View Full Version : Possible browser hyjacker
Maria 123
2010-06-17, 22:11
Hello.
Similar problem to others, everytime I click on a link in google search results I get re-directed to other random websites.
I can only access the website if I type it into the browser bar direct.
Free AVG not picking it up and Ad-Aware won't run.
Have also run a hyjack-this report, can post results of that if required.
Thanks for your help, Maria, UK
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgcsrvx.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\greg\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.bbc.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LaunchApp] Alaunch
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [LManager] c:\progra~1\launch~1\LManager.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: winlyv32 - winlyv32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\greg\applic~1\mozilla\firefox\profiles\wbsfo7kk.default\
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-9 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-23 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-30 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-30 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-9 112592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
=============== Created Last 30 ================
2010-06-17 16:52:27 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-17 16:52:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-15 18:25:48 0 d-----w- c:\program files\Trend Micro
2010-06-10 21:18:42 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-09 20:50:06 882 ----a-w- c:\windows\RegSDImport.xml
2010-06-09 20:50:06 879 ----a-w- c:\windows\RegISSImport.xml
2010-06-09 20:50:06 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-06-09 20:50:06 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-09 20:50:06 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-09 20:50:06 131 ----a-w- c:\windows\IDB.zip
2010-06-09 20:50:06 1152444 ----a-w- c:\windows\UDB.zip
2010-06-09 20:50:05 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-09 20:50:05 1652688 ----a-w- c:\windows\PCTBDCore.dll.old
2010-06-09 20:50:05 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-09 20:39:23 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-09 20:39:23 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-09 20:38:51 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-09 20:38:51 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-09 20:38:51 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-09 20:38:51 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-09 20:38:09 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-09 20:38:09 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-09 20:37:59 0 d-----w- c:\program files\Spyware Doctor
2010-06-09 20:37:59 0 d-----w- c:\program files\common files\PC Tools
2010-06-09 20:37:59 0 d-----w- c:\docume~1\greg\applic~1\PC Tools
2010-06-09 20:37:59 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-06-02 18:17:10 0 d-----w- c:\program files\Lavasoft
==================== Find3M ====================
2010-06-02 17:30:00 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-14 08:51:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-05-14 08:51:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-30 10:10:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-30 10:10:12 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-04-20 19:50:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042020090421\index.dat
============= FINISH: 19:49:38.46 ===============
Satchfan
2010-06-18, 15:34
Hello Maria 123 and welcome to Safer Networking Forums.
My name is Satchfan and I would be glad to help you with your computer problem. Please read the following guidelines which will help to make cleaning your machine easier:
• Please do not install/uninstall any programs unless asked to.
• Please do not run any scans other than those requested
• Please follow all instructions in the order posted
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• If you don't understand something, please don't hesitate to ask for clarification before proceeding
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
Please note that I am still in training and my replies need to be checked by an expert in order for you to receive the best possible advice. This may result in a small delay between my posts but I shall try to keep this to a minimum.
I am looking through your log now and will reply as soon as possible.
Satchfan
Satchfan
2010-06-19, 00:58
Hello again Maria 123
There is something in your log that looks a bit strange so we’ll need a closer look at that.
Also, I’d like you to run a couple of different tools to have a deeper look at your computer to see what else is lurking.
Submit a file to VirusTotal
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis:
C:\WINDOWS\SYSTEM32\winlyv32.dll
• Click on Browse
• Click on the arrow and choose Local Disc (C:)
http://i944.photobucket.com/albums/ad283/Ninamf/WTT/ChooseLocaldiscC.jpg
• Below, double-click on Windows
• Double-click on the System32folder
• Locate the file winlyv32.dll click on it and then on Open
• Click on Send File.
You will get a report back, post the report into this thread for me to see.
Run OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.
Download the GMER Rootkit Scanner
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).
Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
All drives/partitions except C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Logs to include with next post:
OTL.txt
Extras.txt
GMER.txt
Please don’t forget to post the result from VirusTotal.
Thanks
Satchfan
Maria 123
2010-06-20, 20:31
Hi there
Thanks for your help. Sorry for the long reply.
VirusTotal result:
Sorry but I cannot seem to find this file in system.32 - I have looked for around half an hour now and can't seem to find it.
EXTRAS RESULT
---------------------------------------------------------------------
OTL Extras logfile created on: 20/06/2010 17:01:11 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\greg\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
495.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.30 Gb Total Space | 3.85 Gb Free Space | 10.32% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-4050
Current User Name: greg
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG7\avgw.exe" = C:\Program Files\Grisoft\AVG7\avgw.exe:*:Enabled:AVG Test Center -- File not found
"C:\Program Files\Grisoft\AVG7\avgvv.exe" = C:\Program Files\Grisoft\AVG7\avgvv.exe:*:Enabled:AVG Virus Vault -- File not found
"C:\Acer\ePM\ePM.exe" = C:\Acer\ePM\ePM.exe:*:Enabled:Acer ePowerManagement -- (Acer Value Labs, Taiwan)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" =
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AVG9Uninstall" = AVG Free 9.0
"Browser Defender_is1" = Browser Defender 2.0.6.15
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PC Power Suite (Pro Retail)_is1" = PC Power Suite (Pro Retail)
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07/06/2010 16:22:33 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
Error - 07/06/2010 16:22:49 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
Error - 07/06/2010 16:22:49 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
Error - 07/06/2010 16:22:49 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
Error - 07/06/2010 16:23:04 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
Error - 07/06/2010 16:23:04 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
Error - 07/06/2010 16:23:04 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
Error - 07/06/2010 16:23:20 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
Error - 07/06/2010 16:23:20 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
Error - 07/06/2010 16:23:20 | Computer Name = ACER-4050 | Source = Bonjour Service | ID = 100
Description =
[ System Events ]
Error - 17/06/2010 13:47:08 | Computer Name = ACER-4050 | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
Error - 20/06/2010 10:44:49 | Computer Name = ACER-4050 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 20/06/2010 10:44:49 | Computer Name = ACER-4050 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 20/06/2010 10:55:40 | Computer Name = ACER-4050 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.
Error - 20/06/2010 10:55:42 | Computer Name = ACER-4050 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053
Error - 20/06/2010 10:56:22 | Computer Name = ACER-4050 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
Error - 20/06/2010 10:56:26 | Computer Name = ACER-4050 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.
Error - 20/06/2010 10:56:26 | Computer Name = ACER-4050 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053
Error - 20/06/2010 11:10:04 | Computer Name = ACER-4050 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 20/06/2010 11:10:04 | Computer Name = ACER-4050 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
< End of report >
OTL RESULT
-----------------------------------------------------------
OTL logfile created on: 20/06/2010 17:01:11 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\greg\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
495.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.30 Gb Total Space | 3.85 Gb Free Space | 10.32% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-4050
Current User Name: greg
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\ePM\EPM-DM.exe (Acer Inc)
PRC - C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
========== Driver Services (SafeList) ==========
DRV - (MpKsl0dd5a360) -- C:\WINDOWS\system32\MpEngineStore\MpKsl0dd5a360.sys (Microsoft Corporation)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (ultra) -- C:\WINDOWS\system32\Ultra.dll ()
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) -- C:\WINDOWS\system32\drivers\wA301a.sys (Intel Corporation)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/09 19:17:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 19:17:04 | 000,000,000 | ---D | M]
[2010/06/09 19:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Mozilla\Extensions
[2010/06/09 19:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Mozilla\Firefox\Profiles\wbsfo7kk.default\extensions
[2010/06/09 19:31:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\greg\Application Data\Mozilla\Firefox\Profiles\wbsfo7kk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 19:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 17:56:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\greg\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\winlyv32: DllName - winlyv32.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/06 16:27:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/10/06 16:11:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (67004655208497152)
========== Files/Folders - Created Within 90 Days ==========
[2010/06/20 15:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/06/17 19:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/17 19:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/17 17:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/17 17:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/15 19:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/10 22:18:42 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/10 19:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Local Settings\Application Data\Threat Expert
[2010/06/09 21:50:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/09 21:50:05 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/09 21:50:05 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/09 21:50:05 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/09 21:39:23 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/09 21:38:51 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/09 21:38:51 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/09 21:38:09 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\PC Tools
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/09 21:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/09 21:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\My Documents\Downloads
[2010/06/09 19:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Local Settings\Application Data\Mozilla
[2010/06/09 19:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\Mozilla
[2010/06/09 19:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/02 19:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/02 19:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/17 14:46:40 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010/05/15 23:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/14 09:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\PC Suite
[2010/05/14 09:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\Nokia
[2010/05/14 09:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/14 09:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/05/14 09:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/05/14 09:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/05/14 09:45:37 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/05/14 09:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/05/14 09:45:07 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/05/14 09:45:05 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/05/14 09:45:03 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/05/14 09:44:58 | 000,660,480 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/05/14 09:44:58 | 000,017,664 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/05/14 09:44:53 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/05/14 09:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/05/14 09:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/10 22:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\My Documents\Updater
[2010/05/10 22:38:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/10 22:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2010/05/10 22:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/05/10 22:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2010/05/10 22:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/10 22:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/10 21:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\Uniblue
[2010/05/10 20:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\Blitware
[2010/05/10 20:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\File Helper
[2010/05/10 20:32:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/05/08 11:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/08 11:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/08 11:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/08 10:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/30 11:10:25 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/21 17:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/04/21 17:26:29 | 000,156,904 | ---- | C] (Trusteer Ltd.) -- C:\Documents and Settings\greg\Desktop\RapportSetup.exe
[2010/04/13 13:33:36 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2010/04/08 20:22:04 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/06/20 16:49:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/20 16:12:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/20 16:12:18 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/20 16:09:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/20 16:09:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/20 16:09:42 | 519,622,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/20 15:44:16 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/17 20:54:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/17 20:53:00 | 000,000,174 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/17 20:43:20 | 000,491,328 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/17 20:43:20 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/17 20:43:20 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/17 20:31:28 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\greg\NTUSER.DAT
[2010/06/17 20:31:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\greg\ntuser.ini
[2010/06/17 19:42:08 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/17 19:41:52 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\ERUNT.lnk
[2010/06/17 17:52:50 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\Spybot - Search & Destroy.lnk
[2010/06/17 16:54:30 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\HiJackThis.lnk
[2010/06/10 22:18:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/09 21:38:30 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/09 19:51:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/09 19:34:18 | 000,034,616 | ---- | M] () -- C:\Documents and Settings\greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/09 19:17:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 19:17:10 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/08 03:16:02 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/02 18:30:00 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 18:29:58 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/30 16:33:20 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 16:55:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/17 15:00:54 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/14 09:51:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/05/14 09:51:04 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/05/14 09:46:24 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/05/14 09:42:00 | 034,399,664 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\Nokia PC Suite.exe
[2010/05/10 22:37:10 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/05/10 22:32:34 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\Adobe Photoshop CS2.lnk
[2010/05/10 22:04:52 | 000,000,455 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/30 11:10:26 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/30 11:10:12 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/30 10:58:36 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/04/21 17:26:30 | 000,156,904 | ---- | M] (Trusteer Ltd.) -- C:\Documents and Settings\greg\Desktop\RapportSetup.exe
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/03/25 20:10:44 | 006,943,254 | -H-- | M] () -- C:\Documents and Settings\greg\Local Settings\Application Data\IconCache.db
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/17 19:42:07 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/17 19:41:51 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\ERUNT.lnk
[2010/06/17 17:52:49 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\Spybot - Search & Destroy.lnk
[2010/06/15 19:25:51 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\HiJackThis.lnk
[2010/06/09 21:50:06 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/09 21:50:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/09 21:50:06 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/09 21:50:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/09 21:50:06 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/09 21:50:06 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/09 21:39:23 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/09 21:38:51 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/09 21:38:51 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/09 21:38:29 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/09 21:38:09 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/09 19:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 19:17:08 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/02 20:04:35 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/17 15:00:52 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/14 09:51:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/05/14 09:51:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/05/14 09:46:21 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/05/14 09:41:59 | 034,399,664 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\Nokia PC Suite.exe
[2010/05/13 08:46:28 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/10 22:37:09 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/05/10 22:32:32 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\Adobe Photoshop CS2.lnk
[2010/05/08 11:01:09 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/30 10:58:35 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2007/01/07 19:14:07 | 000,004,500 | ---- | C] () -- C:\WINDOWS\System32\FILTRCOI.DLL
[2007/01/07 12:20:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2004/10/06 17:46:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/06 17:05:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2004/10/06 17:05:34 | 000,000,336 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2004/10/06 16:44:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2004/10/06 16:43:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2004/10/06 16:43:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/10/06 16:39:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/10/06 16:38:00 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/10/06 16:37:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/10/06 16:33:37 | 000,037,684 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/06 16:23:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
========== LOP Check ==========
[2010/02/21 11:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/25 17:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/21 17:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/05/08 11:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/14 09:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/14 09:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/09 21:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/07 12:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\PC POWER SUITE
[2008/03/30 21:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Autodesk
[2008/04/27 10:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\SPAMfighter
[2010/05/10 20:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Blitware
[2010/05/10 21:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Uniblue
[2010/05/14 09:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Nokia
[2010/05/14 09:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\PC Suite
[2010/06/09 19:51:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2009/04/20 20:15:52 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/20 20:15:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2009/04/20 20:15:52 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/20 20:15:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/10/06 16:16:18 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2004/10/06 16:16:18 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/06 16:16:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/30 11:10:12 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/06/02 18:30:00 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/06/02 18:29:58 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplsg.sys
[2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys
[2010/06/10 22:18:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
< End of report >
Gmer Result
The file is 1.21 MB and it won't let me upload it onto here. Is it meant to be that big?
Thanks
Maria
Satchfan
2010-06-21, 23:07
Maria
My apologies for not replying sooner but I didn't receive your reply - my fault.
Please bear with me while I look at the logs.
Thanks
Satchfan
Satchfan
2010-06-22, 23:58
Hi Maria 123
Sorry but I cannot seem to find this file in system.32 don’t worry, it is probably no longer there.
Gmer Result
The file is 1.21 MB and it won't let me upload it onto here. Is it meant to be that big? No, it shouldn’t be. We'll try it again shortly.
Run OTL
Double click on the icon to run it.
Copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\Ultra.dll ()
[2007/01/07 12:20:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
O20 - Winlogon\Notify\winlyv32: DllName - winlyv32.dll - File not found
[2010/05/17 14:46:40 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010/04/13 13:33:36 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2010/04/08 20:22:04 | 000,000,000 | -HSD | C] -- C:\FOUND.001
:Commands
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
C:\WINDOWS\System32\appmgmt
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Try runing Gmer again but in the right panel where you will see several boxes that have been checked, make sure "All" is not checked.
Logs to include in the next post:
OTL.txt
SystemLook.txt
Gmer.txt
Please let me know if there is any change.
Satchfan
Satchfan
2010-06-26, 01:45
Hello Maria 123
It has been several days since I asked you to follow some steps to help clear up your computer problems.
Please let me know if you still require help.
Thanks
Satchfan
Maria 123
2010-06-27, 12:12
hi there
sorry, I have been away with work for a few days....I made several attempts at the beginning of the week but several times my computer just crashes half way through the scans, so I have to re-boot and start again. Plus it takes several minutes to upload webpages etc, very slow and frustrating!
I am working on the scans now again, will post when have results
thanks for your help
Maria 123
2010-06-27, 16:39
OTL result:
OTL logfile created on: 27/06/2010 10:06:09 - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\greg\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
495.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 39.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.30 Gb Total Space | 4.23 Gb Free Space | 11.33% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-4050
Current User Name: greg
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\greg\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgupd.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB976576-x86.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - c:\6b72ff2f5861ea37d0d78fd0\HotFixInstaller.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\ePM\EPM-DM.exe (Acer Inc)
PRC - C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\greg\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) -- C:\WINDOWS\system32\drivers\wA301a.sys (Intel Corporation)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/09 19:17:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 19:17:04 | 000,000,000 | ---D | M]
[2010/06/09 19:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Mozilla\Extensions
[2010/06/09 19:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Mozilla\Firefox\Profiles\wbsfo7kk.default\extensions
[2010/06/09 19:31:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\greg\Application Data\Mozilla\Firefox\Profiles\wbsfo7kk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 19:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 17:56:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\greg\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/06 16:27:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/06/27 10:13:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/27 10:01:15 | 000,000,000 | ---D | C] -- C:\6b72ff2f5861ea37d0d78fd0
[2010/06/24 15:31:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/20 15:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/06/17 19:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/17 19:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/17 17:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/17 17:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/15 19:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/10 22:18:42 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/10 19:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Local Settings\Application Data\Threat Expert
[2010/06/09 21:50:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/09 21:50:05 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/09 21:50:05 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/09 21:50:05 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/09 21:39:23 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/09 21:38:51 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/09 21:38:51 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/09 21:38:09 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\PC Tools
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/09 21:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/09 21:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\My Documents\Downloads
[2010/06/09 19:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Local Settings\Application Data\Mozilla
[2010/06/09 19:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\Mozilla
[2010/06/09 19:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/02 19:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/02 19:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
========== Files - Modified Within 30 Days ==========
[2010/06/27 10:26:32 | 000,491,328 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 10:26:32 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 10:26:32 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 09:57:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/27 09:56:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/27 09:55:44 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/27 09:55:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/27 09:55:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/27 09:55:30 | 519,622,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/24 15:33:42 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\greg\NTUSER.DAT
[2010/06/24 15:33:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\greg\ntuser.ini
[2010/06/20 15:44:16 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/17 20:54:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/17 20:53:00 | 000,000,174 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/17 19:42:08 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/17 19:41:52 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\ERUNT.lnk
[2010/06/17 17:52:50 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/17 17:52:50 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\Spybot - Search & Destroy.lnk
[2010/06/17 16:54:30 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\HiJackThis.lnk
[2010/06/10 22:18:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/09 21:38:30 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/09 19:51:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/09 19:34:18 | 000,034,616 | ---- | M] () -- C:\Documents and Settings\greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/09 19:24:06 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/09 19:17:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 19:17:10 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/09 19:17:10 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/08 03:16:02 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/02 18:30:00 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 18:29:58 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/30 16:33:20 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2010/06/17 19:42:07 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/17 19:41:51 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\ERUNT.lnk
[2010/06/17 17:52:49 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/17 17:52:49 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\Spybot - Search & Destroy.lnk
[2010/06/15 19:25:51 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\HiJackThis.lnk
[2010/06/09 21:50:06 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/09 21:50:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/09 21:50:06 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/09 21:50:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/09 21:50:06 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/09 21:50:06 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/09 21:39:23 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/09 21:38:51 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/09 21:38:51 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/09 21:38:29 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/09 21:38:09 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/09 19:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 19:17:08 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/09 19:17:08 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/02 20:04:35 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/13 08:46:28 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/07 19:14:07 | 000,004,500 | ---- | C] () -- C:\WINDOWS\System32\FILTRCOI.DLL
[2004/10/06 17:46:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/06 17:05:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2004/10/06 17:05:34 | 000,000,336 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2004/10/06 16:44:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2004/10/06 16:43:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2004/10/06 16:43:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/10/06 16:39:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/10/06 16:38:00 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/10/06 16:37:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/10/06 16:33:37 | 000,037,684 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/06 16:23:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
< End of report >
Maria 123
2010-06-27, 21:09
System look should be attached, GMER result is still 256KB, I only have the C drive to select, no other drives, so not sure what I am doing wrong?
Maria 123
2010-06-27, 21:14
Oh and the problem seems to have improved, no jumping to different websites yet, brilliant!!!
Satchfan
2010-06-28, 22:46
Hi Maria 123
Run OTL
Double click on the icon to run it.
Copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) - Related to Adobe
:Commands
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe) If using this link, right-click and select Save As.
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
When finished, it will produce a log. Please include the ComboFix.txt in your next reply. It can be found at C:\ComboFix.txt
Please also include OTL.txt and let me know if there is any change
Thanks
Satchfan
Maria 123
2010-07-01, 21:15
OTL
OTL logfile created on: 01/07/2010 17:42:50 - Run 4
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\greg\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
495.00 Mb Total Physical Memory | 188.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.30 Gb Total Space | 3.72 Gb Free Space | 9.96% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-4050
Current User Name: greg
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\greg\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgupd.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\ePM\EPM-DM.exe (Acer Inc)
PRC - C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\greg\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) -- C:\WINDOWS\system32\drivers\wA301a.sys (Intel Corporation)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/09 19:17:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 19:17:04 | 000,000,000 | ---D | M]
[2010/06/09 19:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Mozilla\Extensions
[2010/06/09 19:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Mozilla\Firefox\Profiles\wbsfo7kk.default\extensions
[2010/06/09 19:31:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\greg\Application Data\Mozilla\Firefox\Profiles\wbsfo7kk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 19:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 17:56:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\greg\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/06 16:27:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/07/01 17:18:10 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2010/06/28 17:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\Facebook
[2010/06/24 15:31:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/20 15:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/06/17 19:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/17 19:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/17 17:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/17 17:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/15 19:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/10 22:18:42 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/10 19:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Local Settings\Application Data\Threat Expert
[2010/06/09 21:50:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/09 21:50:05 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/09 21:50:05 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/09 21:50:05 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/09 21:39:23 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/09 21:38:51 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/09 21:38:51 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/09 21:38:09 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\PC Tools
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/09 21:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/09 21:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\My Documents\Downloads
[2010/06/09 19:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Local Settings\Application Data\Mozilla
[2010/06/09 19:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\Mozilla
[2010/06/09 19:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/02 19:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/02 19:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
========== Files - Modified Within 30 Days ==========
[2010/07/01 17:49:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/01 17:20:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/01 17:20:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/01 17:18:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 17:18:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/01 17:18:16 | 519,622,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/30 21:09:32 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\greg\NTUSER.DAT
[2010/06/30 21:09:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\greg\ntuser.ini
[2010/06/27 10:26:32 | 000,491,328 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 10:26:32 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 10:26:32 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 15:44:16 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/17 20:54:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/17 20:53:00 | 000,000,174 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/17 19:42:08 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/17 19:41:52 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\ERUNT.lnk
[2010/06/17 17:52:50 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/17 17:52:50 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\Spybot - Search & Destroy.lnk
[2010/06/17 16:54:30 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\HiJackThis.lnk
[2010/06/10 22:18:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/09 21:38:30 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/09 19:51:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/09 19:34:18 | 000,034,616 | ---- | M] () -- C:\Documents and Settings\greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/09 19:24:06 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/09 19:17:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 19:17:10 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/09 19:17:10 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/08 03:16:02 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/02 18:30:00 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 18:29:58 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
========== Files Created - No Company Name ==========
[2010/06/17 19:42:07 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/17 19:41:51 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\ERUNT.lnk
[2010/06/17 17:52:49 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/17 17:52:49 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\Spybot - Search & Destroy.lnk
[2010/06/15 19:25:51 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\HiJackThis.lnk
[2010/06/09 21:50:06 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/09 21:50:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/09 21:50:06 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/09 21:50:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/09 21:50:06 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/09 21:50:06 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/09 21:39:23 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/09 21:38:51 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/09 21:38:51 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/09 21:38:29 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/09 21:38:09 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/09 19:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 19:17:08 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/09 19:17:08 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/02 20:04:35 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/13 08:46:28 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/07 19:14:07 | 000,004,500 | ---- | C] () -- C:\WINDOWS\System32\FILTRCOI.DLL
[2004/10/06 17:46:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/06 17:05:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2004/10/06 17:05:34 | 000,000,336 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2004/10/06 16:44:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2004/10/06 16:43:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2004/10/06 16:43:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/10/06 16:39:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/10/06 16:38:00 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/10/06 16:37:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/10/06 16:33:37 | 000,037,684 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/06 16:23:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
< End of report >
COMBOFIX
ComboFix 10-06-30.03 - greg 01/07/2010 18:10:10.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.25 [GMT 1:00]
Running from: c:\documents and settings\greg\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Uninstall.ini
Infected copy of c:\windows\system32\drivers\pcmcia.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.
2010-07-01 16:18 . 2010-07-01 16:18 -------- d-----w- C:\FOUND.001
2010-06-28 16:41 . 2010-06-28 16:41 50354 ----a-w- c:\documents and settings\greg\Application Data\Facebook\uninstall.exe
2010-06-28 16:40 . 2010-06-28 16:40 -------- d-----w- c:\documents and settings\greg\Application Data\Facebook
2010-06-24 14:31 . 2010-06-24 14:31 -------- d-----w- C:\_OTL
2010-06-20 14:48 . 2010-06-20 14:48 -------- d-----w- c:\windows\system32\MpEngineStore
2010-06-17 18:41 . 2010-06-17 18:41 -------- d-----w- c:\program files\ERUNT
2010-06-17 16:52 . 2010-06-17 16:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-17 16:52 . 2010-06-17 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-15 18:25 . 2010-06-15 18:25 388096 ----a-r- c:\documents and settings\greg\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-15 18:25 . 2010-06-15 18:25 -------- d-----w- c:\program files\Trend Micro
2010-06-10 21:18 . 2010-06-10 21:18 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-10 18:08 . 2010-06-10 18:08 -------- d-----w- c:\documents and settings\greg\Local Settings\Application Data\Threat Expert
2010-06-09 20:50 . 2010-06-08 02:16 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-09 20:50 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-09 20:50 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-06-09 20:50 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-06-09 20:50 . 2010-06-08 00:21 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-09 20:50 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-09 20:39 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-09 20:38 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-09 20:38 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-09 20:38 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-09 20:37 . 2010-06-09 20:38 -------- d-----w- c:\program files\Spyware Doctor
2010-06-09 20:37 . 2010-06-09 20:38 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-09 20:37 . 2010-06-09 20:38 -------- d-----w- c:\documents and settings\greg\Application Data\PC Tools
2010-06-09 20:37 . 2010-06-09 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-09 20:37 . 2010-06-09 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-09 18:17 . 2010-06-09 18:17 0 ----a-w- c:\windows\nsreg.dat
2010-06-09 18:17 . 2010-06-09 18:17 -------- d-----w- c:\documents and settings\greg\Local Settings\Application Data\Mozilla
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\greg\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-02 18:17 . 2010-06-02 18:17 -------- d-----w- c:\program files\Lavasoft
2010-06-02 18:17 . 2010-06-02 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-02 17:31 . 2010-06-02 17:31 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 17:31 . 2010-06-02 17:31 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 18:34 . 2008-03-23 10:03 34616 ----a-w- c:\documents and settings\greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 17:30 . 2009-04-10 07:06 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 17:29 . 2008-03-23 10:40 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-14 08:51 . 2010-05-14 08:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-05-14 08:51 . 2010-05-14 08:51 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-14 08:49 . 2010-05-14 08:49 -------- d-----w- c:\documents and settings\greg\Application Data\PC Suite
2010-05-14 08:49 . 2010-05-14 08:49 -------- d-----w- c:\documents and settings\greg\Application Data\Nokia
2010-05-14 08:49 . 2010-05-14 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-05-14 08:46 . 2010-05-14 08:46 -------- d-----w- c:\program files\Common Files\PCSuite
2010-05-14 08:46 . 2010-05-14 08:46 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-14 08:45 . 2010-05-14 08:45 -------- d-----w- c:\program files\DIFX
2010-05-14 08:45 . 2010-05-14 08:45 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-14 08:44 . 2010-05-14 08:44 -------- d-----w- c:\program files\Nokia
2010-05-14 08:43 . 2010-05-14 08:43 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-14 08:43 . 2010-05-14 08:43 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-14 08:43 . 2010-05-14 08:43 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-14 08:43 . 2010-05-14 08:43 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-14 08:42 . 2010-05-14 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-05-14 08:42 . 2010-05-14 08:43 34399664 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia PC Suite.exe
2010-05-10 21:32 . 2010-05-10 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-05-10 21:32 . 2010-05-10 21:32 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-05-10 20:48 . 2010-05-10 20:46 2855 ----a-w- c:\windows\PIF\Photoshop.CS2.KeyGen.PIF
2010-05-10 20:28 . 2010-05-10 20:28 -------- d-----w- c:\documents and settings\greg\Application Data\Uniblue
2010-05-10 19:39 . 2010-05-10 19:39 -------- d-----w- c:\documents and settings\greg\Application Data\Blitware
2010-05-10 19:38 . 2010-05-10 19:38 -------- d-----w- c:\program files\File Helper
2010-05-08 10:00 . 2010-05-08 10:00 -------- d-----w- c:\program files\iPod
2010-05-08 10:00 . 2010-05-08 10:00 -------- d-----w- c:\program files\iTunes
2010-05-08 10:00 . 2010-05-08 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-08 09:56 . 2010-05-08 09:56 -------- d-----w- c:\program files\QuickTime
2010-05-08 09:45 . 2010-05-08 09:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-04 17:20 . 1979-12-31 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-02-21 10:27 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 1979-12-31 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 1980-01-01 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 10:10 . 2010-04-30 10:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-30 10:10 . 2009-04-10 07:06 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-20 05:30 . 1979-12-31 23:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-03-18 184320]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 684032]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2004-12-21 176128]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2004-12-08 2889216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.EXE" [2004-10-01 262144]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\greg\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-30 10:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Acer\\ePM\\ePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09/06/2010 21:38 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2009 08:06 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2009 08:06 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [30/04/2010 11:10 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [30/04/2010 11:10 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [09/06/2010 21:50 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [09/06/2010 21:38 366840]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2010 09:32 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
--- Other Services/Drivers In Memory ---
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 08:32]
2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 08:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\greg\Application Data\Mozilla\Firefox\Profiles\wbsfo7kk.default\
FF - plugin: c:\documents and settings\greg\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 18:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(832)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-07-01 18:25:18
ComboFix-quarantined-files.txt 2010-07-01 17:25
Pre-Run: 3,956,408,320 bytes free
Post-Run: 4,170,743,808 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 836FDAE88B38A366D06B87AC20D4D913
Everything seems to be working fine also, no jumping from websites and computer faster
thanks
Maria
Satchfan
2010-07-03, 00:45
Hi Maria 123
I see no signs of infection in your logs.
We do need to reset your Hosts file and I’d like one more scan to be sure that there isn’t anything else lurking.
Reset your Hosts file
Double click on the OTL icon to run it.
Copy/paste the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Commands
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button)
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Please remember to include the OTL.txt log and let me know how things are running.
Satchfan
Maria 123
2010-07-05, 20:30
OTL Result:
OTL logfile created on: 05/07/2010 17:52:22 - Run 5
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\greg\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
495.00 Mb Total Physical Memory | 18.00 Mb Available Physical Memory | 4.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.30 Gb Total Space | 3.86 Gb Free Space | 10.34% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-4050
Current User Name: greg
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\ePM\EPM-DM.exe (Acer Inc)
PRC - C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) -- C:\WINDOWS\system32\drivers\wA301a.sys (Intel Corporation)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/09 19:17:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 19:17:04 | 000,000,000 | ---D | M]
[2010/06/09 19:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Mozilla\Extensions
[2010/06/09 19:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\greg\Application Data\Mozilla\Firefox\Profiles\wbsfo7kk.default\extensions
[2010/06/09 19:31:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\greg\Application Data\Mozilla\Firefox\Profiles\wbsfo7kk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 19:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/05 17:35:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/05 17:35:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/05 17:35:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/05 17:35:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/07/05 17:46:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\greg\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/06 16:27:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/07/05 17:46:16 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/07/01 18:01:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/01 17:57:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/01 17:57:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/01 17:57:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/01 17:57:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/01 17:52:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/01 17:18:10 | 000,000,000 | ---D | C] -- C:\FOUND.001
[2010/06/28 17:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\Facebook
[2010/06/24 15:31:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/20 15:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/06/17 19:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/17 19:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/17 17:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/17 17:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/15 19:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/10 22:18:42 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/10 19:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Local Settings\Application Data\Threat Expert
[2010/06/09 21:50:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/09 21:50:05 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/09 21:50:05 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/09 21:50:05 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/09 21:39:23 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/09 21:38:51 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/09 21:38:51 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/09 21:38:09 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\PC Tools
[2010/06/09 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/09 21:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/09 21:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\My Documents\Downloads
[2010/06/09 19:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Local Settings\Application Data\Mozilla
[2010/06/09 19:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\greg\Application Data\Mozilla
[2010/06/09 19:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2010/07/05 17:51:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 17:49:12 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 17:48:04 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 17:47:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 17:47:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 17:47:38 | 519,622,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 17:46:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\greg\ntuser.ini
[2010/07/05 17:46:36 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\greg\NTUSER.DAT
[2010/07/01 18:21:36 | 000,000,451 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/01 18:01:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/01 17:55:20 | 003,725,156 | R--- | M] () -- C:\Documents and Settings\greg\Desktop\ComboFix.exe
[2010/06/27 10:26:32 | 000,491,328 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 10:26:32 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 10:26:32 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 15:44:16 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/17 20:54:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/17 20:53:00 | 000,000,174 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/17 19:42:08 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/17 19:41:52 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\ERUNT.lnk
[2010/06/17 17:52:50 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\Spybot - Search & Destroy.lnk
[2010/06/17 16:54:30 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\greg\Desktop\HiJackThis.lnk
[2010/06/10 22:18:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/09 21:38:30 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/09 19:34:18 | 000,034,616 | ---- | M] () -- C:\Documents and Settings\greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/09 19:17:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 19:17:10 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/08 03:16:02 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
========== Files Created - No Company Name ==========
[2010/07/01 18:01:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/01 18:01:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/01 17:57:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/01 17:57:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/01 17:57:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/01 17:57:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/01 17:57:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/01 17:54:48 | 003,725,156 | R--- | C] () -- C:\Documents and Settings\greg\Desktop\ComboFix.exe
[2010/06/17 19:42:07 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/17 19:41:51 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\ERUNT.lnk
[2010/06/17 17:52:49 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\Spybot - Search & Destroy.lnk
[2010/06/15 19:25:51 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\greg\Desktop\HiJackThis.lnk
[2010/06/09 21:50:06 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/09 21:50:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/09 21:50:06 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/09 21:50:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/09 21:50:06 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/09 21:50:06 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/09 21:39:23 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/09 21:38:51 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/09 21:38:51 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/09 21:38:29 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/09 21:38:09 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/09 19:17:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 19:17:08 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/13 08:46:28 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/07 19:14:07 | 000,004,500 | ---- | C] () -- C:\WINDOWS\System32\FILTRCOI.DLL
[2004/10/06 17:46:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/06 17:05:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2004/10/06 16:44:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2004/10/06 16:43:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2004/10/06 16:43:43 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/10/06 16:39:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/10/06 16:38:00 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/10/06 16:37:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/10/06 16:33:37 | 000,037,684 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/06 16:23:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
< End of report >
And
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4278
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
05/07/2010 18:18:47
mbam-log-2010-07-05 (18-18-47).txt
Scan type: Quick scan
Objects scanned: 132910
Time elapsed: 8 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Looks as if it is all clearned up now. I have had no further problems either.
Thanks so much for your help :-)
essexboy
2010-07-05, 21:21
Hi Satchfan is on her hols now, so I get to take the Kudos for you being clean muha:
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.
SPRING CLEAN
Download and run Puran Disc Defragmenter (http://www.puransoftware.com/Puran-Defrag-Download.html)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) to help prevent spyware from installing in the first place.
http://img233.imageshack.us/img233/7729/mbamicontw5.gif Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Keep safe
Maria 123
2010-07-09, 22:47
Hello
All of the above done, and again thanks so much for your help computer is faster than it's ever been and having no more problems!
Thanks for you're time!
Maria:thanks::)
essexboy
2010-07-09, 22:55
Glad to be of assistance - but from the backgorund :angel: