Solved Following 8 step virus removal

[montgomery1082]

Hello,

I have multiple iexplore.exe*32 running. I started the 8 step process to remove virus\malware. I have attached an image of an error I get while running step 4,the gmer program, after it runs it creates a 0 byte txt file. There are only 3 items check in the right column, the rest are grayed out. I am running Windows 7 64bit and IE8. Please let me know what I'm doing wrong.


Thank You,

 

[Broni]

Welcome aboard

GMER won't run on Win 7 64-bit. Skip it.

 

[montgomery1082]

Thank you for your quick reply, I appreciate it. Ok I ran all the other programs outline in the 8 step process. I am attaching the text file from them. Please have a look at them and let me know if everthing looks ok.


Thank You,

 

[Broni]

I have multiple iexplore.exe*32 running

With IE opened, or even, when it's closed?

Please, uninstall Registry Booster
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

========================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

• 
  Close browsers before scanning.
  Scan for tracking cookies.
  Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

• 
  Click Preferences, then click the Statistics/Logs tab.
  Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

 

[montgomery1082]

With IE opened, or even, when it's closed?

When it's closed. I will run the program you mentioned.

 

[Broni]

OK .........

 

[montgomery1082]

I had to send it as an attachment because I got an error said it had to many characters.

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[montgomery1082]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: ASUSTeK Computer INC.
System Product Name: P5N-T DELUXE
Logical Drives Mask: 0x000001fd

Kernel Drivers (total 221):
0x02C09000 \SystemRoot\system32\ntoskrnl.exe
0x031E5000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00CD1000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D15000 \SystemRoot\system32\PSHED.dll
0x00D29000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E8F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F33000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F42000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F99000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FA2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FAC000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FDF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D87000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E3F000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E46000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E56000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E70000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01028000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01052000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x0107D000 \SystemRoot\system32\DRIVERS\storport.sys
0x010DF000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010EA000 \SystemRoot\system32\drivers\fltmgr.sys
0x01136000 \SystemRoot\system32\drivers\fileinfo.sys
0x01228000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0114A000 \SystemRoot\System32\Drivers\msrpc.sys
0x013CB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014C2000 \SystemRoot\System32\Drivers\cng.sys
0x01535000 \SystemRoot\System32\drivers\pcw.sys
0x01546000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01653000 \SystemRoot\system32\drivers\ndis.sys
0x01745000 \SystemRoot\system32\drivers\NETIO.SYS
0x017A5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A22000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01B0B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01C6D000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x01DD9000 \SystemRoot\System32\Drivers\spldr.sys
0x01C00000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01B57000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C44000 \SystemRoot\System32\Drivers\mup.sys
0x01C56000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B91000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01DE1000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BCB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01550000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0157A000 \SystemRoot\system32\DRIVERS\klif.sys
0x01DF7000 \SystemRoot\System32\Drivers\Null.SYS
0x0164A000 \SystemRoot\System32\Drivers\Beep.SYS
0x015D6000 \SystemRoot\System32\drivers\vga.sys
0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01425000 \SystemRoot\System32\drivers\watchdog.sys
0x01435000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0143E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01447000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01450000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0145B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0146C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0148A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x044A1000 \SystemRoot\system32\DRIVERS\kl1.sys
0x04400000 \SystemRoot\system32\drivers\afd.sys
0x011A8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04C5A000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x04CED000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04CF6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04D1C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04D2B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04D46000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04D5A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04D64000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04D6E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04DBF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04DCB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04DD6000 \SystemRoot\System32\drivers\discache.sys
0x04C00000 \SystemRoot\System32\Drivers\dfsc.sys
0x04C1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04C2F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04DE5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x102EF000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10F81000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x050FC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05046000 \SystemRoot\system32\DRIVERS\fdc.sys
0x05053000 \SystemRoot\system32\DRIVERS\serial.sys
0x05070000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0507C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0509A000 \SystemRoot\system32\DRIVERS\L8042mou.Sys
0x050B3000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
0x050D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x050E3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x10F83000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10FD9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x050EE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x10200000 \SystemRoot\system32\drivers\ctaud2k.sys
0x102A6000 \SystemRoot\system32\drivers\portcls.sys
0x049CA000 \SystemRoot\system32\drivers\drmk.sys
0x052F5000 \SystemRoot\system32\drivers\ks.sys
0x05338000 \SystemRoot\system32\drivers\ctoss2k.sys
0x05369000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x05371000 \SystemRoot\system32\drivers\ksthunk.sys
0x05377000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x053B5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05200000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
0x05264000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x0526C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0527C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05292000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x052B6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x052C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x053D9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01497000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x015E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x051F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x053F4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x053F6000 \SystemRoot\system32\drivers\WmBEnum.sys
0x10FEA000 \SystemRoot\system32\drivers\WmXlCore.sys
0x049EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x102E3000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x05AF4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05E5B000 \SystemRoot\system32\drivers\ha20x2k.sys
0x05E00000 \SystemRoot\system32\drivers\emupia2k.sys
0x05B4E000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x05A00000 \SystemRoot\system32\drivers\ctac32k.sys
0x05FDC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05AAE000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x05B86000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x06262000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x06200000 \SystemRoot\system32\drivers\HdAudio.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x063BF000 \SystemRoot\System32\drivers\Dxapi.sys
0x063CB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x063E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x063EA000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x05FF1000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x05BBB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05E4A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05BD6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05BEF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05AC9000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05ADD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0448A000 \SystemRoot\System32\Drivers\nx6000.sys
0x017D0000 \SystemRoot\System32\Drivers\usbvideo.sys
0x01A00000 \SystemRoot\system32\drivers\usbaudio.sys
0x0224A000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0229E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x022AC000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x022B6000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x022E1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x022F4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00510000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x02302000 \SystemRoot\system32\DRIVERS\xusb21.sys
0x02315000 \SystemRoot\system32\drivers\luafv.sys
0x02338000 \SystemRoot\system32\drivers\WudfPf.sys
0x02359000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0236E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02386000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0x08CB3000 \SystemRoot\system32\drivers\HTTP.sys
0x08D7B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08D99000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08DB1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08C71000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x0C22E000 \SystemRoot\system32\drivers\peauth.sys
0x0C2D4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0C2DF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0C30C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0C31E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0C4B9000 \SystemRoot\System32\DRIVERS\srv.sys
0x0C54F000 \SystemRoot\system32\drivers\WmVirHid.sys
0x0C552000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0C55F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0C590000 \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
0x0C471000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77710000 \Windows\System32\ntdll.dll
0x47900000 \Windows\System32\smss.exe
0xFFA30000 \Windows\System32\apisetschema.dll
0xFFDB0000 \Windows\System32\autochk.exe
0xFF7C0000 \Windows\System32\iertutil.dll
0xFF770000 \Windows\System32\Wldap32.dll
0xFF690000 \Windows\System32\oleaut32.dll
0xFF670000 \Windows\System32\imagehlp.dll
0xFF540000 \Windows\System32\wininet.dll
0xFF4A0000 \Windows\System32\clbcatq.dll
0xFF450000 \Windows\System32\ws2_32.dll
0x775F0000 \Windows\System32\kernel32.dll
0xFF2D0000 \Windows\System32\urlmon.dll
0xFF2B0000 \Windows\System32\sechost.dll
0xFF1A0000 \Windows\System32\msctf.dll
0xFF120000 \Windows\System32\difxapi.dll
0xFF0B0000 \Windows\System32\gdi32.dll
0xFEFE0000 \Windows\System32\usp10.dll
0x778E0000 \Windows\System32\psapi.dll
0xFEE00000 \Windows\System32\setupapi.dll
0xFEBF0000 \Windows\System32\ole32.dll
0x774F0000 \Windows\System32\user32.dll
0xFEBC0000 \Windows\System32\imm32.dll
0xFEA90000 \Windows\System32\rpcrt4.dll
0xFEA80000 \Windows\System32\lpk.dll
0xFE9A0000 \Windows\System32\advapi32.dll
0x778D0000 \Windows\System32\normaliz.dll
0xFE900000 \Windows\System32\msvcrt.dll
0xFDB70000 \Windows\System32\shell32.dll
0xFDAD0000 \Windows\System32\comdlg32.dll
0xFDAC0000 \Windows\System32\nsi.dll
0xFDA40000 \Windows\System32\shlwapi.dll
0xFD9D0000 \Windows\System32\KernelBase.dll
0xFD990000 \Windows\System32\wintrust.dll
0xFD820000 \Windows\System32\crypt32.dll
0xFD780000 \Windows\System32\comctl32.dll
0xFD760000 \Windows\System32\devobj.dll
0xFD720000 \Windows\System32\cfgmgr32.dll
0xFD710000 \Windows\System32\msasn1.dll
0x75A30000 \Windows\SysWOW64\normaliz.dll

Processes (total 75):
0 System Idle Process
4 System
404 C:\Windows\System32\smss.exe
544 csrss.exe
928 C:\Windows\System32\wininit.exe
948 csrss.exe
988 C:\Windows\System32\services.exe
1012 C:\Windows\System32\lsass.exe
1020 C:\Windows\System32\lsm.exe
572 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\winlogon.exe
548 C:\Windows\System32\nvvsvc.exe
1016 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1292 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1332 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\svchost.exe
1472 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1524 C:\Windows\System32\nvvsvc.exe
1696 C:\Windows\System32\dwm.exe
1720 C:\Windows\explorer.exe
2028 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1888 C:\Windows\System32\spoolsv.exe
1636 C:\Windows\System32\taskhost.exe
1860 C:\Windows\System32\svchost.exe
2092 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2116 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2160 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2196 C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
2256 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2264 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2364 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2436 C:\Windows\System32\svchost.exe
2548 C:\Program Files (x86)\iRacing\iRacingService.exe
2736 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
2868 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2928 C:\Windows\System32\svchost.exe
3000 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
3064 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2644 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2840 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3308 C:\Program Files\Logitech\SetPointP\SetPoint.exe
3340 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
3352 C:\Program Files\Windows Sidebar\sidebar.exe
3376 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3416 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
3436 C:\Program Files (x86)\DeskSlide\DeskSlide.exe
3628 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
2080 C:\Windows\System32\svchost.exe
3624 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
3868 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
2864 C:\Windows\System32\SearchIndexer.exe
4300 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
4320 C:\Windows\SysWOW64\Ctxfihlp.exe
4560 C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
4700 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4712 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
4912 C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
5044 C:\Program Files\Windows Media Player\wmpnetwk.exe
4548 C:\Windows\System32\svchost.exe
4772 C:\Windows\SysWOW64\CTxfispi.exe
3492 C:\Program Files\iPod\bin\iPodService.exe
2988 WUDFHost.exe
5416 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
5804 C:\Program Files (x86)\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
5836 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
5992 C:\Windows\System32\svchost.exe
1552 C:\Windows\System32\SearchProtocolHost.exe
5908 C:\Windows\System32\SearchFilterHost.exe
5100 C:\Windows\System32\SearchProtocolHost.exe
1556 C:\Users\Lance M Soto\Desktop\MBRCheck.exe
1844 C:\Windows\System32\conhost.exe
4100 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDC WD6401AALS-00E8B, Rev: 05.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

[Broni]

Looks normal

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[montgomery1082]

OTL.txt & Extras.txt

I had to attach file there were to many characters.


Thanks for all you've been doing to help me.

 

[Broni]

You're welcome

I assume, you're running Kaspersky AV and ZA firewall, correct?

========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4 - HKLM..\Run: []  File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found
  O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
  O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
  O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
  O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
  O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
  O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O33 - MountPoints2\{11552147-60bf-11df-9e0a-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{11552147-60bf-11df-9e0a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Madden08.exe -- [2007/07/03 22:24:35 | 000,144,648 | R--- | M] (EA - Salt Lake)
  O33 - MountPoints2\{47750b8f-a107-11df-96c9-90e6ba99450a}\Shell - "" = AutoRun
  O33 - MountPoints2\{47750b8f-a107-11df-96c9-90e6ba99450a}\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
  O33 - MountPoints2\J\Shell - "" = AutoRun
  O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
  [2010/05/23 05:08:40 | 000,000,000 | ---D | C] -- C:\Users\Lance M Soto\AppData\Roaming\#ISW.FS#
  [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
  [2010/08/18 22:05:11 | 000,000,000 | ---D | M] -- C:\Users\Lance M Soto\AppData\Roaming\#ISW.FS#
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[montgomery1082]

Just running ZoneAlarm.

 

[Broni]

For both, AV and firewall?

If so, you have some Kaspersky's leftovers.
Run this to remove them: http://support.kasperskyamericas.com/knowledge-base-article/1464, before you proceed with OTL.

 

[montgomery1082]

brb going to do the java update and restart computer. I will the run the OTL program as you have instucted.

 

[Broni]

After uninstalling Kaspersky....

 

[montgomery1082]

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ deleted successfully.
c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11552147-60bf-11df-9e0a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11552147-60bf-11df-9e0a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11552147-60bf-11df-9e0a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11552147-60bf-11df-9e0a-806e6f6e6963}\ not found.
File move failed. D:\Madden08.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47750b8f-a107-11df-96c9-90e6ba99450a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47750b8f-a107-11df-96c9-90e6ba99450a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47750b8f-a107-11df-96c9-90e6ba99450a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47750b8f-a107-11df-96c9-90e6ba99450a}\ not found.
File J:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\WD SmartWare.exe not found.
C:\Users\Lance M Soto\AppData\Roaming\#ISW.FS# folder moved successfully.
C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
Folder C:\Users\Lance M Soto\AppData\Roaming\#ISW.FS#\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lance M Soto
->Temp folder emptied: 4603520 bytes
->Temporary Internet Files folder emptied: 33279228 bytes
->Java cache emptied: 2023 bytes
->Flash cache emptied: 925 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3939545 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lance M Soto
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08182010_233428

Files\Folders moved on Reboot...
File move failed. D:\Madden08.exe scheduled to be moved on reboot.
C:\Users\Lance M Soto\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lance M Soto\AppData\Local\Temp\~DFA371830A54DA44B5.TMP moved successfully.
File\Folder C:\Windows\temp\av703B.tmp not found!
C:\Windows\temp\iswift.dat moved successfully.
C:\Windows\temp\sfdb.dat moved successfully.
C:\Windows\temp\ZLT0602e.TMP moved successfully.

Registry entries deleted on Reboot...

 

[montgomery1082]

Her is the OTL that I ran after RunFix.

 

[montgomery1082]

Yes I removed the program Kaspersky's removal

 

[Broni]

I still can see some Kaspersky's files, so we'll remove them manually, but let me know first, how are the issues.

 

[montgomery1082]

Oh and yes I am running ZoneAlarm for both AV and Firewall. I have the ZoneAlarm Security Suite.

 

[Broni]

OK. How about my previous question?

 

[montgomery1082]

Everything seems to be running ok. I don't see multiple "iexplore*32" entries.

 

[montgomery1082]

I don't know how this Kaspersky program got in there. I have never even heard of it.

 

[Broni]

Very good
Let's take care of Kaspersky's leftovers....

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV:[b]64bit:[/b] - [2009/10/12 18:15:26 | 000,351,248 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
  DRV:[b]64bit:[/b] - [2009/10/12 18:15:26 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
  [2010/08/03 12:30:57 | 000,351,248 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
  [2010/08/03 12:31:00 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kl1.sys
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.