Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Laptop problems DDS problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Laptop problems DDS problems

Unread postby microw » March 20th, 2011, 8:22 am

Hi , I did think things seemed more stable last night but this morning I can hardly do anything. Switched on from cold and switched off and it a good while to switch off. I can here the drive making noise as if something is running or it is doing something and I can't seem to do anything until it stops, which can take a while. It seems to be doing this randomly when nothing obvious is actually running. If I can get task manager to work it is running at 70% while doing this. I will try your last instruction when I can get enough control to do it. Thanks so far.
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm
Advertisement
Register to Remove

Re: Laptop problems DDS problems

Unread postby melboy » March 20th, 2011, 9:09 am

Ok. Let me know.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 20th, 2011, 10:12 am

Managed to run gmer, tried to save but cannot type into box, or type anything anywhere for that matter. Drive whirring away continually today, no let up. have used USB keyboard to enter text.

GMER log

GMER 1.0.15.15565 - http://www.gmer.net
Rootkit scan 2011-03-20 14:16:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A
Running: jp7u8udt.exe; Driver: C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\fgldipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAC4089CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAC45DA68]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xAC55AFE4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAC428AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAC40AEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAC40AF04]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xAC55B996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAC40B01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAC4284A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAC40AE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAC40AF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAC40AE56]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwCreateThread [0xBA25C99C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAC40AFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAC4089EE]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwDeleteFile [0xBA25B9F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAC4291BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAC429471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAC40B29E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC429026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC428E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAC45DB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAC4087B8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xAC55F500]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAC408A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAC40B412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAC4094AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAC40AEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAC40AF2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xAC55BA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAC40B044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAC428805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAC40AE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAC40B0D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAC40AF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAC40AE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAC40B1BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAC40AFF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAC45DBB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAC428D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAC409370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAC428B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAC465E26]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xAC55F412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAC427B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAC408A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAC408A5A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xAC55AF8A]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwSetInformationFile [0xBA25BA6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAC408812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAC40894E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAC4292C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAC40892A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xAC55AF26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAC408972]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (RapportCerberus/Trusteer Ltd.) ZwTerminateProcess [0xBA25B97E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xAC55AEC2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAC408A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC4728DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2410 80501C48 16 Bytes [AC, AE, 40, AC, 04, AF, 40, ...] {LODSB ; SCASB ; INC EAX; LODSB ; ADD AL, 0xaf; INC EAX; LODSB ; XCHG ESI, EAX; MOV ECX, 0xb01aac55; INC EAX; LODSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2478 80501CB0 12 Bytes [EE, 89, 40, AC, F8, B9, 25, ...] {OUT DX, AL ; MOV [EAX-0x54], EAX; CLC ; MOV ECX, 0x91bbba25; INC EDX; LODSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 254C 80501D84 16 Bytes [DC, AE, 40, AC, 2C, AF, 40, ...] {FSUBR QWORD [ESI-0x50d353c0]; INC EAX; LODSB ; POP EDX; MOV EDX, 0xb044ac55; INC EAX; LODSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 26D0 80501F08 12 Bytes [36, 8A, 40, AC, 5A, 8A, 40, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL AC409E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP AC46E29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP AC46FD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP AC4728E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwQueryValueKey + 349 80619259 7 Bytes JMP B9D74068

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[816] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414C10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[816] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[816] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[816] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[816] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1356] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3300] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 004397C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3300] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3300] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000830
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000830@c038f9bbe8d5 0x2D 0xA9 0x62 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f81000830 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f81000830@c038f9bbe8d5 0x2D 0xA9 0x62 0x11 ...

---- EOF - GMER 1.0.15 ----
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 20th, 2011, 6:24 pm

Hi



OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    
    :files
    sc stop pavboot /c
    sc config pavboot start= Demand /c
    
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


After reboot


OTL

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done,
    • OTL.txt <-- Will be opened
  • Please post the contents of this Notepad files in your next reply.



In your next reply:
  1. OTL script log
  2. OTL.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 21st, 2011, 2:17 am

otl script log

All processes killed
========== OTL ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-

7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{7FEBEFE3-6B19-4349-98D2-

FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-

4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== FILES ==========
< sc stop pavboot /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Wayne Nation\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Wayne Nation\Desktop\cmd.txt deleted successfully.
< sc config pavboot start= Demand /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Wayne Nation\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Wayne Nation\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Wayne Nation
->Temp folder emptied: 1163899 bytes
->Temporary Internet Files folder emptied: 33688 bytes
->FireFox cache emptied: 44794953 bytes
->Flash cache emptied: 428 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 686 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 44.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 03212011_060259

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

otl scan log


OTL logfile created on: 21/03/2011 06:11:10 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Wayne Nation\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.38 Gb Total Space | 14.28 Gb Free Space | 54.15% Space Free | Partition Type: FAT32
Drive D: | 26.55 Gb Total Space | 25.54 Gb Free Space | 96.20% Space Free | Partition Type: FAT32
Drive F: | 22.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TANZY | User Name: Wayne Nation | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/17 22:40:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\OTL.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 15:04:20 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/03 19:43:56 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/01/28 13:48:00 | 010,035,448 | ---- | M] (3Connect) -- C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/28 12:30:44 | 000,315,392 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/03/04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2005/01/21 18:54:48 | 000,348,160 | ---- | M] (acer Inc.) -- C:\Program Files\acer\eRecovery\Monitor.exe
PRC - [2005/01/04 16:52:52 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/10/07 23:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2003/07/11 20:45:02 | 000,241,664 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe
PRC - [2002/05/24 13:54:02 | 000,357,376 | ---- | M] () -- C:\Program Files\iWare\iWare Mouse\3.2\Mouse32A.exe


========== Modules (SafeList) ==========

MOD - [2011/03/17 22:40:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\OTL.exe
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/09/18 07:53:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/07 11:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/14 00:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2004/10/07 23:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll
MOD - [2002/05/02 01:10:46 | 000,073,728 | ---- | M] () -- C:\Program Files\iWare\iWare Mouse\3.2\MOUDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 15:04:20 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/16 13:43:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2005/07/25 20:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/28 18:59:16 | 000,055,224 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys -- (RapportCerberus_23945)
DRV - [2011/02/23 14:56:56 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:46 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:50 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:48 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:54:58 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 14:54:56 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 11:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/25 06:47:42 | 000,485,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/04/03 08:41:36 | 000,030,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/11 01:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/news/uk/"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/19 10:18:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/15 20:04:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/15 20:04:04 | 000,000,000 | ---D | M]

[2011/03/15 20:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne Nation\Application Data\Mozilla\Extensions
[2011/03/15 20:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne Nation\Application Data\Mozilla\Firefox\Profiles\uhbt031n.default\extensions
[2011/03/15 20:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/19 10:18:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/19 20:04:40 | 000,431,122 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14841 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\Mouse32A.exe ()
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Wayne Nation\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne Nation\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,027,750 | R--- | M] () - F:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ebf99d5f-4f3d-11e0-9b8c-00c09f94c654}\Shell - "" = AutoRun
O33 - MountPoints2\{ebf99d5f-4f3d-11e0-9b8c-00c09f94c654}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ebf99d5f-4f3d-11e0-9b8c-00c09f94c654}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 06:02:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/20 17:36:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne Nation\Recent
[2011/03/19 19:58:46 | 000,798,064 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Wayne Nation\Desktop\wpsetup.exe
[2011/03/19 19:54:43 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Wayne Nation\Desktop\StartUpLite.exe
[2011/03/19 14:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/19 14:31:08 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Wayne Nation\Desktop\esetsmartinstaller_enu.exe
[2011/03/19 13:37:45 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\TFC.exe
[2011/03/19 10:31:33 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Wayne Nation\Desktop\aswMBR.exe
[2011/03/19 10:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/19 10:19:03 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/19 10:19:03 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/19 10:19:00 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/19 10:19:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/19 10:19:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/19 10:18:58 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/19 10:18:58 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/19 10:18:58 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/19 10:18:46 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/19 10:18:45 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/19 10:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/19 10:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/19 10:12:24 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2011/03/17 22:40:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\OTL.exe
[2011/03/17 21:56:52 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2011/03/17 20:50:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/03/16 22:41:36 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2011/03/15 20:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\My Documents\Downloads
[2011/03/15 20:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Local Settings\Application Data\Mozilla
[2011/03/15 20:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Application Data\Mozilla
[2011/03/15 20:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/03/15 20:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/15 19:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Application Data\Birdstep Technology
[2011/03/15 19:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2011/03/15 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Birdstep Technology
[2011/03/15 19:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3 Mobile Broadband
[2011/03/15 19:57:20 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2011/03/15 19:57:20 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2011/03/15 19:57:20 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2011/03/15 19:57:20 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2011/03/15 19:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\ZTE_1.2059.0.8
[2011/03/15 19:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2011/03/14 22:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\My Documents\New Folder
[2011/03/06 17:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/03/06 16:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/06 16:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Start Menu\Programs\HiJackThis
[2011/03/06 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/06 15:41:39 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Wayne Nation\My Documents\ccsetup304.exe
[2011/03/06 15:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Nation\Application Data\Malwarebytes
[2011/03/06 15:38:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/06 15:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/06 15:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/06 15:38:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/06 15:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/06 15:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/06 15:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/06 15:31:32 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Nation\My Documents\mbam-setup.exe
[2011/03/06 15:28:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Wayne Nation\My Documents\spybotsd162.exe
[2006/06/21 16:22:43 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[2006/06/21 16:22:42 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2006/06/21 16:22:42 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcoms.exe
[2006/06/21 16:22:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[2006/06/21 16:22:42 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfih.exe
[2006/06/21 16:22:42 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2006/06/21 16:22:42 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2006/06/21 16:22:41 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2006/06/21 16:22:41 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[1 C:\Documents and Settings\Wayne Nation\My Documents\*.tmp files -> C:\Documents and Settings\Wayne Nation\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/21 06:05:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 06:05:34 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/03/21 06:05:22 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/21 06:04:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/21 06:04:30 | 1273,548,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/21 06:03:34 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/03/20 23:17:08 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/20 17:22:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/03/20 12:28:04 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Desktop\jp7u8udt.exe
[2011/03/19 19:58:50 | 000,798,064 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Wayne Nation\Desktop\wpsetup.exe
[2011/03/19 19:54:42 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Wayne Nation\Desktop\StartUpLite.exe
[2011/03/19 14:34:26 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Wayne Nation\Desktop\esetsmartinstaller_enu.exe
[2011/03/19 13:37:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\TFC.exe
[2011/03/19 10:32:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Desktop\MBR.dat
[2011/03/19 10:31:38 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Wayne Nation\Desktop\aswMBR.exe
[2011/03/19 10:19:06 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/19 10:19:00 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/17 22:48:38 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2011/03/17 22:40:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Nation\Desktop\OTL.exe
[2011/03/16 23:11:52 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Desktop\HiJackThis.lnk
[2011/03/16 21:55:18 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Desktop\dds.scr
[2011/03/15 20:04:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/03/15 20:04:12 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/15 20:04:12 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/15 19:57:28 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2011/03/15 19:57:26 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2011/03/12 21:00:48 | 000,120,304 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\My Documents\cc_20110312_210016.reg
[2011/03/06 15:42:38 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/06 15:41:48 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Wayne Nation\My Documents\ccsetup304.exe
[2011/03/06 15:38:10 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/06 15:31:32 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Nation\My Documents\mbam-setup.exe
[2011/03/06 15:28:48 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Wayne Nation\My Documents\spybotsd162.exe
[2011/02/28 23:25:34 | 000,141,841 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\My Documents\http___www.pcs.planningportal.gov.uk_pcsportal_fscdav_READONLY_OBJ=COO.2036.300.12.2855646&NAME=_DECISION.pdf
[2011/02/24 19:27:50 | 000,784,159 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\My Documents\complete TM01_termination_of_appointment_of_director.pdf
[2011/02/23 15:04:22 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 15:04:18 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 14:56:56 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 14:56:46 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 14:55:50 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 14:55:48 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 14:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 14:54:58 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 14:54:56 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/20 17:03:00 | 000,746,851 | ---- | M] () -- C:\Documents and Settings\Wayne Nation\My Documents\director termination.pdf
[1 C:\Documents and Settings\Wayne Nation\My Documents\*.tmp files -> C:\Documents and Settings\Wayne Nation\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/20 12:28:05 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Desktop\jp7u8udt.exe
[2011/03/19 10:32:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Desktop\MBR.dat
[2011/03/19 10:19:04 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/17 22:48:37 | 000,089,088 | ---- | C] () -- C:\mbr.exe
[2011/03/16 21:55:03 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Desktop\dds.scr
[2011/03/15 20:04:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/15 20:04:10 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/15 20:04:10 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/15 19:57:26 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2011/03/15 19:57:25 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2011/03/15 19:57:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2011/03/14 20:51:02 | 1273,548,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/14 20:24:27 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
[2011/03/14 20:24:27 | 000,001,421 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
[2011/03/12 21:00:19 | 000,120,304 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\My Documents\cc_20110312_210016.reg
[2011/03/06 16:25:41 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Desktop\HiJackThis.lnk
[2011/03/06 15:42:36 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/06 15:38:08 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/28 23:25:33 | 000,141,841 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\My Documents\http___www.pcs.planningportal.gov.uk_pcsportal_fscdav_READONLY_OBJ=COO.2036.300.12.2855646&NAME=_DECISION.pdf
[2011/02/22 20:32:25 | 000,784,159 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\My Documents\complete TM01_termination_of_appointment_of_director.pdf
[2011/02/20 17:02:59 | 000,746,851 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\My Documents\director termination.pdf
[2011/01/09 14:58:47 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Wayne Nation\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/09 14:53:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/22 13:07:27 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/01/19 11:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/05/19 21:31:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2009/05/19 21:31:41 | 000,004,728 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2007/12/09 16:45:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2007/12/09 16:43:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PMK_setup.ini
[2006/09/07 21:25:17 | 000,030,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys
[2006/06/21 16:22:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll
[2005/08/23 20:55:06 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/08/23 20:34:11 | 000,001,444 | ---- | C] () -- C:\WINDOWS\btclickn.ini
[2005/08/20 19:43:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/16 18:16:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/08/16 11:21:01 | 000,187,940 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2005/08/04 12:21:58 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/03/09 09:50:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/07 12:32:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/07 12:22:45 | 000,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/07 12:22:45 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/07 12:22:45 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/07 12:15:13 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/07 12:14:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/07 12:14:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/07 12:14:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 12:07:16 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/03/07 12:07:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2005/03/07 12:07:04 | 000,100,839 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/07 12:01:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/03/07 12:01:47 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/03/07 12:01:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/03/07 12:01:43 | 000,001,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/03/07 11:56:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2005/03/07 11:56:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2005/03/07 11:56:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005/03/07 11:54:46 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/07 11:54:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2005/03/07 11:53:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/07 11:47:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/07 11:46:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/07 11:41:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/07 11:40:52 | 000,221,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/03/22 01:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[1980/01/01 00:00:00 | 000,314,156 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,041,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1980/01/01 00:00:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== LOP Check ==========

[2006/09/02 22:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/06 21:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/11/22 13:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/11/25 15:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/11/25 16:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/12/02 14:13:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/15 19:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2011/03/19 10:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2005/08/05 19:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Template
[2006/09/02 22:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\PC Suite
[2006/09/07 21:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Nokia
[2007/12/09 16:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Nikon
[2010/06/07 21:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Trusteer
[2010/12/02 14:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Uniblue
[2011/03/15 19:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Nation\Application Data\Birdstep Technology

========== Purity Check ==========



< End of report >
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 21st, 2011, 3:31 am

HI

How are things running? Give a detailed description of any problems you may be having.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 21st, 2011, 4:37 am

Ok, won't be able to have a good look at things until tonight\tomorrow but will get back.
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby microw » March 21st, 2011, 3:48 pm

Hi, after last scans and instructions once again things seemed more stable and reliable. Tonight I spent an hour or so using a few programmes and applications and used the internet to browse and download some updates etc and it seemed fine. I restarted it a couple of times and again it seemed OK. I could hear the drive working and making a noise but it was when I expected it to and stopped accordingly. CPU usage was down to normal levels.

However I tried another restart and this time as soon as the OS started the drive began to work and didn't stop. In Task Manager CPU usage was running at 70%. After about 10 minutes I tried to restart again but couldn't restart it normally. Even holding down the power button will not restart it. I had to leave it for almost an hour for it to switch itself off with egg timer stuck (only other option would be removing the battery?).

Have turned it back on to send this and once again things seem normal?

JUst while browsing on Ebay Avast came up with a warning about harmful page and the infection was html script inf, it happened 3 times while looking at standard ebay pages
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 21st, 2011, 4:48 pm

Hi

I don't think your problems are malware related at this stage. The scans are coming back clean.


Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 21st, 2011, 6:13 pm

Contents of scan

The type of the file system is FAT32.
Volume ACER created 21/03/2005 17:34
Volume Serial Number is 320D-180E
Windows is verifying files and folders...
because disk checking was run without the /F (fix) parameter.
\Documents and Settings\Wayne Nation\Application Data\Mozilla\Firefox\Profiles\uhbt031n.default\places.sqlite-journal first allocation unit is not valid. The entry will be truncated.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.
27,658,432 KB total disk space.
2,604,000 KB in 1,457 hidden files.
61,216 KB in 3,790 folders.
12,505,200 KB in 48,324 files.
12,488,000 KB are available.

16,384 bytes in each allocation unit.
1,728,652 total allocation units on disk.
780,500 allocation units available on disk.
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 21st, 2011, 7:36 pm

Hi

Hard-Drive Maintenance:

Note: for the CHKDSK portion you may refer to this tutorial Here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot (Restart) your computer.

Note: Upon Reboot (Restart) the CHKDSK (check-disk) will start and carry out any repairs required.

You should see a screen like this just after the Post (power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

Note: When CHKDSK has completed its scans, the machine will proceed to load and Boot to Windows.

When windows has loaded:

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • An Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • On completion, close the command prompt.


Then give me an update on how things are running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 22nd, 2011, 6:11 pm

Hi,

ran chkdsk but as soon as I turned the machine on I knew the problem was still there, usual signs of disk whirring and cpu usage at 70%. After hitting exit in cmd window it didn't restart but just hung. I had to keep power button pressed to restart. It ran through chkdsk on restart and took a long time and I am not sure if anything was fixed as when I came back after 30 mins it had finished and was on desktop screen. Once again the disk is whirring away and CPU usage at 70% and I am having to use USB keyboard to type this in as Laptop keyboard not responding. I didn't run Defrag as I ran it a couple of days ago but will do again now and see what happens.

Thanks for your patience
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 22nd, 2011, 6:24 pm

Hi

Not a malware issue

At this stage your machine looks to be clean of malware, so the continued problems you are experiencing are not likely to be malware related. As this forum specializes in malware removal I think the best and fastest solution for you is to post on a general PC troubleshooting forum.

These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.

Below are some recommended sites, registration is free, it only takes a few minutes. :)

Geeks to go
Bleeping Computer
What The Tech

It may help to include a link back to your topic here when seeking help at one of the aforementioned forums.

I'm sorry that I could not be of more help to you, and I wish you the best of luck with solving your computer problems. If you have any questions or require any other assistance with malware related issues, please let me know.



OTL by OldTimer

  • Double-click OTL.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Laptop problems DDS problems

Unread postby microw » March 22nd, 2011, 7:33 pm

Many many thanks for all your efforts and time. I very much appreciate your help and only hope it hasn't been too much of a waste of your time, I know you guys are very very busy. I will try your suggestions of getting help elsewhere and I know the work you have done will help in getting this sorted one way or another. Keep up the good work.
microw
Regular Member
 
Posts: 17
Joined: March 15th, 2011, 5:32 pm

Re: Laptop problems DDS problems

Unread postby melboy » March 23rd, 2011, 2:59 pm

You're welcome.

It wasn't a waste of my time - It's better to be safe than sorry. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware