Thank you so much for your help. The basic problem is the Google redirect virus. I followed the instructions given to run DDS, but it doesn't produce any script & my computer freezes. These are the results of the OTL scan (OTL txt first & then Extras): OTL logfile created on: 21/03/2011 2:13:04 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1,015.00 Mb Total Physical Memory | 591.00 Mb Available Physical Memory | 58.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): D:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS1 | %ProgramFiles% = D:\Program Files Drive C: | 110.07 Gb Total Space | 79.77 Gb Free Space | 72.48% Space Free | Partition Type: NTFS Drive D: | 76.24 Gb Total Space | 33.41 Gb Free Space | 43.82% Space Free | Partition Type: NTFS Computer Name: USER-72390D5B51 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/21 14:11:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe PRC - [2011/03/18 22:33:55 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/11/03 11:33:31 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/11/03 11:33:31 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/08/26 22:26:38 | 000,181,312 | ---- | M] () -- D:\Program Files\Photodex\CompuPicPro\scsiaccess.exe PRC - [2010/02/12 14:15:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS1\explorer.exe PRC - [2010/01/14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.) -- D:\Program Files\Raxco\PerfectDisk\PDEngine.exe PRC - [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- D:\Program Files\Raxco\PerfectDisk\PDAgent.exe PRC - [2004/10/27 17:49:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS1\SOUNDMAN.EXE ========== Modules (SafeList) ========== MOD - [2011/03/21 14:11:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe MOD - [2010/02/12 14:15:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS1\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011/03/18 22:33:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/11/03 11:33:31 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/08/26 22:26:38 | 000,181,312 | ---- | M] () [Auto | Running] -- D:\Program Files\Photodex\CompuPicPro\scsiaccess.exe -- (ScsiAccess) SRV - [2007/11/06 08:37:58 | 000,201,992 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- D:\Program Files\Raxco\PerfectDisk\PDExchange.exe -- (PDExchange) SRV - [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- D:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine) SRV - [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- D:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent) ========== Driver Services (SafeList) ========== DRV - [2011/03/18 22:34:00 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS1\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/11/28 06:43:10 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\WINDOWS1\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/02/12 14:15:00 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- D:\WINDOWS1\System32\drivers\dumpdrv.sys -- (DumpDrv) DRV - [2009/05/11 13:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS1\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/10/31 06:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008/04/14 11:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/10/22 05:33:40 | 000,068,624 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- D:\WINDOWS1\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- D:\WINDOWS1\system32\drivers\motmodem.sys -- (motmodem) DRV - [2006/10/02 13:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\pfc.sys -- (pfc) DRV - [2006/02/27 02:22:48 | 000,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\nvmpu401.sys -- (nvmpu401) Service for NVIDIA® nForce DRV - [2004/10/27 16:57:38 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/02/09 14:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS1\system32\drivers\NetMotCM.sys -- (ndiscm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS1\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS1\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/01/03 11:47:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/01/03 11:47:36 | 000,000,000 | ---D | M] [2010/08/26 22:36:18 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2011/03/19 07:53:12 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgzkn5b8.default\extensions [2010/08/27 14:17:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgzkn5b8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/27 14:16:43 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions [2010/08/27 11:10:20 | 000,075,208 | ---- | M] (Foxit Software Company) -- D:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010/07/23 11:29:54 | 000,001,538 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/07/23 11:29:54 | 000,000,947 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/07/23 11:29:54 | 000,000,769 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/07/23 11:29:54 | 000,001,135 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/02/12 14:15:00 | 000,000,781 | ---- | M]) - D:\WINDOWS1\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [soundMan] D:\WINDOWS1\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51 O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS1\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - D:\WINDOWS1\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - D:\WINDOWS1\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\RailNotification: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - File not found O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\afwserv.exe: Debugger - svchost.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/26 03:52:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/05/21 13:38:07 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) - D:\WINDOWS1\System32\PDBoot.exe (Raxco Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/21 14:12:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe [2011/03/18 22:45:17 | 000,000,000 | -H-D | C] -- D:\WINDOWS1\PIF [2011/03/18 16:40:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\MFAData [2011/03/16 11:42:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\iTunes [2011/03/02 20:09:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Motorola Phone Tools [2011/03/02 20:08:55 | 001,419,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS1\System32\wdfcoinstaller01005.dll [2011/03/02 20:08:55 | 000,023,680 | ---- | C] (Motorola) -- D:\WINDOWS1\System32\drivers\motmodem.sys [2011/03/02 20:08:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Motorola Driver Installer [2011/03/02 19:15:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software [2011/03/02 19:11:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\BVRP Software [2011/03/02 19:11:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\InstallShield [1 D:\WINDOWS1\System32\*.tmp files -> D:\WINDOWS1\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/21 14:11:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL (1).exe [2011/03/21 14:11:00 | 000,001,010 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-790525478-1644491937-500UA.job [2011/03/21 14:09:01 | 000,000,900 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskMachineUA.job [2011/03/21 12:17:55 | 000,002,497 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk [2011/03/21 09:11:02 | 000,000,958 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-790525478-1644491937-500Core.job [2011/03/21 07:02:17 | 000,000,896 | ---- | M] () -- D:\WINDOWS1\tasks\GoogleUpdateTaskMachineCore.job [2011/03/21 07:01:58 | 000,002,048 | --S- | M] () -- D:\WINDOWS1\bootstat.dat [2011/03/19 11:19:24 | 000,625,664 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\dds.scr [2011/03/19 11:18:17 | 000,000,202 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\dds (3) (1).scr [2011/03/19 10:23:36 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Administrator\defogger_reenable [2011/03/19 08:12:10 | 000,002,344 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk [2011/03/19 08:12:10 | 000,002,322 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/03/18 22:34:00 | 000,137,656 | ---- | M] (Avira GmbH) -- D:\WINDOWS1\System32\drivers\avipbb.sys [2011/03/18 18:44:54 | 000,000,798 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Defogger.exe.lnk [2011/03/18 17:55:30 | 000,001,324 | ---- | M] () -- D:\WINDOWS1\System32\d3d9caps.dat [2011/03/18 15:19:28 | 000,002,499 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk [2011/03/16 11:42:38 | 000,001,544 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\iTunes.lnk [2011/03/16 11:36:57 | 000,001,856 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Safari.lnk [2011/03/16 11:36:57 | 000,001,856 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/03/15 19:14:54 | 000,000,169 | ---- | M] () -- D:\WINDOWS1\RtlRack.ini [2011/03/15 19:12:01 | 000,465,072 | ---- | M] () -- D:\WINDOWS1\System32\perfh009.dat [2011/03/15 19:12:01 | 000,078,958 | ---- | M] () -- D:\WINDOWS1\System32\perfc009.dat [2011/03/14 18:23:06 | 000,000,020 | -H-- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\PKP_DLec.DAT [2011/03/14 10:27:01 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/10 11:10:19 | 000,002,206 | ---- | M] () -- D:\WINDOWS1\System32\wpa.dbl [2011/03/02 21:17:00 | 000,000,069 | ---- | M] () -- D:\WINDOWS1\NeroDigital.ini [2011/03/02 21:16:59 | 000,006,144 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/02 20:12:05 | 000,000,000 | -H-- | M] () -- D:\WINDOWS1\System32\drivers\Msft_Kernel_motmodem_01005.Wdf [2011/03/02 20:12:04 | 000,000,000 | -H-- | M] () -- D:\WINDOWS1\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2011/03/02 20:09:49 | 000,001,679 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Motorola Phone Tools.lnk [2011/03/02 18:30:05 | 000,002,560 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1830.jpg [2011/03/02 18:26:45 | 000,003,003 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1826.jpg [2011/03/02 18:25:15 | 000,022,710 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1825.jpg [2011/03/02 18:24:49 | 000,022,537 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1824.jpg [1 D:\WINDOWS1\System32\*.tmp files -> D:\WINDOWS1\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/19 11:19:28 | 000,625,664 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\dds.scr [2011/03/19 11:18:23 | 000,000,202 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\dds (3) (1).scr [2011/03/19 10:23:36 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Administrator\defogger_reenable [2011/03/18 18:44:54 | 000,000,798 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Defogger.exe.lnk [2011/03/16 11:42:38 | 000,001,544 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\iTunes.lnk [2011/03/02 20:12:05 | 000,000,000 | -H-- | C] () -- D:\WINDOWS1\System32\drivers\Msft_Kernel_motmodem_01005.Wdf [2011/03/02 20:12:04 | 000,000,000 | -H-- | C] () -- D:\WINDOWS1\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2011/03/02 19:15:46 | 000,001,679 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS1\Desktop\Motorola Phone Tools.lnk [2011/03/02 18:30:05 | 000,002,560 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1830.jpg [2011/03/02 18:26:45 | 000,003,003 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1826.jpg [2011/03/02 18:25:15 | 000,022,710 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1825.jpg [2011/03/02 18:24:49 | 000,022,537 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\02-03-11_1824.jpg [2010/12/07 07:49:13 | 000,000,169 | ---- | C] () -- D:\WINDOWS1\RtlRack.ini [2010/10/15 11:21:48 | 000,000,020 | -H-- | C] () -- D:\Documents and Settings\All Users.WINDOWS1\Application Data\PKP_DLec.DAT [2010/08/27 12:49:05 | 000,001,324 | ---- | C] () -- D:\WINDOWS1\System32\d3d9caps.dat [2010/08/26 23:08:04 | 000,000,069 | ---- | C] () -- D:\WINDOWS1\NeroDigital.ini [2010/08/26 23:08:00 | 000,006,144 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/26 23:01:35 | 000,001,682 | -HS- | C] () -- D:\WINDOWS1\System32\KGyGaAvL.sys [2010/08/26 23:01:35 | 000,000,056 | RHS- | C] () -- D:\WINDOWS1\System32\043A0FBA06.sys [2010/08/26 22:36:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS1\nsreg.dat [2010/08/26 13:22:52 | 000,004,205 | ---- | C] () -- D:\WINDOWS1\ODBCINST.INI [2010/08/26 13:16:12 | 000,227,208 | ---- | C] () -- D:\WINDOWS1\System32\FNTCACHE.DAT [2010/08/26 05:24:19 | 000,000,164 | ---- | C] () -- D:\WINDOWS1\avrack.ini [2010/08/26 05:24:13 | 000,156,672 | ---- | C] () -- D:\WINDOWS1\System32\RTLCPAPI.dll [2010/08/26 05:24:12 | 000,040,448 | ---- | C] () -- D:\WINDOWS1\System32\ChCfg.exe [2010/08/26 05:13:11 | 000,000,379 | ---- | C] () -- D:\WINDOWS1\ODBC.INI [2010/08/26 03:56:50 | 000,155,720 | ---- | C] () -- D:\WINDOWS1\System32\CDR.exe [2010/08/26 03:56:50 | 000,110,085 | R--- | C] () -- D:\WINDOWS1\System32\cdimage.exe [2010/08/26 03:52:54 | 000,002,048 | --S- | C] () -- D:\WINDOWS1\bootstat.dat [2010/08/26 03:45:05 | 000,021,640 | ---- | C] () -- D:\WINDOWS1\System32\emptyregdb.dat [2010/08/26 03:44:00 | 000,018,904 | ---- | C] () -- D:\WINDOWS1\System32\structuredqueryschematrivial.bin [2010/08/26 03:43:59 | 000,106,605 | ---- | C] () -- D:\WINDOWS1\System32\structuredqueryschema.bin [2010/08/26 03:43:59 | 000,031,698 | ---- | C] () -- D:\WINDOWS1\System32\gthrctr.ini [2010/08/26 03:43:59 | 000,020,698 | ---- | C] () -- D:\WINDOWS1\System32\idxcntrs.ini [2010/08/26 03:43:58 | 000,030,628 | ---- | C] () -- D:\WINDOWS1\System32\gsrvctr.ini [2010/02/12 14:15:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS1\System32\oembios.bin [2010/02/12 14:15:00 | 001,481,728 | ---- | C] () -- D:\WINDOWS1\System32\LegitCheckControl.dll [2010/02/12 14:15:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS1\System32\mlang.dat [2010/02/12 14:15:00 | 000,465,072 | ---- | C] () -- D:\WINDOWS1\System32\perfh009.dat [2010/02/12 14:15:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS1\System32\perfi009.dat [2010/02/12 14:15:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS1\System32\dssec.dat [2010/02/12 14:15:00 | 000,078,958 | ---- | C] () -- D:\WINDOWS1\System32\perfc009.dat [2010/02/12 14:15:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS1\System32\mib.bin [2010/02/12 14:15:00 | 000,031,232 | ---- | C] () -- D:\WINDOWS1\System32\cmdow.exe [2010/02/12 14:15:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS1\System32\perfd009.dat [2010/02/12 14:15:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS1\System32\secupd.dat [2010/02/12 14:15:00 | 000,004,463 | ---- | C] () -- D:\WINDOWS1\System32\oembios.dat [2010/02/12 14:15:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS1\System32\Dcache.bin [2010/02/12 14:15:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS1\System32\noise.dat [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS1\System32\OUTLPERF.INI < End of report > OTL Extras logfile created on: 21/03/2011 2:13:04 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1,015.00 Mb Total Physical Memory | 591.00 Mb Available Physical Memory | 58.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): D:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS1 | %ProgramFiles% = D:\Program Files Drive C: | 110.07 Gb Total Space | 79.77 Gb Free Space | 72.48% Space Free | Partition Type: NTFS Drive D: | 76.24 Gb Total Space | 33.41 Gb Free Space | 43.82% Space Free | Partition Type: NTFS Computer Name: USER-72390D5B51 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hta [@ = hta_auto_file] -- "C:\WINDOWS\system32\mshta.exe" "%1" [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [openNew] -- explorer %1 (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled: