680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:24:15.0578 0680 Fdc - ok
21:24:15.0671 0680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:24:15.0671 0680 Fips - ok
21:24:15.0859 0680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:24:15.0859 0680 Flpydisk - ok
21:24:16.0031 0680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:24:16.0031 0680 FltMgr - ok
21:24:16.0156 0680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:24:16.0156 0680 Fs_Rec - ok
21:24:16.0234 0680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:24:16.0234 0680 Ftdisk - ok
21:24:16.0437 0680 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:24:16.0437 0680 GEARAspiWDM - ok
21:24:16.0578 0680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:24:16.0578 0680 Gpc - ok
21:24:16.0703 0680 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:24:16.0703 0680 HidUsb - ok
21:24:16.0890 0680 hpn - ok
21:24:17.0078 0680 HSFHWICH (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
21:24:17.0078 0680 HSFHWICH - ok
21:24:17.0328 0680 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:24:17.0343 0680 HSF_DPV - ok
21:24:17.0484 0680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:24:17.0500 0680 HTTP - ok
21:24:17.0671 0680 i2omgmt - ok
21:24:17.0828 0680 i2omp - ok
21:24:17.0984 0680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:24:17.0984 0680 i8042prt - ok
21:24:18.0671 0680 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:24:18.0843 0680 ialm - ok
21:24:19.0093 0680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:24:19.0093 0680 Imapi - ok
21:24:19.0296 0680 ini910u - ok
21:24:19.0515 0680 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Program Files\acer\eRecovery\int15.sys
21:24:19.0515 0680 int15.sys - ok
21:24:19.0640 0680 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:24:19.0640 0680 IntelIde - ok
21:24:19.0750 0680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:24:19.0750 0680 intelppm - ok
21:24:19.0890 0680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:24:19.0890 0680 Ip6Fw - ok
21:24:19.0953 0680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:24:19.0953 0680 IpFilterDriver - ok
21:24:20.0046 0680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:24:20.0046 0680 IpInIp - ok
21:24:20.0203 0680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:24:20.0203 0680 IpNat - ok
21:24:20.0390 0680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:24:20.0390 0680 IPSec - ok
21:24:20.0500 0680 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:24:20.0500 0680 irda - ok
21:24:20.0593 0680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:24:20.0593 0680 IRENUM - ok
21:24:20.0765 0680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:24:20.0765 0680 isapnp - ok
21:24:20.0968 0680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:24:20.0968 0680 Kbdclass - ok
21:24:21.0109 0680 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:24:21.0109 0680 kbdhid - ok
21:24:21.0218 0680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:24:21.0218 0680 kmixer - ok
21:24:21.0343 0680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:24:21.0343 0680 KSecDD - ok
21:24:21.0531 0680 Ksesrvufilt - ok
21:24:21.0734 0680 lbrtfdc - ok
21:24:21.0968 0680 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:24:21.0968 0680 MBAMSwissArmy - ok
21:24:22.0109 0680 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:24:22.0109 0680 mdmxsdk - ok
21:24:22.0265 0680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:24:22.0265 0680 mnmdd - ok
21:24:22.0359 0680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:24:22.0359 0680 Modem - ok
21:24:22.0500 0680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:24:22.0500 0680 Mouclass - ok
21:24:22.0656 0680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:24:22.0656 0680 mouhid - ok
21:24:22.0828 0680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:24:22.0828 0680 MountMgr - ok
21:24:23.0000 0680 mraid35x - ok
21:24:23.0125 0680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:24:23.0125 0680 MRxDAV - ok
21:24:23.0265 0680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:24:23.0281 0680 MRxSmb - ok
21:24:23.0437 0680 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
21:24:23.0437 0680 MSDV - ok
21:24:23.0625 0680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:24:23.0625 0680 Msfs - ok
21:24:23.0781 0680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:24:23.0781 0680 MSKSSRV - ok
21:24:23.0890 0680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:24:23.0890 0680 MSPCLOCK - ok
21:24:23.0968 0680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:24:23.0968 0680 MSPQM - ok
21:24:24.0125 0680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:24:24.0125 0680 mssmbios - ok
21:24:24.0296 0680 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:24:24.0296 0680 MSTEE - ok
21:24:24.0406 0680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:24:24.0406 0680 Mup - ok
21:24:24.0468 0680 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:24:24.0468 0680 NABTSFEC - ok
21:24:24.0609 0680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:24:24.0609 0680 NDIS - ok
21:24:24.0765 0680 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:24:24.0765 0680 NdisIP - ok
21:24:24.0921 0680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:24:24.0921 0680 NdisTapi - ok
21:24:25.0031 0680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:24:25.0031 0680 Ndisuio - ok
21:24:25.0093 0680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:24:25.0093 0680 NdisWan - ok
21:24:25.0203 0680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:24:25.0203 0680 NDProxy - ok
21:24:25.0312 0680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:24:25.0312 0680 NetBIOS - ok
21:24:25.0437 0680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:24:25.0437 0680 NetBT - ok
21:24:25.0578 0680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:24:25.0578 0680 NIC1394 - ok
21:24:25.0765 0680 NPF (f498c5c3399a60933196fc215ef074f9) C:\WINDOWS\system32\drivers\npf.sys
21:24:25.0765 0680 NPF - ok
21:24:25.0890 0680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:24:25.0890 0680 Npfs - ok
21:24:26.0000 0680 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
21:24:26.0000 0680 NSCIRDA - ok
21:24:26.0156 0680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:24:26.0171 0680 Ntfs - ok
21:24:26.0343 0680 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
21:24:26.0343 0680 NTIDrvr - ok
21:24:26.0484 0680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:24:26.0484 0680 Null - ok
21:24:26.0546 0680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:24:26.0546 0680 NwlnkFlt - ok
21:24:26.0593 0680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:24:26.0593 0680 NwlnkFwd - ok
21:24:26.0687 0680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:24:26.0703 0680 ohci1394 - ok
21:24:26.0765 0680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:24:26.0765 0680 Parport - ok
21:24:26.0875 0680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:24:26.0875 0680 PartMgr - ok
21:24:26.0937 0680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:24:26.0937 0680 ParVdm - ok
21:24:28.0109 0680 PCAMPR5 - ok
21:24:28.0562 0680 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
21:24:28.0562 0680 PCANDIS5 - ok
21:24:28.0671 0680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:24:28.0687 0680 PCI - ok
21:24:28.0859 0680 PCIDump - ok
21:24:28.0984 0680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:24:28.0984 0680 PCIIde - ok
21:24:29.0078 0680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:24:29.0078 0680 Pcmcia - ok
21:24:29.0234 0680 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
21:24:29.0234 0680 pcouffin - ok
21:24:29.0421 0680 PDCOMP - ok
21:24:29.0578 0680 PDFRAME - ok
21:24:29.0750 0680 PDRELI - ok
21:24:29.0921 0680 PDRFRAME - ok
21:24:30.0078 0680 perc2 - ok
21:24:30.0250 0680 perc2hib - ok
21:24:30.0468 0680 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
21:24:30.0468 0680 pfc - ok
21:24:30.0656 0680 pgfilter (79bad6756154335d5304f0fe39961f5b) D:\dat do not touch\PeerGuardian2\pgfilter.sys
21:24:30.0656 0680 pgfilter - ok
21:24:30.0812 0680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:24:30.0812 0680 PptpMiniport - ok
21:24:31.0109 0680 PRISM_A02 (ba3ffbd0abdf45c9160e66cb27f8f8ab) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
21:24:31.0125 0680 PRISM_A02 - ok
21:24:31.0218 0680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:24:31.0218 0680 PSched - ok
21:24:31.0281 0680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:24:31.0281 0680 Ptilink - ok
21:24:31.0531 0680 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:24:31.0531 0680 PxHelp20 - ok
21:24:31.0687 0680 ql1080 - ok
21:24:31.0859 0680 Ql10wnt - ok
21:24:32.0031 0680 ql12160 - ok
21:24:32.0187 0680 ql1240 - ok
21:24:32.0359 0680 ql1280 - ok
21:24:32.0453 0680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:24:32.0453 0680 RasAcd - ok
21:24:32.0593 0680 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:24:32.0593 0680 Rasirda - ok
21:24:32.0687 0680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:24:32.0703 0680 Rasl2tp - ok
21:24:32.0843 0680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:24:32.0843 0680 RasPppoe - ok
21:24:32.0906 0680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:24:32.0906 0680 Raspti - ok
21:24:33.0093 0680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:24:33.0093 0680 Rdbss - ok
21:24:33.0125 0680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:24:33.0125 0680 RDPCDD - ok
21:24:33.0281 0680 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:24:33.0281 0680 RDPWD - ok
21:24:33.0437 0680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:24:33.0437 0680 redbook - ok
21:24:33.0500 0680 rpcapd - ok
21:24:33.0687 0680 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:24:33.0687 0680 s24trans - ok
21:24:33.0937 0680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:24:33.0953 0680 Secdrv - ok
21:24:34.0093 0680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:24:34.0093 0680 Serial - ok
21:24:34.0250 0680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:24:34.0250 0680 Sfloppy - ok
21:24:34.0437 0680 Simbad - ok
21:24:34.0593 0680 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:24:34.0593 0680 SLIP - ok
21:24:34.0859 0680 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:24:34.0859 0680 SONYPVU1 - ok
21:24:35.0031 0680 Sparrow - ok
21:24:35.0187 0680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:24:35.0187 0680 splitter - ok
21:24:35.0484 0680 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\system32\Drivers\sptd.sys
21:24:35.0484 0680 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3
21:24:35.0500 0680 sptd ( LockedFile.Multi.Generic ) - warning
21:24:35.0500 0680 sptd - detected LockedFile.Multi.Generic (1)
21:24:35.0593 0680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:24:35.0593 0680 sr - ok
21:24:35.0718 0680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:24:35.0734 0680 Srv - ok
21:24:35.0906 0680 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:24:35.0906 0680 streamip - ok
21:24:36.0015 0680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:24:36.0015 0680 swenum - ok
21:24:36.0218 0680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:24:36.0218 0680 swmidi - ok
21:24:36.0406 0680 symc810 - ok
21:24:36.0578 0680 symc8xx - ok
21:24:36.0750 0680 sym_hi - ok
21:24:36.0906 0680 sym_u3 - ok
21:24:37.0062 0680 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:24:37.0062 0680 SynTP - ok
21:24:37.0171 0680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:24:37.0171 0680 sysaudio - ok
21:24:37.0359 0680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:24:37.0359 0680 Tcpip - ok
21:24:37.0671 0680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:24:37.0687 0680 TDPIPE - ok
21:24:37.0812 0680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:24:37.0828 0680 TDTCP - ok
21:24:37.0937 0680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:24:37.0937 0680 TermDD - ok
21:24:38.0125 0680 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
21:24:38.0140 0680 tifm21 - ok
21:24:38.0359 0680 TosIde - ok
21:24:38.0515 0680 tvtool - ok
21:24:38.0687 0680 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
21:24:38.0703 0680 UBHelper - ok
21:24:38.0859 0680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:24:38.0859 0680 Udfs - ok
21:24:39.0031 0680 ultra - ok
21:24:39.0265 0680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:24:39.0265 0680 Update - ok
21:24:39.0390 0680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:24:39.0390 0680 usbccgp - ok
21:24:39.0546 0680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:24:39.0546 0680 usbehci - ok
21:24:39.0640 0680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:24:39.0640 0680 usbhub - ok
21:24:39.0718 0680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:24:39.0718 0680 usbprint - ok
21:24:39.0906 0680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:24:39.0906 0680 usbscan - ok
21:24:40.0015 0680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:24:40.0015 0680 USBSTOR - ok
21:24:40.0093 0680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:24:40.0093 0680 usbuhci - ok
21:24:40.0234 0680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:24:40.0234 0680 VgaSave - ok
21:24:40.0390 0680 ViaIde - ok
21:24:40.0484 0680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:24:40.0484 0680 VolSnap - ok
21:24:41.0750 0680 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
21:24:42.0953 0680 w29n51 - ok
21:24:43.0203 0680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:24:43.0203 0680 Wanarp - ok
21:24:43.0375 0680 WDICA - ok
21:24:43.0546 0680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:24:43.0546 0680 wdmaud - ok
21:24:43.0718 0680 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:24:43.0734 0680 winachsf - ok
21:24:43.0921 0680 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:24:43.0921 0680 WS2IFSL - ok
21:24:44.0062 0680 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:24:44.0062 0680 WSTCODEC - ok
21:24:44.0312 0680 ZSMC301b (7481637a50a0468cf46c719672bc7eaa) C:\WINDOWS\system32\Drivers\usbVM31b.sys
21:24:44.0312 0680 ZSMC301b - ok
21:24:44.0453 0680 MBR (0x1B8) (67d07fa51dcd5a4397248f397bb779ae) \Device\Harddisk0\DR0
21:24:54.0000 0680 \Device\Harddisk0\DR0 - ok
21:24:54.0046 0680 Boot (0x1200) (d602fc69e200e2e3de7fb539419a825c) \Device\Harddisk0\DR0\Partition0
21:24:54.0046 0680 \Device\Harddisk0\DR0\Partition0 - ok
21:24:54.0093 0680 Boot (0x1200) (40225734909349bc0d71607bfe4f5e39) \Device\Harddisk0\DR0\Partition1
21:24:54.0093 0680 \Device\Harddisk0\DR0\Partition1 - ok
21:24:54.0109 0680 ============================================================
21:24:54.0109 0680 Scan finished
21:24:54.0109 0680 ============================================================
21:24:54.0156 0672 Detected object count: 1
21:24:54.0156 0672 Actual detected object count: 1
21:41:50.0140 0672 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:41:50.0140 0672 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
 
All I have is a flashing white underscore symbol, as it waits to scan, I assume.
As long as your computer clock is running Combofix is doing its thing.
Retry.
 
Well I keep trying and combofix doesn't what to play ball. At some point during the scanning process, it will freeze up. Will keep trying to run it, but feels like a losing battle. Thanks again for taking the time to help me out. Is there anything else I could try ?
 
I have been running it in both safe mode and safe mode with networking just to see if it makes any difference. Currently running it in safe mode, for a few hours now.
 
When combofix starts two windows pop up quickly loading, as the main combo fix window says it preparing to create a restore point. Then the blue combo fix appears with the following

Scanning for infected files...
This typically doesn't take more than 10 minutes
However scan times for badly infected machines may easily double.

_


--------------

The underscore flashes, but nothing else happens, until at somepoint the clock stops and freezes up. Once combo fix is running I don't touch the computer.
 
What are the current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Highly unstable in normal mode, only notepad seems to work as a program, after having run - unhide - icons for most of my programmes have reappeared but when I click on them they are empty. Internet explorer works but unstable and prone to freezing up, more often than not. The virus check programme icon is still embedded next to the start button. Similar functionality in safe mode, but internet more stable.

OTL Logs

OTL logfile created on: 15/01/2012 23:27:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.05 Mb Total Physical Memory | 351.08 Mb Available Physical Memory | 69.93% Memory free
1.20 Gb Paging File | 1.07 Gb Available in Paging File | 89.14% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.38 Gb Total Space | 3.19 Gb Free Space | 12.08% Space Free | Partition Type: FAT32
Drive D: | 26.55 Gb Total Space | 5.00 Gb Free Space | 18.82% Space Free | Partition Type: FAT32

Computer Name: | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/15 23:25:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/14 03:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [On_Demand | Stopped] -- -- (FLEXnet Licensing Service)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (anbmService)
SRV - [2011/06/26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\Timock10426T\pev.3XE -- (PEVSystemStart)
SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2008/01/22 19:04:44 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/05/13 19:46:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5)
DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\dat do not touch\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005/03/24 16:54:08 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/02/26 16:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2005/02/10 09:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/01/24 23:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/24 23:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/01/24 23:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/10 00:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/10/29 18:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/10/15 11:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004/06/24 23:31:00 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/06/24 23:29:00 | 000,034,048 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/03/30 18:29:48 | 000,374,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)
DRV - [2003/12/05 03:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/25 19:41:12 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/05/21 19:47:12 | 000,175,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1059442739-145891979-1462393580-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\S-1-5-21-1059442739-145891979-1462393580-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\divx stuff\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\divx stuff\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\YAHOO!\COMMON\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/02/15 20:54:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/02/15 20:54:28 | 000,000,000 | ---D | M]

[2012/01/07 21:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/01/07 21:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgpoxq3b.default\extensions
[2012/01/08 14:07:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgpoxq3b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2006/02/15 20:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/31 17:04:14 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/02/02 22:36:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/01/06 19:41:56 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/01/06 19:41:56 | 000,001,077 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/09/21 13:32:16 | 000,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2010/09/21 13:32:16 | 000,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2010/09/21 13:32:16 | 000,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2010/09/21 13:32:16 | 000,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2010/09/21 13:32:16 | 000,000,951 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2008/01/22 19:51:28 | 000,000,775 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - Startup: C:\Documents and Settings\wayne\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1059442739-145891979-1462393580-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165695109703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30C5CD6C-675B-4475-9EDB-9A858CFE2CEB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F679C885-C85F-45E0-B62C-F9F9BD4DEAD0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - D:\DVDREG~1\DVDShell.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/30 12:23:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/15 23:25:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/15 21:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/01/15 21:11:36 | 000,000,000 | -HSD | C] -- C:\FOUND.044
[2012/01/15 16:49:44 | 000,000,000 | --SD | C] -- C:\Timock30042T
[2012/01/15 16:40:16 | 000,000,000 | -HSD | C] -- C:\FOUND.043
[2012/01/15 15:38:58 | 000,000,000 | --SD | C] -- C:\Timock10426T
[2012/01/15 03:10:04 | 000,000,000 | -HSD | C] -- C:\FOUND.042
[2012/01/14 18:15:35 | 000,000,000 | --SD | C] -- C:\Timock21289T
[2012/01/14 18:08:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2012/01/14 17:42:12 | 000,000,000 | -HSD | C] -- C:\FOUND.041
[2012/01/14 16:31:12 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/14 15:50:26 | 000,000,000 | -HSD | C] -- C:\FOUND.040
[2012/01/13 22:49:22 | 000,000,000 | --SD | C] -- C:\Timock31422T
[2012/01/13 20:53:18 | 000,000,000 | -HSD | C] -- C:\FOUND.039
[2012/01/13 19:21:35 | 000,000,000 | --SD | C] -- C:\Timock25129T
[2012/01/13 19:04:52 | 000,000,000 | -HSD | C] -- C:\FOUND.038
[2012/01/13 13:45:50 | 000,000,000 | --SD | C] -- C:\Timock13352T
[2012/01/13 13:06:00 | 000,000,000 | -HSD | C] -- C:\FOUND.037
[2012/01/12 19:48:29 | 000,000,000 | --SD | C] -- C:\Timock18290T
[2012/01/12 19:30:32 | 000,000,000 | -HSD | C] -- C:\FOUND.036
[2012/01/12 18:26:48 | 000,000,000 | --SD | C] -- C:\Timock16021T
[2012/01/12 17:15:44 | 000,000,000 | -HSD | C] -- C:\FOUND.035
[2012/01/12 16:54:31 | 000,000,000 | --SD | C] -- C:\Timock
[2012/01/12 16:52:42 | 004,382,085 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Timock.exe
[2012/01/12 16:35:46 | 000,000,000 | -HSD | C] -- C:\FOUND.034
[2012/01/12 15:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Network Associates
[2012/01/12 01:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2012/01/12 00:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2012/01/11 23:08:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/01/11 20:18:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.scr
[2012/01/11 14:59:36 | 000,000,000 | -HSD | C] -- C:\FOUND.033
[2012/01/08 23:05:30 | 000,000,000 | -HSD | C] -- C:\FOUND.032
[2012/01/08 18:43:22 | 000,000,000 | -HSD | C] -- C:\FOUND.031
[2012/01/08 16:59:36 | 000,000,000 | ---D | C] -- C:\cmdcons
[2012/01/08 16:57:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/08 16:57:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/08 16:57:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/08 16:57:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/08 16:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/08 16:32:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/08 16:32:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/01/08 16:32:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/01/08 16:32:14 | 004,374,678 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/08 14:39:56 | 000,000,000 | -HSD | C] -- C:\FOUND.030
[2012/01/08 00:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/01/07 23:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/01/07 23:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/07 21:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/01/07 21:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/01/07 18:14:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/01/07 18:14:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/01/07 18:14:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/01/07 18:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/01/07 18:14:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2006/02/21 22:31:20 | 001,499,904 | R--- | C] (Microsoft Corporation) -- C:\Program Files\INSTMSIW.EXE
[2006/02/21 22:31:20 | 001,489,152 | R--- | C] (Microsoft Corporation) -- C:\Program Files\INSTMSI.EXE
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/15 23:25:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/15 23:20:58 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/15 23:17:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/15 23:17:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/15 21:14:50 | 000,000,735 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/01/15 21:13:22 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/01/13 13:37:12 | 004,382,085 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Timock.exe
[2012/01/12 19:46:22 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill 2.scr
[2012/01/12 16:47:08 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2012/01/12 00:29:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat
[2012/01/11 23:08:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/01/11 21:06:22 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2012/01/11 20:18:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.scr
[2012/01/08 19:18:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/08 16:59:42 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/01/08 16:21:42 | 004,374,678 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/08 14:44:54 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/07 16:02:56 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rvn4Uw7wiU5Dge
[2012/01/04 18:02:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/01 14:53:42 | 000,434,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/01 14:53:42 | 000,068,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/19 18:51:06 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/12 19:46:17 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill 2.scr
[2012/01/12 16:48:36 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2012/01/08 16:59:39 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/01/08 16:59:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/08 16:57:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/08 16:57:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/08 16:57:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/08 16:57:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/08 16:57:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/08 16:17:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MBR.dat
[2012/01/08 14:44:54 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/07 18:14:34 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/07 18:14:34 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MySpaceIM.lnk
[2012/01/07 18:14:34 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/07 18:14:32 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/01/07 18:14:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/01/07 18:14:32 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/01/06 18:11:31 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rvn4Uw7wiU5Dge
[2011/12/19 18:51:04 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/12/19 18:51:03 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/05 21:46:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Euro.ini
[2009/01/29 11:30:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/06/27 13:18:25 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/11/06 22:37:32 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/09/11 14:25:34 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2007/09/11 14:25:34 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/09/11 14:25:34 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2007/09/11 14:25:34 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2007/09/11 14:25:34 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2007/09/11 14:25:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/08/17 10:24:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.wayne.ini
[2007/03/16 12:30:47 | 000,000,033 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/04 17:24:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2006/07/27 23:41:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/07/09 15:23:46 | 000,000,102 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2006/06/14 23:53:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/06/12 20:22:06 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006/05/24 23:47:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/19 01:04:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/04/09 17:03:25 | 000,088,576 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE
[2006/03/22 23:22:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/02 18:52:42 | 000,094,486 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/03/02 18:52:42 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/03/02 18:52:42 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/03/02 18:52:42 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/03/02 18:52:42 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/03/02 18:52:42 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/03/02 18:52:42 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/03/02 18:52:42 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/03/02 18:52:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/03/02 18:52:42 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/03/02 18:52:42 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/03/02 18:52:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/03/02 18:52:42 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/03/02 18:52:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/03/02 18:52:42 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/03/02 18:52:42 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/03/02 18:52:42 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/03/02 18:48:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER220.ini
[2006/02/21 22:36:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/21 22:32:01 | 003,485,184 | R--- | C] () -- C:\Program Files\PROPLUS.MSI
[2006/02/21 22:32:01 | 000,306,688 | R--- | C] () -- C:\Program Files\OWC10.MSI
[2006/02/21 22:32:01 | 000,007,929 | R--- | C] () -- C:\Program Files\README.HTM
[2006/02/21 22:31:20 | 224,771,818 | R--- | C] () -- C:\Program Files\OFFICE1.CAB
[2006/02/20 23:47:55 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/19 16:23:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/16 04:26:23 | 000,000,735 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/02/16 04:18:55 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/02/15 20:54:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/15 20:54:32 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/02/15 20:54:26 | 000,003,474 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/30 13:05:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/30 12:59:27 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/30 12:59:26 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/30 12:23:43 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/30 12:22:49 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/30 12:22:49 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/30 12:22:49 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/30 12:22:49 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/30 11:59:38 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/30 11:59:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2005/03/30 11:58:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/30 11:52:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/30 11:51:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/30 11:46:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/30 11:45:34 | 000,248,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/30 11:38:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/03/30 11:38:32 | 000,434,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/03/30 11:38:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/03/30 11:38:32 | 000,068,808 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/03/30 11:38:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/03/30 11:38:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/30 11:38:29 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/30 11:38:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/03/30 11:38:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/03/30 11:38:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/03/30 11:38:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/03/30 11:38:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/02/19 18:54:28 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\RemoveFiles.exe
[1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
 
color=#E56717]========== LOP Check ==========[/color]

[2006/03/02 18:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2006/06/04 22:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2006/06/05 21:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2006/12/09 19:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/01/12 23:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2007/05/19 12:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/07/09 16:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2007/11/06 22:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2008/01/22 20:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2008/03/28 23:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008/03/04 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Music Coach
[2009/01/11 17:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/01/27 16:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{002D2A98-1A36-4537-8006-23879150EB99}
[2009/06/11 00:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/06/11 00:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/18 21:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2009/11/05 21:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/06/15 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/03/28 23:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Network Associates
[2006/03/12 03:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Opera
[2006/12/09 19:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\ispnews
[2006/12/09 19:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\F-Secure
[2007/03/07 05:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\SecondLife
[2007/05/19 12:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Azureus
[2008/01/22 20:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Individual Software
[2008/03/29 00:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Network Associates
[2008/03/04 21:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Music Coach
[2008/05/31 19:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\ICQ
[2009/01/11 17:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\NCH Swift Sound
[2009/02/15 00:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Vso
[2009/03/16 00:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Spotify
[2009/10/18 21:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\TuneUpMedia
[2010/08/21 14:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wayne\Application Data\Uniblue
[2012/01/12 15:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Network Associates
[2012/01/15 23:20:58 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/03/30 13:08:54 | 000,000,076 | RHS- | M] () -- C:\PRELOAD.AAA
[2010/07/20 16:45:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2012/01/08 16:59:42 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2005/03/30 11:54:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/03/30 12:23:20 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/03/30 11:54:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2007/08/11 02:16:50 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2012/01/13 22:48:32 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2012/01/13 22:47:04 | 000,055,020 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_13.01.2012_21.23.58_log.txt
[2012/01/15 23:17:20 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/03/30 11:54:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/07/06 15:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/07/01 11:09:46 | 000,187,392 | ---- | M] () -- C:\WINDOWS\Acer.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2001/04/02 20:50:14 | 000,000,029 | R--- | M] () -- C:\Program Files\cd-key.txt
[2001/04/04 18:11:28 | 001,489,152 | R--- | M] (Microsoft Corporation) -- C:\Program Files\INSTMSI.EXE
[2001/04/04 18:11:30 | 001,499,904 | R--- | M] (Microsoft Corporation) -- C:\Program Files\INSTMSIW.EXE
[2001/03/01 15:35:26 | 224,771,818 | R--- | M] () -- C:\Program Files\OFFICE1.CAB
[2001/03/02 00:35:58 | 000,306,688 | R--- | M] () -- C:\Program Files\OWC10.MSI
[2001/03/02 00:38:12 | 003,485,184 | R--- | M] () -- C:\Program Files\PROPLUS.MSI
[2001/02/21 13:18:24 | 000,007,929 | R--- | M] () -- C:\Program Files\README.HTM

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/03/30 11:45:10 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2005/03/30 11:45:10 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/03/30 11:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/08 14:44:54 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/03/30 12:00:58 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/08 16:21:42 | 004,374,678 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/01/13 13:37:12 | 004,382,085 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Timock.exe
[2012/01/15 23:25:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/03/30 12:00:58 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/15 23:17:56 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 03:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2004/10/29 17:09:32 | 000,466,944 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[10 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2007/04/02 21:04:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[2007/04/02 21:07:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 21:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 21:07:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 21:07:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 03:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/13 20:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2007/04/02 21:07:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/04/14 03:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/05/02 17:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/12/24 17:15:38 | 000,345,983 | ---- | M] () -- C:\WINDOWS\system\RCDsetup.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
OTL Extras logfile created on: 15/01/2012 23:27:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.05 Mb Total Physical Memory | 351.08 Mb Available Physical Memory | 69.93% Memory free
1.20 Gb Paging File | 1.07 Gb Available in Paging File | 89.14% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.38 Gb Total Space | 3.19 Gb Free Space | 12.08% Space Free | Partition Type: FAT32
Drive D: | 26.55 Gb Total Space | 5.00 Gb Free Space | 18.82% Space Free | Partition Type: FAT32

Computer Name: | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
Sorry thats its taking awhile, for some reason when I paste in sections its saying

You have included 7 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again.

Images include use of smilies, the BB code tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator.

So I'm trying to load up the last sections in smaller chucks, hoping to avoid the above text that is blocking my upload. If you know what I'm doing wrong please let me know.
 
Back