Jump to content

eaduggan

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, Our desktop PC will not boot up to Windows - we think it's xp. It starts off relatively normally, except the monitor has vertical yellow lines through it - but at least the writing is readable. If I go into the BIOS (?) screen by pressing a PF8 key (or whatever) I can't read that text either. If I let it run past the first screen (without getting into BIOS) the text is unreadable: "Vd 'pnlnfhzd fnr thd hnbnnvdnhdnbd, btt Vhndnvr dhd nnt rt'rt rtbbdrrftllx. @rdbdnt h'rdv 'rd nr rnftv'rd bh'nfd lhfht h'vd b'trdd thhr." And on and on it goes with this rubbish. You can see the timer counting down, then it goes to power safe mode. Then it starts the boot again. Is it a virus or hardware do you think? Anything I can do to fix it? Thanks so much
  2. No, sorry can't remember what it was. The notebook after security check showed: Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java SE Runtime Environment 6 Update 1 Adobe Flash Player 10.2.152.32 Mozilla Firefox (3.6.8) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log```````````` I think Google is working fine now & I don't seem to be having any other issues. Thanks again!
  3. ESET removed a virus, but I can't find the file in notepad afterwards.
  4. I hope this is what you were after - please let me know if not, thanks: 2011/03/26 12:53:42.0687 1436 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/26 12:53:43.0562 1436 ================================================================================ 2011/03/26 12:53:43.0562 1436 SystemInfo: 2011/03/26 12:53:43.0562 1436 2011/03/26 12:53:43.0562 1436 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/26 12:53:43.0562 1436 Product type: Workstation 2011/03/26 12:53:43.0562 1436 ComputerName: USER-72390D5B51 2011/03/26 12:53:43.0562 1436 UserName: Administrator 2011/03/26 12:53:43.0562 1436 Windows directory: D:\WINDOWS1 2011/03/26 12:53:43.0562 1436 System windows directory: D:\WINDOWS1 2011/03/26 12:53:43.0562 1436 Processor architecture: Intel x86 2011/03/26 12:53:43.0562 1436 Number of processors: 1 2011/03/26 12:53:43.0562 1436 Page size: 0x1000 2011/03/26 12:53:43.0562 1436 Boot type: Normal boot 2011/03/26 12:53:43.0562 1436 ================================================================================ 2011/03/26 12:53:43.0875 1436 Initialize success
  5. Thanks for your continuing help. I downloaded ComboFix but had the same problem I had with DDS in that it starts to scan, but no results show & when I move the mouse a couple of times (to try & close it) the mouse dissappears & I have to reboot. My Google seems to be working now anyway (haven't struck a redirect in a couple of days), but if you think I should keep on with cleaning up the system somehow let me know. Thanks again - very much appreciate your help.
  6. Thank you so much for your help. The basic problem is the Google redirect virus. I followed the instructions given to run DDS, but it doesn't produce any script & my computer freezes. These are the results of the OTL scan (OTL txt first & then Extras): OTL logfile created on: 21/03/2011 2:13:04 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1,015.00 Mb Total Physical Memory | 591.00 Mb Available Physical Memory | 58.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): D:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS1 | %ProgramFiles% = D:\Program Files Drive C: | 110.07 Gb Total Space | 79.77 Gb Free Space | 72.48% Space Free | Partition Type: NTFS Drive D: | 76.24 Gb Total Space | 33.41 Gb Free Space | 43.82% Space Free | Partition Type: NTFS Computer Name: USER-72390D5B51 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/21 14:11:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe PRC - [2011/03/18 22:33:55 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/11/03 11:33:31 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/11/03 11:33:31 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/08/26 22:26:38 | 000,181,312 | ---- | M] () -- D:\Program Files\Photodex\CompuPicPro\scsiaccess.exe PRC - [2010/02/12 14:15:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS1\explorer.exe PRC - [2010/01/14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.) -- D:\Program Files\Raxco\PerfectDisk\PDEngine.exe PRC - [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- D:\Program Files\Raxco\PerfectDisk\PDAgent.exe PRC - [2004/10/27 17:49:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS1\SOUNDMAN.EXE ========== Modules (SafeList) ========== MOD - [2011/03/21 14:11:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe MOD - [2010/02/12 14:15:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS1\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011/03/18 22:33:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/11/03 11:33:31 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/08/26 22:26:38 | 000,181,312 | ---- | M] () [Auto | Running] -- D:\Program Files\Photodex\CompuPicPro\scsiaccess.exe -- (ScsiAccess) SRV - [2007/11/06 08:37:58 | 000,201,992 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- D:\Program Files\Raxco\PerfectDisk\PDExchange.exe -- (PDExchange) SRV - [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- D:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine) SRV - [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- D:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent) ========== Driver Services (SafeList) ========== DRV - [2011/03/18 22:34:00 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS1\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/11/28 06:43:10 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\WINDOWS1\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/02/12 14:15:00 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- D:\WINDOWS1\System32\drivers\dumpdrv.sys -- (DumpDrv) DRV - [2009/05/11 13:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS1\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/10/31 06:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008/04/14 11:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/10/22 05:33:40 | 000,068,624 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- D:\WINDOWS1\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- D:\WINDOWS1\system32\drivers\motmodem.sys -- (motmodem) DRV - [2006/10/02 13:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\pfc.sys -- (pfc) DRV - [2006/02/27 02:22:48 | 000,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\nvmpu401.sys -- (nvmpu401) Service for NVIDIA® nForce DRV - [2004/10/27 16:57:38 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/02/09 14:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\NetMotCM.sys -- (ndiscm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS1\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS1\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/01/03 11:47:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/01/03 11:47:36 | 000,000,000 | ---D | M] [2010/08/26 22:36:18 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2011/03/19 07:53:12 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgzkn5b8.default\extensions [2010/08/27 14:17:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgzkn5b8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/27 14:16:43 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions [2010/08/27 11:10:20 | 000,075,208 | ---- | M] (Foxit Software Company) -- D:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010/07/23 11:29:54 | 000,001,538 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/07/23 11:29:54 | 000,000,947 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/07/23 11:29:54 | 000,000,769 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/07/23 11:29:54 | 000,001,135 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/02/12 14:15:00 | 000,000,781 | ---- | M]) - D:\WINDOWS1\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [soundMan] D:\WINDOWS1\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51 O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS1\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - D:\WINDOWS1\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - D:\WINDOWS1\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\RailNotification: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - File not found O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\afwserv.exe: Debugger - svchost.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/26 03:52:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/05/21 13:38:07 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) - D:\WINDOWS1\System32\PDBoot.exe (Raxco Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/21 14:12:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe [2011/03/18 22:45:17 | 000,000,000 | -H-D | C] -- D:\WINDOWS1\PIF [2011/03/18 16:40:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\MFAData [2011/03/16 11:42:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\iTunes [2011/03/02 20:09:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Motorola Phone Tools [2011/03/02 20:08:55 | 001,419,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS1\System32\wdfcoinstaller01005.dll [2011/03/02 20:08:55 | 000,023,680 | ---- | C] (Motorola) -- D:\WINDOWS1\System32\drivers\motmodem.sys [2011/03/02 20:08:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Motorola Driver Installer [2011/03/02 19:15:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software [2011/03/02 19:11:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\BVRP Software [2011/03/02 19:11:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\InstallShield [1 D:\WINDOWS1\System32\*.tmp files -> D:\WINDOWS1\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/21 14:11:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe [2011/03/21 14:11:00 | 000,001,010 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-790525478-1644491937-500UA.job [2011/03/21 14:09:01 | 000,000,900 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskMachineUA.job [2011/03/21 12:17:55 | 000,002,497 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk [2011/03/21 09:11:02 | 000,000,958 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-790525478-1644491937-500Core.job [2011/03/21 07:02:17 | 000,000,896 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskMachineCore.job [2011/03/21 07:01:58 | 000,002,048 | --S- | M] () -- D:\WINDOWS1\bootstat.dat [2011/03/19 11:19:24 | 000,625,664 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\dds.scr [2011/03/19 11:18:17 | 000,000,202 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\dds (3) (1).scr [2011/03/19 10:23:36 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Administrator\defogger_reenable [2011/03/19 08:12:10 | 000,002,344 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk [2011/03/19 08:12:10 | 000,002,322 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/03/18 22:34:00 | 000,137,656 | ---- | M] (Avira GmbH) -- D:\WINDOWS1\System32\drivers\avipbb.sys [2011/03/18 18:44:54 | 000,000,798 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Defogger.exe.lnk [2011/03/18 17:55:30 | 000,001,324 | ---- | M] () -- D:\WINDOWS1\System32\d3d9caps.dat [2011/03/18 15:19:28 | 000,002,499 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk [2011/03/16 11:42:38 | 000,001,544 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\iTunes.lnk [2011/03/16 11:36:57 | 000,001,856 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Safari.lnk [2011/03/16 11:36:57 | 000,001,856 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/03/15 19:14:54 | 000,000,169 | ---- | M] () -- D:\WINDOWS1\RtlRack.ini [2011/03/15 19:12:01 | 000,465,072 | ---- | M] () -- D:\WINDOWS1\System32\perfh009.dat [2011/03/15 19:12:01 | 000,078,958 | ---- | M] () -- D:\WINDOWS1\System32\perfc009.dat [2011/03/14 18:23:06 | 000,000,020 | -H-- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\PKP_DLec.DAT [2011/03/14 10:27:01 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/10 11:10:19 | 000,002,206 | ---- | M] () -- D:\WINDOWS1\System32\wpa.dbl [2011/03/02 21:17:00 | 000,000,069 | ---- | M] () -- D:\WINDOWS1\NeroDigital.ini [2011/03/02 21:16:59 | 000,006,144 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/02 20:12:05 | 000,000,000 | -H-- | M] () -- D:\WINDOWS1\System32\drivers\Msft_Kernel_motmodem_01005.Wdf [2011/03/02 20:12:04 | 000,000,000 | -H-- | M] () -- D:\WINDOWS1\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2011/03/02 20:09:49 | 000,001,679 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Motorola Phone Tools.lnk [2011/03/02 18:30:05 | 000,002,560 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1830.jpg [2011/03/02 18:26:45 | 000,003,003 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1826.jpg [2011/03/02 18:25:15 | 000,022,710 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1825.jpg [2011/03/02 18:24:49 | 000,022,537 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1824.jpg [1 D:\WINDOWS1\System32\*.tmp files -> D:\WINDOWS1\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/19 11:19:28 | 000,625,664 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\dds.scr [2011/03/19 11:18:23 | 000,000,202 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\dds (3) (1).scr [2011/03/19 10:23:36 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Administrator\defogger_reenable [2011/03/18 18:44:54 | 000,000,798 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Defogger.exe.lnk [2011/03/16 11:42:38 | 000,001,544 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\iTunes.lnk [2011/03/02 20:12:05 | 000,000,000 | -H-- | C] () -- D:\WINDOWS1\System32\drivers\Msft_Kernel_motmodem_01005.Wdf [2011/03/02 20:12:04 | 000,000,000 | -H-- | C] () -- D:\WINDOWS1\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2011/03/02 19:15:46 | 000,001,679 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Motorola Phone Tools.lnk [2011/03/02 18:30:05 | 000,002,560 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1830.jpg [2011/03/02 18:26:45 | 000,003,003 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1826.jpg [2011/03/02 18:25:15 | 000,022,710 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1825.jpg [2011/03/02 18:24:49 | 000,022,537 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1824.jpg [2010/12/07 07:49:13 | 000,000,169 | ---- | C] () -- D:\WINDOWS1\RtlRack.ini [2010/10/15 11:21:48 | 000,000,020 | -H-- | C] () -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\PKP_DLec.DAT [2010/08/27 12:49:05 | 000,001,324 | ---- | C] () -- D:\WINDOWS1\System32\d3d9caps.dat [2010/08/26 23:08:04 | 000,000,069 | ---- | C] () -- D:\WINDOWS1\NeroDigital.ini [2010/08/26 23:08:00 | 000,006,144 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/26 23:01:35 | 000,001,682 | -HS- | C] () -- D:\WINDOWS1\System32\KGyGaAvL.sys [2010/08/26 23:01:35 | 000,000,056 | RHS- | C] () -- D:\WINDOWS1\System32\043A0FBA06.sys [2010/08/26 22:36:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS1\nsreg.dat [2010/08/26 13:22:52 | 000,004,205 | ---- | C] () -- D:\WINDOWS1\ODBCINST.INI [2010/08/26 13:16:12 | 000,227,208 | ---- | C] () -- D:\WINDOWS1\System32\FNTCACHE.DAT [2010/08/26 05:24:19 | 000,000,164 | ---- | C] () -- D:\WINDOWS1\avrack.ini [2010/08/26 05:24:13 | 000,156,672 | ---- | C] () -- D:\WINDOWS1\System32\RTLCPAPI.dll [2010/08/26 05:24:12 | 000,040,448 | ---- | C] () -- D:\WINDOWS1\System32\ChCfg.exe [2010/08/26 05:13:11 | 000,000,379 | ---- | C] () -- D:\WINDOWS1\ODBC.INI [2010/08/26 03:56:50 | 000,155,720 | ---- | C] () -- D:\WINDOWS1\System32\CDR.exe [2010/08/26 03:56:50 | 000,110,085 | R--- | C] () -- D:\WINDOWS1\System32\cdimage.exe [2010/08/26 03:52:54 | 000,002,048 | --S- | C] () -- D:\WINDOWS1\bootstat.dat [2010/08/26 03:45:05 | 000,021,640 | ---- | C] () -- D:\WINDOWS1\System32\emptyregdb.dat [2010/08/26 03:44:00 | 000,018,904 | ---- | C] () -- D:\WINDOWS1\System32\structuredqueryschematrivial.bin [2010/08/26 03:43:59 | 000,106,605 | ---- | C] () -- D:\WINDOWS1\System32\structuredqueryschema.bin [2010/08/26 03:43:59 | 000,031,698 | ---- | C] () -- D:\WINDOWS1\System32\gthrctr.ini [2010/08/26 03:43:59 | 000,020,698 | ---- | C] () -- D:\WINDOWS1\System32\idxcntrs.ini [2010/08/26 03:43:58 | 000,030,628 | ---- | C] () -- D:\WINDOWS1\System32\gsrvctr.ini [2010/02/12 14:15:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS1\System32\oembios.bin [2010/02/12 14:15:00 | 001,481,728 | ---- | C] () -- D:\WINDOWS1\System32\LegitCheckControl.dll [2010/02/12 14:15:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS1\System32\mlang.dat [2010/02/12 14:15:00 | 000,465,072 | ---- | C] () -- D:\WINDOWS1\System32\perfh009.dat [2010/02/12 14:15:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS1\System32\perfi009.dat [2010/02/12 14:15:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS1\System32\dssec.dat [2010/02/12 14:15:00 | 000,078,958 | ---- | C] () -- D:\WINDOWS1\System32\perfc009.dat [2010/02/12 14:15:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS1\System32\mib.bin [2010/02/12 14:15:00 | 000,031,232 | ---- | C] () -- D:\WINDOWS1\System32\cmdow.exe [2010/02/12 14:15:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS1\System32\perfd009.dat [2010/02/12 14:15:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS1\System32\secupd.dat [2010/02/12 14:15:00 | 000,004,463 | ---- | C] () -- D:\WINDOWS1\System32\oembios.dat [2010/02/12 14:15:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS1\System32\Dcache.bin [2010/02/12 14:15:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS1\System32\noise.dat [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS1\System32\OUTLPERF.INI < End of report > OTL Extras logfile created on: 21/03/2011 2:13:04 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1,015.00 Mb Total Physical Memory | 591.00 Mb Available Physical Memory | 58.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): D:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS1 | %ProgramFiles% = D:\Program Files Drive C: | 110.07 Gb Total Space | 79.77 Gb Free Space | 72.48% Space Free | Partition Type: NTFS Drive D: | 76.24 Gb Total Space | 33.41 Gb Free Space | 43.82% Space Free | Partition Type: NTFS Computer Name: USER-72390D5B51 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hta [@ = hta_auto_file] -- "C:\WINDOWS\system32\mshta.exe" "%1" [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [openNew] -- explorer %1 (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:
  7. Thanks, but I did post it in that section on Friday & no one has replied as yet. Should I just wait? I know you have to give 48 hours, but it's more than that now.
  8. I can't run DDS and I have no idea where any script blockers might be. I've down loaded all 3 recommended with the same results. It runs, then I get no txt results, but my computer freezes up (including mouse) & I have to switch PC on & off to get it going again.
  9. DDS won't run. I've tried all 3 (dds.scr and dds.com and forospyware) but none work. dds.scr starts to run, but when it appears to have completed the whole pc freezes & I have to turn it off & on again. Same for dds.com. When I typed in the forospyware link, my antiviral popped up & asked if I wanted to remove it - I assume it was the forospyware it removed. I'm not sure if I have any script blockers running as I have no idea what programs run them & how to turn them off!
  10. I have Google Redirect virus still after updating virus software & completing full system scan (Avira & Melaware Bytes). I need someone to walk me thru it from the beginning to get rid of it. I've looked at the previous posts & have no idea where to start. Please help. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.