windows boots up in normal mode but freezes up shortly afterwards please help its been like it for about 2 weeks now I have tried everything i can think of, AVG is showing system is clean, below is the report from your sites malware detector.
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5400

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975

27/12/2010 01:07:53
mbam-log-2010-12-27 (01-07-53).txt

Scan type: Quick scan
Objects scanned: 149154
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_NPI (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NPI (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\npii (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\npii (Worm.KoobFace) -> Value: npii -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\admin\local settings\application data\0535049569854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\Users\admin\local settings\application data\05748541005049.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.

Welcome aboard

Please, read HERE and post all required logs.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

thank you for your quick response please find below all the information requested:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5400

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975

27/12/2010 18:13:54
mbam-log-2010-12-27 (18-13-54).txt

Scan type: Quick scan
Objects scanned: 148344
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-27 17:48:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\pwrcrpod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1748] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 76ABB37C 4 Bytes [F0, 1F, 00, 10]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74BA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74BABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74BA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74BADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74BCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74BA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1748] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 5920G
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 119):
0x8300E000 \SystemRoot\system32\ntkrnlpa.exe
0x833C7000 \SystemRoot\system32\hal.dll
0x80608000 \SystemRoot\system32\kdcom.dll
0x8060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067F000 \SystemRoot\system32\PSHED.dll
0x80690000 \SystemRoot\system32\BOOTVID.dll
0x80698000 \SystemRoot\system32\CLFS.SYS
0x806D9000 \SystemRoot\system32\CI.dll
0x83609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83692000 \SystemRoot\system32\drivers\acpi.sys
0x836D8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x836E1000 \SystemRoot\system32\drivers\msisadrv.sys
0x836E9000 \SystemRoot\system32\drivers\pci.sys
0x83710000 \SystemRoot\System32\drivers\partmgr.sys
0x8371F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x83722000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8372C000 \SystemRoot\system32\drivers\volmgr.sys
0x8373B000 \SystemRoot\System32\drivers\volmgrx.sys
0x83785000 \SystemRoot\system32\drivers\intelide.sys
0x8378C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8379A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B400000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B4C8000 \SystemRoot\system32\drivers\atapi.sys
0x8B4D0000 \SystemRoot\system32\drivers\ataport.SYS
0x8B4EE000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B520000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B530000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8B539000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B603000 \SystemRoot\system32\drivers\ndis.sys
0x8B70E000 \SystemRoot\system32\drivers\msrpc.sys
0x8B739000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B807000 \SystemRoot\System32\drivers\tcpip.sys
0x8B8F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BA02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB12000 \SystemRoot\system32\drivers\volsnap.sys
0x8BB53000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x8BB61000 \SystemRoot\System32\Drivers\USBD.SYS
0x8BB63000 \SystemRoot\System32\Drivers\mup.sys
0x8BB72000 \SystemRoot\System32\drivers\ecache.sys
0x8BB99000 \SystemRoot\system32\drivers\disk.sys
0x8BBAA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BBCB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BBD4000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8BBD9000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8BBEF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F40F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F49C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F4A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F4E5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F808000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8FB91000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8FBC0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FBD0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FBDE000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8F4F4000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8F508000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8F55A000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8F56F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FBEF000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F582000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F58D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F5BB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F5C6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBF9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F5DE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B774000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B7A3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F5E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B9D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F5F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B5AA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F400000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B9EB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B7E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B5CD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FBFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x837AA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B5EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B5DD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807B9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x837D4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B5F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F800000 \SystemRoot\System32\Drivers\Null.SYS
0x8BB4B000 \SystemRoot\System32\Drivers\Beep.SYS
0x837E5000 \SystemRoot\System32\drivers\vga.sys
0x91E01000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91E22000 \SystemRoot\System32\drivers\watchdog.sys
0x91E2E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91E36000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91E41000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91E4F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91E58000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91E6E000 \SystemRoot\system32\DRIVERS\smb.sys
0x91E82000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x91ECA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91EFC000 \SystemRoot\system32\drivers\afd.sys
0x91F44000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91F5A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91F68000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91FA4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91FAE000 \SystemRoot\System32\Drivers\dfsc.sys
0x91FC5000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8BBE2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B90C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98A40000 \SystemRoot\System32\win32k.sys
0x837F1000 \SystemRoot\System32\drivers\Dxapi.sys
0x98C50000 \SystemRoot\System32\drivers\dxg.sys
0x98C80000 \SystemRoot\System32\TSDDD.dll
0x98D00000 \SystemRoot\System32\framebuf.dll
0x9B406000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B430000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B43A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B453000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B468000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B487000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B4C0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B4D8000 \??\C:\Users\admin\AppData\Local\Temp\pwrcrpod.sys
0x77B50000 \Windows\System32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
412 C:\Windows\System32\smss.exe
568 csrss.exe
604 csrss.exe
612 C:\Windows\System32\wininit.exe
656 C:\Windows\System32\winlogon.exe
688 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
852 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1748 C:\Windows\explorer.exe
2028 C:\Program Files\Internet Explorer\iexplore.exe
1120 C:\Program Files\Internet Explorer\iexplore.exe
1668 C:\Program Files\Internet Explorer\iexplore.exe
932 C:\Users\admin\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`af600000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`7ba00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC


Found non-standard or infected MBR.





DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by admin at 17:54:25.35 on 27/12/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.2362 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\admin\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=DB757F0001CB72C70000E426& src_id=11407&camp_id=38&tb_version=2.5.15000.521
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\s wg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETAUDIO.EXE
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETRES.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 RapportKELL;RapportKELL;c:\windows\system32\driver s\RapportKELL.sys [2010-10-3 59240]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-13 179712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir .sys [2008-3-13 43008]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\pro gramdata\trusteer\rapport\store\exts\rapportcerber us\19917\RapportCerberus_19917.sys [2010-10-3 34792]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2010-7-20 61424]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-7 135664]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-20 517448]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ AVGIDSShim.sys [2010-8-19 27216]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EX E [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-27 01:01:37 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2010-12-27 01:01:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-27 01:01:30 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-27 01:01:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 01:01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-26 22:44:26 -------- d-sh--w- C:\found.000
2010-12-26 15:23:59 -------- d-----w- c:\progra~2\Electronic Arts
2010-12-26 1511 -------- d-----w- c:\program files\Microsoft WSE
2010-12-26 14:13:36 -------- d-----w- c:\program files\common files\Java(181)
2010-12-09 12:57:22 -------- d-----w- c:\users\admin\appdata\local\Onzo

==================== Find3M ====================


============= FINISH: 18:02:33.02 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 05/03/2010 02:35:49
System Uptime: 27/12/2010 16:54:20 (2 hours ago)

Motherboard: Acer, Inc. | | Chapala
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 111 GiB total, 68.17 GiB free.
D: is FIXED (NTFS) - 108 GiB total, 107.412 GiB free.
E: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass

==== System Restore Points ===================

RP229: 24/11/2010 22:58:05 - Windows Update
RP230: 09/12/2010 12:57:10 - Installed Onzo Uploader
RP231: 25/12/2010 23:53:07 - Windows Update
RP232: 25/12/2010 23:54:12 - Windows Update
RP233: 26/12/2010 13:41:14 - Windows Update
RP234: 26/12/2010 14:12:25 - Installed Java(TM) 6 Update 23
RP235: 26/12/2010 14:57:01 - Installed The Sims 3
RP236: 26/12/2010 15:59:45 - Installed The Sims 3
RP237: 26/12/2010 22:52:14 - Restore Operation
RP239: 26/12/2010 23:23:04 - Removed Far Cry 2
RP241: 26/12/2010 23:26:04 - Removed Unreal II

==== Installed Programs ======================

3Connect
3D Caveman Rocks
3MobileWiFi
Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Adobe Acrobat 4.0
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.5
Adobe Shockwave Player 11.5
Agatha Christie Death on the Nile
Alice Greenfingers
ALOT Toolbar
Amazon MP3 Downloader 1.0.9
ATI Catalyst Install Manager
AVG 2011
AVG PC Tuneup 2011
Azada
Backspin Billiards
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Broadcom Gigabit Integrated Controller
Cake Mania
Canon MP Navigator 3.1
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 3
Chuzzle
Definition update for Microsoft Office 2010 (KB982726)
Diner Dash Flo on the Go
Flip Words 2
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest Solitaire
Kick N Rush
Launch Manager
LightScribe 1.4.142.1
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
Orion
Perfect Uninstaller v6.3.3.8
PowerProducer
Rapport
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Word 2010 (KB2345000)
Skins
Synaptics Pointing Device Driver
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
Winbond CIR Drivers
Windows Live OneCare safety scanner
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

27/12/2010 1627, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
27/12/2010 1627, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
27/12/2010 1615, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/12/2010 1608, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
27/12/2010 1607, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/12/2010 16:55:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/12/2010 16:55:54, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001F3C2B5553 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
27/12/2010 16:55:51, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
27/12/2010 00:50:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 NPI spldr Wanarpv6
27/12/2010 00:44:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NPI
27/12/2010 00:44:19, Error: Service Control Manager [7023] - The npii service terminated with the following error: The specified module could not be found.
27/12/2010 00:44:19, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
26/12/2010 23:39:39, Error: EventLog [6008] - The previous system shutdown at 23:31:05 on 26/12/2010 was unexpected.
26/12/2010 22:48:16, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
26/12/2010 22:47:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
26/12/2010 22:47:47, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/12/2010 22:47:46, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
26/12/2010 22:47:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26/12/2010 22:47:36, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
26/12/2010 22:47:16, Error: EventLog [6008] - The previous system shutdown at 22:33:58 on 26/12/2010 was unexpected.
26/12/2010 22:03:40, Error: EventLog [6008] - The previous system shutdown at 21:55:39 on 26/12/2010 was unexpected.
26/12/2010 18:54:56, Error: EventLog [6008] - The previous system shutdown at 18:37:42 on 26/12/2010 was unexpected.
26/12/2010 18:30:42, Error: EventLog [6008] - The previous system shutdown at 18:25:03 on 26/12/2010 was unexpected.
26/12/2010 16:36:25, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
26/12/2010 13:37:12, Error: EventLog [6008] - The previous system shutdown at 13:14:46 on 26/12/2010 was unexpected.
26/12/2010 12:54:14, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001F3C2B5553 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
26/12/2010 12:53:45, Error: EventLog [6008] - The previous system shutdown at 23:58:57 on 25/12/2010 was unexpected.
25/12/2010 23:36:12, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
25/12/2010 23:36:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
25/12/2010 23:35:29, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
25/12/2010 23:35:29, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/12/2010 23:27:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
22/12/2010 17:43:38, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2010 17:41:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt NPI nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2010 17:41:45, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2010 17:40:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
22/12/2010 17:40:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
20/12/2010 20:10:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
20/12/2010 11:30:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
20/12/2010 10:25:27, Error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

We have to double check this:

Found non-standard or infected MBR.

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: 7-Zip
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

Bootkit Remover
(c) 2009 eSage Lab
eSage Lab - Digital security research and consulting - Main

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`af600000
Boot sector MD5 is: dc220266e2471b59f5999b434294b525

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

Yeah, we have to fix your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

I like the fact the mbr now recognised although i'm on vista not xp haha, is it safe to boot windows properly now?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 5920G
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 118):
0x8303C000 \SystemRoot\system32\ntkrnlpa.exe
0x83009000 \SystemRoot\system32\hal.dll
0x8060A000 \SystemRoot\system32\kdcom.dll
0x80611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80681000 \SystemRoot\system32\PSHED.dll
0x80692000 \SystemRoot\system32\BOOTVID.dll
0x8069A000 \SystemRoot\system32\CLFS.SYS
0x806DB000 \SystemRoot\system32\CI.dll
0x83607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83690000 \SystemRoot\system32\drivers\acpi.sys
0x836D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x836DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x836E7000 \SystemRoot\system32\drivers\pci.sys
0x8370E000 \SystemRoot\System32\drivers\partmgr.sys
0x8371D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x83720000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8372A000 \SystemRoot\system32\drivers\volmgr.sys
0x83739000 \SystemRoot\System32\drivers\volmgrx.sys
0x83783000 \SystemRoot\system32\drivers\intelide.sys
0x8378A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x83798000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B403000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B4CB000 \SystemRoot\system32\drivers\atapi.sys
0x8B4D3000 \SystemRoot\system32\drivers\ataport.SYS
0x8B4F1000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B523000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B533000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8B53C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B60E000 \SystemRoot\system32\drivers\ndis.sys
0x8B719000 \SystemRoot\system32\drivers\msrpc.sys
0x8B744000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B80C000 \SystemRoot\System32\drivers\tcpip.sys
0x8B8F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BA0A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB1A000 \SystemRoot\system32\drivers\volsnap.sys
0x8BB5B000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x8BB69000 \SystemRoot\System32\Drivers\USBD.SYS
0x8BB6B000 \SystemRoot\System32\Drivers\mup.sys
0x8BB7A000 \SystemRoot\System32\drivers\ecache.sys
0x8BBA1000 \SystemRoot\system32\drivers\disk.sys
0x8BBB2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BBD3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BBDC000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8BBE1000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8B9D9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F208000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F295000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F2A0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F2DE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F401000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F78A000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8F7B9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F7C9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F7D7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8F7E8000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8F2ED000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8F33F000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8F354000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F367000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F371000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F37C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F3AA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F3B5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F7FC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F3CD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B77F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B7AE000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F3D6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F3E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B9E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B5AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B9EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B5D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B5E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B7EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F7FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x837A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B600000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807BB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x837D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BBF7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F3F8000 \SystemRoot\System32\Drivers\Null.SYS
0x8F200000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B800000 \SystemRoot\System32\drivers\vga.sys
0x91E0C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91E2D000 \SystemRoot\System32\drivers\watchdog.sys
0x91E39000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91E41000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91E4C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91E5A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91E63000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91E79000 \SystemRoot\system32\DRIVERS\smb.sys
0x91E8D000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x91ED5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91F07000 \SystemRoot\system32\drivers\afd.sys
0x91F4F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91F65000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91F73000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91FAF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91FB9000 \SystemRoot\System32\Drivers\dfsc.sys
0x91FD0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B911000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81490000 \SystemRoot\System32\win32k.sys
0x91FDD000 \SystemRoot\System32\drivers\Dxapi.sys
0x816A0000 \SystemRoot\System32\drivers\dxg.sys
0x816D0000 \SystemRoot\System32\TSDDD.dll
0x81750000 \SystemRoot\System32\framebuf.dll
0x9680E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96838000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x96842000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9685B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x96870000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9688F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x968C8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x968E0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76E70000 \Windows\System32\ntdll.dll

Processes (total 21):
0 System Idle Process
4 System
412 C:\Windows\System32\smss.exe
568 csrss.exe
604 csrss.exe
612 C:\Windows\System32\wininit.exe
656 C:\Windows\System32\winlogon.exe
688 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
852 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\svchost.exe
452 C:\Windows\explorer.exe
840 C:\Users\admin\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`af600000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`7ba00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Yes, Vista has very same MBR as XP.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

had to delete avg which is the best to put back on?

ComboFix 10-12-26.01 - admin 28/12/2010 23:59:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1897 [GMT 0:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ipconfig.txt
c:\users\admin\AppData\Roaming\.#
c:\users\admin\AppData\Roaming\.#\MBX@1080@1B02990 .###
c:\users\admin\AppData\Roaming\.#\MBX@1080@1B029C0 .###
c:\users\admin\AppData\Roaming\.#\MBX@1080@1B029F0 .###
c:\users\admin\AppData\Roaming\.#\MBX@1150@1852990 .###
c:\users\admin\AppData\Roaming\.#\MBX@1150@18529C0 .###
c:\users\admin\AppData\Roaming\.#\MBX@1150@18529F0 .###
c:\users\admin\AppData\Roaming\.#\MBX@1360@1842990 .###
c:\users\admin\AppData\Roaming\.#\MBX@1360@18429C0 .###
c:\users\admin\AppData\Roaming\.#\MBX@1360@18429F0 .###
c:\users\admin\AppData\Roaming\.#\MBX@13E0@242990. ###
c:\users\admin\AppData\Roaming\.#\MBX@13E0@2429C0. ###
c:\users\admin\AppData\Roaming\.#\MBX@13E0@2429F0. ###
c:\users\admin\AppData\Roaming\.#\MBX@1464@1C12990 .###
c:\users\admin\AppData\Roaming\.#\MBX@1464@1C129C0 .###
c:\users\admin\AppData\Roaming\.#\MBX@1464@1C129F0 .###
c:\users\admin\AppData\Roaming\.#\MBX@1490@182990. ###
c:\users\admin\AppData\Roaming\.#\MBX@1490@1829C0. ###
c:\users\admin\AppData\Roaming\.#\MBX@1490@1829F0. ###
c:\users\admin\AppData\Roaming\.#\MBX@16D0@682990. ###
c:\users\admin\AppData\Roaming\.#\MBX@16D0@6829C0. ###
c:\users\admin\AppData\Roaming\.#\MBX@16D0@6829F0. ###
c:\users\admin\AppData\Roaming\.#\MBX@1768@16D2990 .###
c:\users\admin\AppData\Roaming\.#\MBX@1768@16D29C0 .###
c:\users\admin\AppData\Roaming\.#\MBX@1768@16D29F0 .###
c:\users\admin\AppData\Roaming\.#\MBX@17B4@18B2990 .###
c:\users\admin\AppData\Roaming\.#\MBX@17B4@18B29C0 .###
c:\users\admin\AppData\Roaming\.#\MBX@17B4@18B29F0 .###
c:\users\admin\AppData\Roaming\.#\MBX@26B8@1BE2990 .###
c:\users\admin\AppData\Roaming\.#\MBX@26B8@1BE29C0 .###
c:\users\admin\AppData\Roaming\.#\MBX@26B8@1BE29F0 .###
c:\users\admin\AppData\Roaming\.#\MBX@6A4@1C12990. ###
c:\users\admin\AppData\Roaming\.#\MBX@6A4@1C129C0. ###
c:\users\admin\AppData\Roaming\.#\MBX@6A4@1C129F0. ###
c:\users\admin\AppData\Roaming\.#\MBX@9E4@1812990. ###
c:\users\admin\AppData\Roaming\.#\MBX@9E4@18129C0. ###
c:\users\admin\AppData\Roaming\.#\MBX@9E4@18129F0. ###
c:\users\admin\AppData\Roaming\.#\MBX@A58@1CD2990. ###
c:\users\admin\AppData\Roaming\.#\MBX@A58@1CD29C0. ###
c:\users\admin\AppData\Roaming\.#\MBX@A58@1CD29F0. ###

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-28 23:57 . 2010-12-28 23:58 -------- d-----w- C:\32788R22FWJFW
2010-12-28 12:11 . 2010-12-28 12:11 -------- d-----w- c:\program files\7-Zip
2010-12-27 01:01 . 2010-12-27 01:01 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2010-12-27 01:01 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-27 01:01 . 2010-12-27 01:01 -------- d-----w- c:\programdata\Malwarebytes
2010-12-27 01:01 . 2010-12-27 01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-27 01:01 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 23:20 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-26 23:20 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-26 23:20 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-26 23:16 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-26 23:16 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-26 23:16 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-26 23:16 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-26 23:16 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-26 23:16 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-26 23:16 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-26 23:16 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-26 23:15 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-26 23:15 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-26 23:15 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-26 23:14 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-26 23:14 . 2010-11-02 06:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-26 23:14 . 2010-11-02 05:57 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2010-12-26 23:11 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-26 22:44 . 2010-12-26 22:44 -------- d-----w- C:\found.000
2010-12-26 15:23 . 2010-12-26 15:23 -------- d-----w- c:\programdata\Electronic Arts
2010-12-26 15:21 . 2010-12-27 06:25 -------- d-----w- c:\program files\Microsoft WSE
2010-12-26 14:57 . 2010-12-27 06:25 -------- d-----w- c:\program files\Electronic Arts
2010-12-26 14:13 . 2010-12-27 06:25 -------- d-----w- c:\program files\Common Files\Java(181)
2010-12-09 12:57 . 2010-12-09 12:57 -------- d-----w- c:\users\admin\AppData\Local\Onzo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-03-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-02-18 200704]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-13 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Driver s\RapportKELL.sys [2010-10-03 59240]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\pro gramdata\Trusteer\Rapport\store\exts\RapportCerber us\19917\RapportCerberus_19917.sys [2010-10-03 34792]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-02-18 61424]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir .sys [2008-01-24 43008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 13:02]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 13:02]

2010-12-28 c:\windows\Tasks\User_Feed_Synchronization-{9F87B096-595B-480D-A557-A6592CEECFD2}.job
- c:\windows\system32\msfeedssync.exe [2010-12-26 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=DB757F0001CB72C70000E426& src_id=11407&camp_id=38&tb_version=2.5.15000.521
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-klmdb.sys
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-29 00:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-997742865-2075626030-3397469362-1000\Software\SecuROM\License information*]
"datasecu"=hex:66,31,75,28,c0,09,1c,99,c9,3f,ca,70 ,d4,cc,40,c2,b2,05,6d,6e,1f,
83,bf,15,ad,45,35,5a,6e,dc,82,dc,5e,84,40,71,ed,f7 ,be,36,e1,04,cf,31,3f,6a,\
"rkeysecu"=hex:37,8e,78,58,8a,71,75,af,e1,9b,aa,35 ,1d,b6,2a,84

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-29 00:06:21
ComboFix-quarantined-files.txt 2010-12-29 00:06

Pre-Run: 66,210,222,080 bytes free
Post-Run: 66,343,333,888 bytes free

- - End Of File - - 40EF37C6F7CC7783D0C456E3C76FA697

I can see, you're able to restart in normal mode, correct?

Instead of AVG, install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: Avira AntiVir Personal - Free Antivirus

Combofix log looks good now.
How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.