Malware/adware slowing computer

Solved
By gooodjunkk
Aug 17, 2010
Topic Status:
Not open for further replies.
  1. Hi,

    This forum recently helped me clean up my own computer. Now I am hoping you can do the same for my roommate's machine.

    She complains about adware & that the computer is slower than it used to be & seems to keep getting slower. The computer is only about a year old, but her son & several of his & her friends use it all the time while she is gone at work.

    The logs from the 8 steps are attached (they are all too long to copy & paste).

    It looks like Malwarebytes found & cleaned quite a few files. When we ran GMER, a message came up that said something about the windows system file being in use by another application (I know I should have written it down, but I assumed it would show up in the log). After the scan completed, there was a message that said nothing was found & the log was completely blank. Ran it in safe mode with the same results.

    Can someone please take a look at the logs & let me know if it is safe to assume the computer is now clean.

    Thank you

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    GMER won't run on Windows 7 64-bit. That's why, you're having problems.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):

    • Close browsers before scanning.
      Scan for tracking cookies.
      Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
      Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
  3. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    Will do... thank you
  4. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    Sure thing :)
  5. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    Ok, here are the logs (had to attach the Superantispayware log) :)

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: Compaq-Presario
    System Product Name: AU884AA-ABA CQ5205Y
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 152):
    0x02A11000 \SystemRoot\system32\ntoskrnl.exe
    0x02FED000 \SystemRoot\system32\hal.dll
    0x00BD2000 \SystemRoot\system32\kdcom.dll
    0x00C96000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CA3000 \SystemRoot\system32\PSHED.dll
    0x00CB7000 \SystemRoot\system32\CLFS.SYS
    0x00D15000 \SystemRoot\system32\CI.dll
    0x00E16000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EBA000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EC9000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F20000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F29000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F33000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F66000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F73000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F88000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F9D000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00DD5000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x010D1000 \SystemRoot\system32\DRIVERS\storport.sys
    0x01133000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x0113E000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0118A000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01237000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0119E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013DA000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01000000 \SystemRoot\System32\Drivers\cng.sys
    0x01200000 \SystemRoot\System32\drivers\pcw.sys
    0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014DB000 \SystemRoot\system32\drivers\ndis.sys
    0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01602000 \SystemRoot\System32\drivers\tcpip.sys
    0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x015CD000 \SystemRoot\System32\Drivers\spldr.sys
    0x00C3E000 \SystemRoot\System32\drivers\rdyboost.sys
    0x015D5000 \SystemRoot\System32\Drivers\mup.sys
    0x015E7000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x018AA000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x018E4000 \SystemRoot\system32\DRIVERS\disk.sys
    0x018FA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01993000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x019BD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x019EA000 \SystemRoot\System32\Drivers\Null.SYS
    0x019F3000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01800000 \SystemRoot\System32\drivers\vga.sys
    0x0180E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01833000 \SystemRoot\System32\drivers\watchdog.sys
    0x01843000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x0184C000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01855000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x0185E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01869000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0187A000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01898000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02CAE000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x02CFF000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02D44000 \SystemRoot\system32\drivers\afd.sys
    0x02DCE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02DD7000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02C16000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02C25000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02C40000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02C54000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x015F0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0121B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x01226000 \SystemRoot\System32\drivers\discache.sys
    0x00C78000 \SystemRoot\System32\Drivers\dfsc.sys
    0x010BF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02CA5000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x03A00000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x03A47000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03A6D000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x03A84000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03A8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03AE5000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03AF6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03B1A000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
    0x036A7000 \SystemRoot\system32\DRIVERS\agrsm64.sys
    0x037D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x037DA000 \SystemRoot\system32\drivers\modem.sys
    0x04851000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x0534F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03E43000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03F37000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03F7D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03F8D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03FA3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03FC7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03FD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x05351000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x05372000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03FEE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03E2F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x03E3E000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0538C000 \SystemRoot\system32\DRIVERS\ks.sys
    0x053CF000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03600000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x053E1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04015000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04800000 \SystemRoot\system32\drivers\portcls.sys
    0x0365A000 \SystemRoot\system32\drivers\drmk.sys
    0x041F6000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0367C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x04000000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x0483D000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x03699000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x053F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x03B6C000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x037E9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x03BAA000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x03BBA000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x03BE2000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x03BEC000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x0192A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x01943000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0194C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x01959000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x000B0000 \SystemRoot\System32\win32k.sys
    0x01967000 \SystemRoot\System32\drivers\Dxapi.sys
    0x01973000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00430000 \SystemRoot\System32\TSDDD.dll
    0x00840000 \SystemRoot\System32\ATMFD.DLL
    0x02232000 \SystemRoot\system32\drivers\luafv.sys
    0x02255000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02276000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0228B000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x022DE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x022F1000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02309000 \SystemRoot\system32\drivers\HTTP.sys
    0x023D1000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02200000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x032B5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x032E2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x03330000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x03353000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0x03200000 \SystemRoot\system32\drivers\peauth.sys
    0x032A6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x03363000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x03390000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x046EF000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x04758000 \SystemRoot\System32\DRIVERS\srv.sys
    0x04671000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x007C0000 \SystemRoot\System32\cdd.dll
    0x04600000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77C20000 \Windows\System32\ntdll.dll
    0x478E0000 \Windows\System32\smss.exe
    0xFFF40000 \Windows\System32\apisetschema.dll
    0xFF580000 \Windows\System32\autochk.exe

    Processes (total 68):
    0 System Idle Process
    4 System
    276 C:\Windows\System32\smss.exe
    420 csrss.exe
    476 C:\Windows\System32\wininit.exe
    488 csrss.exe
    500 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    508 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    576 C:\Windows\System32\services.exe
    584 C:\Windows\System32\lsass.exe
    592 C:\Windows\System32\lsm.exe
    628 C:\Windows\System32\winlogon.exe
    684 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    800 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\nvvsvc.exe
    1012 C:\Windows\System32\svchost.exe
    396 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    960 C:\Windows\System32\svchost.exe
    1092 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\svchost.exe
    1356 C:\Windows\System32\nvvsvc.exe
    1404 C:\Windows\System32\svchost.exe
    1644 C:\Windows\System32\spoolsv.exe
    1680 C:\Windows\System32\svchost.exe
    1868 C:\Program Files\LSI SoftModem\agr64svc.exe
    1908 C:\Windows\System32\svchost.exe
    1928 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    1312 C:\Windows\SysWOW64\svchost.exe
    1508 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1936 C:\Windows\System32\svchost.exe
    1968 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\TCPSVCS.EXE
    2100 C:\Windows\System32\svchost.exe
    2168 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2516 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    2556 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2720 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    2996 C:\Windows\System32\svchost.exe
    2624 C:\Windows\System32\svchost.exe
    236 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    2416 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1420 C:\Windows\System32\SearchIndexer.exe
    1040 C:\Windows\System32\taskhost.exe
    1996 C:\Windows\System32\dwm.exe
    3116 C:\Windows\System32\taskeng.exe
    3196 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
    3312 C:\Program Files\Microsoft Security Essentials\msseces.exe
    3324 C:\Program Files (x86)\NetZero\exec.exe
    3400 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    3524 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    3532 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    3552 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    3212 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
    3360 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
    3848 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
    3768 C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
    4252 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
    4684 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    4732 C:\Windows\System32\wuauclt.exe
    4368 C:\Program Files (x86)\NetZero\exec.exe
    1496 C:\Windows\System32\taskeng.exe
    4016 C:\Windows\explorer.exe
    4912 C:\Windows\System32\SearchProtocolHost.exe
    4304 C:\Windows\System32\SearchFilterHost.exe
    4296 C:\Users\Candi\Desktop\Tech\MBRCheck.exe
    4192 C:\Windows\System32\conhost.exe
    4780 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`7ed00000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDT721025SLA, Rev: STBO

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 4BF8A4AD5A1A85883A5CCF3E16D780BF57E5FE81


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    Run MBRCheck again.

    When it's done you'll see the following line:
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Pres the Y key and then press Enter

    When the program asks you to Enter your choice, enter 2 and press the Enter key.

    Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
    Enter 0 (zero) and press the Enter key.

    Next the program will show Available MBR codes:, followed by a list of operating systems.
    Please enter 5 for Windows 7, and then press Enter.

    Next the program will prompt for confirmation.
    Type YES and hit Enter.

    When it's done there should be a text file with the results on your desktop.
    Please copy and paste it back here.

    Then reboot, run MBRCheck again and post new log.
  7. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    Ran MBR & followed the steps in your last post. After I confirmed by typing YES & pressing ENTER, the program seemed to work for a few minutes then the system froze. That was about 13 minutes ago & it's still frozen. Is this normal?
  8. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    No. Restart manually and try again.
    If still no go, we'll use different way to do it.
  9. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    It worked this time. See reports below.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: Compaq-Presario
    System Product Name: AU884AA-ABA CQ5205Y
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 186):
    0x02A67000 \SystemRoot\system32\ntoskrnl.exe
    0x02A1E000 \SystemRoot\system32\hal.dll
    0x00BBA000 \SystemRoot\system32\kdcom.dll
    0x00CB7000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CC4000 \SystemRoot\system32\PSHED.dll
    0x00CD8000 \SystemRoot\system32\CLFS.SYS
    0x00D36000 \SystemRoot\system32\CI.dll
    0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E5E000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00EB5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00EBE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00EC8000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00EFB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F08000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F1D000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F32000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00F8E000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FA8000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x01047000 \SystemRoot\system32\DRIVERS\storport.sys
    0x010A9000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x010B4000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01100000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01211000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01114000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013B4000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01172000 \SystemRoot\System32\Drivers\cng.sys
    0x013CE000 \SystemRoot\System32\drivers\pcw.sys
    0x013DF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0147C000 \SystemRoot\system32\drivers\ndis.sys
    0x0156E000 \SystemRoot\system32\drivers\NETIO.SYS
    0x015CE000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01601000 \SystemRoot\System32\drivers\tcpip.sys
    0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0144A000 \SystemRoot\System32\Drivers\spldr.sys
    0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01452000 \SystemRoot\System32\Drivers\mup.sys
    0x01464000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01832000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x0186C000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01882000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x0191B000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01945000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x01972000 \SystemRoot\System32\Drivers\Null.SYS
    0x0197B000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01982000 \SystemRoot\System32\drivers\vga.sys
    0x01990000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x019B5000 \SystemRoot\System32\drivers\watchdog.sys
    0x019C5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x019CE000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x019D7000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x019E0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x019EB000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0181E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02C1F000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x02C70000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02CB5000 \SystemRoot\system32\drivers\afd.sys
    0x02D3F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02D48000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02D6E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02D84000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02D93000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02DAE000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02DC2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x02DCC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x036C0000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03711000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0371D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03728000 \SystemRoot\System32\drivers\discache.sys
    0x03737000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03755000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03766000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x0376E000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x037B5000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x037DB000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x037F2000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03656000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03667000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03C6D000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
    0x03CBF000 \SystemRoot\system32\DRIVERS\agrsm64.sys
    0x03DF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03C00000 \SystemRoot\system32\drivers\modem.sys
    0x0484F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x0534D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03EC3000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03FB7000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03E10000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03E26000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03E4A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03E56000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03E85000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03EA0000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0534F000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x05369000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05378000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x03EC1000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x05387000 \SystemRoot\system32\DRIVERS\ks.sys
    0x053CA000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03C0F000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x053DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04010000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04800000 \SystemRoot\system32\drivers\portcls.sys
    0x0368B000 \SystemRoot\system32\drivers\drmk.sys
    0x041F1000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04000000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0483D000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x018B2000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x036AD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x000E0000 \SystemRoot\System32\win32k.sys
    0x053F1000 \SystemRoot\System32\drivers\Dxapi.sys
    0x03DF2000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00570000 \SystemRoot\System32\TSDDD.dll
    0x02DD6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x02C11000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x018F0000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x0204D000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x02075000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x00790000 \SystemRoot\System32\cdd.dll
    0x0207F000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x0208D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x020A6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x020AF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x020BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x00970000 \SystemRoot\System32\ATMFD.DLL
    0x020CA000 \SystemRoot\system32\drivers\luafv.sys
    0x020ED000 \SystemRoot\system32\drivers\WudfPf.sys
    0x0210E000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02123000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02176000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02189000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0323A000 \SystemRoot\system32\drivers\HTTP.sys
    0x03302000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x03320000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03338000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03365000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x033B3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x05408000 \SystemRoot\system32\drivers\peauth.sys
    0x054AE000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x054B9000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x054E6000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x054F8000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x05561000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77430000 \Windows\System32\ntdll.dll
    0x48070000 \Windows\System32\smss.exe
    0xFF750000 \Windows\System32\apisetschema.dll
    0xFFE10000 \Windows\System32\autochk.exe
    0xFF6F0000 \Windows\System32\Wldap32.dll
    0xFF5E0000 \Windows\System32\msctf.dll
    0xFF590000 \Windows\System32\ws2_32.dll
    0xFF570000 \Windows\System32\imagehlp.dll
    0xFF550000 \Windows\System32\sechost.dll
    0xFF4B0000 \Windows\System32\clbcatq.dll
    0xFF380000 \Windows\System32\rpcrt4.dll
    0x77600000 \Windows\System32\normaliz.dll
    0xFF2A0000 \Windows\System32\advapi32.dll
    0xFF040000 \Windows\System32\iertutil.dll
    0x77310000 \Windows\System32\kernel32.dll
    0xFEFA0000 \Windows\System32\msvcrt.dll
    0x77210000 \Windows\System32\user32.dll
    0xFEF20000 \Windows\System32\shlwapi.dll
    0xFED10000 \Windows\System32\ole32.dll
    0xFEB30000 \Windows\System32\setupapi.dll
    0xFEA90000 \Windows\System32\comdlg32.dll
    0xFDD00000 \Windows\System32\shell32.dll
    0x775F0000 \Windows\System32\psapi.dll
    0xFDC20000 \Windows\System32\oleaut32.dll
    0xFDC10000 \Windows\System32\lpk.dll
    0xFDC00000 \Windows\System32\nsi.dll
    0xFDB80000 \Windows\System32\difxapi.dll
    0xFDA50000 \Windows\System32\wininet.dll
    0xFD980000 \Windows\System32\usp10.dll
    0xFD950000 \Windows\System32\imm32.dll
    0xFD7D0000 \Windows\System32\urlmon.dll
    0xFD760000 \Windows\System32\gdi32.dll
    0xFD5F0000 \Windows\System32\crypt32.dll
    0xFD5B0000 \Windows\System32\wintrust.dll
    0xFD570000 \Windows\System32\cfgmgr32.dll
    0xFD500000 \Windows\System32\KernelBase.dll
    0xFD4E0000 \Windows\System32\devobj.dll
    0xFD440000 \Windows\System32\comctl32.dll
    0xFD430000 \Windows\System32\msasn1.dll

    Processes (total 64):
    0 System Idle Process
    4 System
    276 C:\Windows\System32\smss.exe
    420 csrss.exe
    476 C:\Windows\System32\wininit.exe
    484 csrss.exe
    496 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    512 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    608 C:\Windows\System32\services.exe
    616 C:\Windows\System32\lsass.exe
    624 C:\Windows\System32\lsm.exe
    636 C:\Windows\System32\winlogon.exe
    688 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    924 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\nvvsvc.exe
    1012 C:\Windows\System32\svchost.exe
    328 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    332 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\svchost.exe
    1448 C:\Windows\System32\nvvsvc.exe
    1512 C:\Windows\System32\svchost.exe
    1648 C:\Windows\System32\spoolsv.exe
    1724 C:\Windows\System32\svchost.exe
    1884 C:\Windows\System32\taskhost.exe
    2024 C:\Windows\System32\dwm.exe
    712 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1316 C:\Program Files\LSI SoftModem\agr64svc.exe
    1436 C:\Windows\System32\svchost.exe
    1456 C:\Windows\explorer.exe
    1532 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    2136 C:\Windows\SysWOW64\svchost.exe
    2188 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2244 C:\Windows\System32\svchost.exe
    2364 C:\Program Files\Microsoft Security Essentials\msseces.exe
    2392 C:\Windows\System32\svchost.exe
    2432 C:\Program Files (x86)\NetZero\exec.exe
    2548 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    2572 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    2608 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    2620 C:\Windows\System32\TCPSVCS.EXE
    2640 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    2696 C:\Windows\System32\svchost.exe
    2800 C:\Windows\System32\svchost.exe
    2872 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2924 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    3032 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    776 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    3380 C:\Windows\System32\taskeng.exe
    3460 C:\Windows\System32\SearchIndexer.exe
    3700 C:\Windows\System32\svchost.exe
    3732 C:\Program Files (x86)\NetZero\exec.exe
    3792 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\taskeng.exe
    2196 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
    3868 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
    3720 C:\Windows\System32\SearchProtocolHost.exe
    3960 C:\Windows\System32\SearchFilterHost.exe
    2648 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
    3156 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
    4448 C:\Users\Candi\Desktop\Tech\MBRCheck.exe
    4460 C:\Windows\System32\conhost.exe
    4492 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`7ed00000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDT721025SLA, Rev: STBO

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 4BF8A4AD5A1A85883A5CCF3E16D780BF57E5FE81


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows 7)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 5
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
    Wrote new MBR code with API! Fix may not be successful.
    Please reboot your computer to complete the fix.


    Done!
  10. Broni

    Broni Malware Annihilator Posts: 46,181   +251

  11. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    I thought I attached the second log. Sorry, posted it below.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: Compaq-Presario
    System Product Name: AU884AA-ABA CQ5205Y
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 151):
    0x02A4D000 \SystemRoot\system32\ntoskrnl.exe
    0x02A04000 \SystemRoot\system32\hal.dll
    0x00BD1000 \SystemRoot\system32\kdcom.dll
    0x00CF4000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00D01000 \SystemRoot\system32\PSHED.dll
    0x00D15000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00EEF000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F93000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00FA2000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E13000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E46000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E68000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E7D000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00D73000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x0106A000 \SystemRoot\system32\DRIVERS\storport.sys
    0x010CC000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x010D7000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01123000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01248000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01137000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01468000 \SystemRoot\System32\Drivers\cng.sys
    0x014DB000 \SystemRoot\System32\drivers\pcw.sys
    0x014EC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014F6000 \SystemRoot\system32\drivers\ndis.sys
    0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0121A000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01600000 \SystemRoot\System32\drivers\tcpip.sys
    0x01195000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01460000 \SystemRoot\System32\Drivers\spldr.sys
    0x00DB1000 \SystemRoot\System32\drivers\rdyboost.sys
    0x015E8000 \SystemRoot\System32\Drivers\mup.sys
    0x013EB000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01885000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x018BF000 \SystemRoot\system32\DRIVERS\disk.sys
    0x018D5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x0196E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01998000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x019C5000 \SystemRoot\System32\Drivers\Null.SYS
    0x019CE000 \SystemRoot\System32\Drivers\Beep.SYS
    0x019D5000 \SystemRoot\System32\drivers\vga.sys
    0x01800000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01825000 \SystemRoot\System32\drivers\watchdog.sys
    0x01835000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x0183E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01847000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01850000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0185B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0104C000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0186C000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02C80000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x02CD1000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02D16000 \SystemRoot\system32\drivers\afd.sys
    0x02DA0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02DA9000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02DCF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02DE5000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02C1B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02C2F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x02C39000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x03A8F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03AE0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03AEC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03AF7000 \SystemRoot\System32\drivers\discache.sys
    0x03B06000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03B24000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03B35000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x03B3D000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x03B84000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03BAA000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x03BC1000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03A56000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03A67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x036F6000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
    0x0400E000 \SystemRoot\system32\DRIVERS\agrsm64.sys
    0x0413F000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04141000 \SystemRoot\system32\drivers\modem.sys
    0x04851000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x0534F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03600000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05351000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x05397000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x053A7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x053BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x053E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0482F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04150000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04171000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x053ED000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0418B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x053FC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0419A000 \SystemRoot\system32\DRIVERS\ks.sys
    0x041DD000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03748000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x037A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x03E1B000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x037B7000 \SystemRoot\system32\drivers\portcls.sys
    0x03BCC000 \SystemRoot\system32\drivers\drmk.sys
    0x03E00000 \SystemRoot\system32\drivers\ksthunk.sys
    0x03E06000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x041EF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x01905000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x02C43000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x02C56000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x03BEE000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x04000000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x01943000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x04477000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x0449F000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x044A9000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x044B7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x044D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x044D9000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x044E6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x00000000 \SystemRoot\System32\win32k.sys
    0x044F4000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04500000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00530000 \SystemRoot\System32\TSDDD.dll
    0x006B0000 \SystemRoot\System32\cdd.dll
    0x008D0000 \SystemRoot\System32\ATMFD.DLL
    0x0450E000 \SystemRoot\system32\drivers\luafv.sys
    0x04531000 \SystemRoot\system32\drivers\WudfPf.sys
    0x04552000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04567000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x045BA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x045CD000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x038FA000 \SystemRoot\system32\drivers\HTTP.sys
    0x039C2000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x039E0000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0382D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0387B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x05484000 \SystemRoot\system32\drivers\peauth.sys
    0x0552A000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x05535000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x05562000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x05574000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x05A5E000 \SystemRoot\System32\DRIVERS\srv.sys
    0x76E80000 \Windows\System32\ntdll.dll
    0x47950000 \Windows\System32\smss.exe
    0xFF1A0000 \Windows\System32\apisetschema.dll
    0xFFEE0000 \Windows\System32\autochk.exe

    Processes (total 65):
    0 System Idle Process
    4 System
    276 C:\Windows\System32\smss.exe
    420 csrss.exe
    476 C:\Windows\System32\wininit.exe
    488 csrss.exe
    500 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    508 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    580 C:\Windows\System32\services.exe
    588 C:\Windows\System32\lsass.exe
    596 C:\Windows\System32\lsm.exe
    628 C:\Windows\System32\winlogon.exe
    692 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    932 C:\Windows\System32\svchost.exe
    428 C:\Windows\System32\nvvsvc.exe
    412 C:\Windows\System32\svchost.exe
    708 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    1144 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\svchost.exe
    1280 C:\Windows\System32\svchost.exe
    1368 C:\Windows\System32\svchost.exe
    1440 C:\Windows\System32\nvvsvc.exe
    1524 C:\Windows\System32\svchost.exe
    1748 C:\Windows\System32\spoolsv.exe
    1784 C:\Windows\System32\svchost.exe
    1876 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1912 C:\Program Files\LSI SoftModem\agr64svc.exe
    1932 C:\Windows\System32\svchost.exe
    1952 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    1316 C:\Windows\SysWOW64\svchost.exe
    1420 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1548 C:\Windows\System32\svchost.exe
    1716 C:\Windows\System32\svchost.exe
    1852 C:\Windows\System32\TCPSVCS.EXE
    2080 C:\Windows\System32\svchost.exe
    2148 C:\Windows\System32\svchost.exe
    2228 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2360 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    2396 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2868 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    2928 C:\Windows\System32\taskhost.exe
    3028 C:\Windows\System32\dwm.exe
    3068 C:\Windows\explorer.exe
    2472 C:\Windows\System32\rundll32.exe
    2860 C:\Windows\System32\svchost.exe
    3160 C:\Windows\System32\svchost.exe
    3168 C:\Program Files\Microsoft Security Essentials\msseces.exe
    3268 C:\Program Files (x86)\NetZero\exec.exe
    3412 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    3436 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    3456 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    3472 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    3512 C:\Windows\System32\taskeng.exe
    3676 C:\Program Files (x86)\NetZero\exec.exe
    3948 C:\Windows\System32\SearchIndexer.exe
    4076 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
    3252 C:\Windows\System32\taskeng.exe
    3324 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
    1072 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
    3300 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
    2204 C:\Windows\System32\SearchProtocolHost.exe
    3928 C:\Windows\System32\SearchFilterHost.exe
    4224 C:\Users\Candi\Desktop\Tech\MBRCheck.exe
    4236 C:\Windows\System32\conhost.exe
    4252 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`7ed00000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDT721025SLA, Rev: STBO

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: F37A9776F0E98E38BD78E91425829D97888CEEFC


    Done!
     
  12. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    Wonderful :)
    It worked :)

    How is computer doing?

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    So far so good... computer seems to be running faster. Ok, going to do OTL. Thanks a bunch!
  14. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    Cool :)..............
  15. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    Here we go. Both logs were too long to post but I attached them. I noticed when I was posting the Extras log that it was trying to connect to the internet. She has a dial up connection on that machine & I didn't bother to connect it.

    Attached Files:

  16. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    You're running two AV programs, AVG and Microsoft Security Essentials.
    One of them has to go.
    If AVG (preferably), use AVG Remover: http://www.avg.com/us-en/download-tools

    ==========================================================================

    Please, uninstall Uniblue Registry Booster.
    Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

    ========================================================================

    Please, uninstall Ask.com as it's considered as an adware.

    ====================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2010/07/27 11:11:24 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O4:[b]64bit:[/b] - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
      O4 - HKLM..\Run: []  File not found
      O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O18:[b]64bit:[/b] - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
      O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      [2010/08/17 03:43:53 | 000,000,000 | ---D | C] -- C:\Users\Candi\AppData\Roaming\Uniblue
      [2010/08/17 03:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
      [2010/08/17 02:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
      [2010/04/02 17:17:42 | 000,000,000 | ---D | M] -- C:\Users\Candi\AppData\Roaming\iWin
      [2010/08/17 03:43:53 | 000,000,000 | ---D | M] -- C:\Users\Candi\AppData\Roaming\Uniblue
      [2010/08/18 21:58:05 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
      @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DD248DD6
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:1B885BBD
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:80D975A5
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:290A724C
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:F2337193
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4BB26BE9
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:972E051C
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2398E95B
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "EnableFirewall" =dword:00000001
      
      :Files
      C:\Program Files (x86)\Uniblue
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  17. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    I couldn't uninstall Ask.com, it was not able to find a file it needed to do so (I think it was a .msi file). Everything else seemed to go smoothly, though. See the latest logs below.

    All processes killed
    ========== OTL ==========
    No active process named rbmonitor.exe was found!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EKIJ5000StatusMonitor deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryBooster deleted successfully.
    File C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.
    File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}\ not found.
    File {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
    File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
    File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    C:\Users\Candi\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Users\Candi\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\Candi\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Users\Candi\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\Candi\AppData\Roaming\Uniblue folder moved successfully.
    Folder C:\Program Files (x86)\Uniblue\ not found.
    C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine folder moved successfully.
    C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp folder moved successfully.
    C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com folder moved successfully.
    C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles folder moved successfully.
    C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data folder moved successfully.
    C:\Program Files (x86)\ESET\ESET Online Scanner\Modules folder moved successfully.
    C:\Program Files (x86)\ESET\ESET Online Scanner folder moved successfully.
    C:\Program Files (x86)\ESET folder moved successfully.
    C:\Users\Candi\AppData\Roaming\iWin\MahjongQuest3 folder moved successfully.
    C:\Users\Candi\AppData\Roaming\iWin\JQSolitaire2 folder moved successfully.
    C:\Users\Candi\AppData\Roaming\iWin folder moved successfully.
    Folder C:\Users\Candi\AppData\Roaming\Uniblue\ not found.
    File C:\Windows\Tasks\RegistryBooster.job not found.
    ADS C:\ProgramData\Temp:DD248DD6 deleted successfully.
    ADS C:\ProgramData\Temp:1B885BBD deleted successfully.
    ADS C:\ProgramData\Temp:80D975A5 deleted successfully.
    ADS C:\ProgramData\Temp:290A724C deleted successfully.
    ADS C:\ProgramData\Temp:F2337193 deleted successfully.
    ADS C:\ProgramData\Temp:4BB26BE9 deleted successfully.
    ADS C:\ProgramData\Temp:972E051C deleted successfully.
    ADS C:\ProgramData\Temp:2398E95B deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" |dword:00000001 /E : value set successfully!
    ========== FILES ==========
    File\Folder C:\Program Files (x86)\Uniblue not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Candi
    ->Temp folder emptied: 2143573 bytes
    ->Temporary Internet Files folder emptied: 8551705 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 971 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 717760 bytes
    ->Temporary Internet Files folder emptied: 87140191 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 434 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 59045973 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 150.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Candi
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Mike
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.10.0 log created on 08192010_024442

    OTL by OldTimer - Version 3.2.10.0 log created on 08192010_024441

    Files\Folders moved on Reboot...
    C:\Users\Candi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    Attached Files:

    • OTL.Txt
      File size:
      74.4 KB
      Views:
      2
  18. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    Looks pretty good...
    Couple of leftovers still there?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll File not found
      [2010/08/17 02:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
      [2009/12/05 04:55:58 | 000,000,000 | ---D | M] -- C:\Users\Candi\AppData\Roaming\AVG9
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  19. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    Ok, I'm back. Sorry for the delay, but we had a bit of a family emergency.

    So, you may remember it's my roommates computer I'm working on. I told her when I started not to do any updates or make any changes until we were
    done, but when I got home tonight & turned on her computer to do the last scans etc., I got the notification before the desktop came up that computer
    was completing windows updates (just FYI).

    I ran the OTL fix per your intructions, but it said there was an error making the log file. I rebooted & again got the error message. That's when realized I
    had run it from the CD (she uses a dial up connection for the internet, so I download all the programs I need on my computer, put them on a re-writable
    CD & copy them from the CD to a folder on her desktop). So, I don't have the log generated after I ran the fix.

    Ran Security Check, then TFC & then decided to run OTL again (from the desktop this time, just the scan) thinking you might be able to tell if the fix worked from this scan log... :rolleyes: I don't know. Anyway, that log is included below along with the log from Security Check.

    Kasperky online scanner is still (very slowly) downloading the database updates (last I looked it was at about 9000kb of almost 94000kb), so I figured I would post what I have & will post the last log once it's done.

    Thank you again for all your help. The only time I spend on the computer is to run the scans, etc., but I can tell it's running faster. I think even the speed of the dial up connection is faster than it was at the beginning of this process.

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player
    Adobe Reader 9.3.2
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

    ``````````End of Log````````````

    Will post the Kasperky log later :)

    Attached Files:

    • OTL.Txt
      File size:
      115.7 KB
      Views:
      1
  20. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    Good news :)

    Probably, she has Windows updates set to automatic, but at this stage, installing them shouldn't be a problem.

    OTL fix didn't work, so you can re-run it at any time.
    Everything else looks good, so far.
  21. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    Kaspersky was scanning when I went to bed, but someone else got to the computer this morning before I did & Kaspersky website is gone. Everyone is gone now, so no one to even ask what happened. Any chance the log was automatically saved somewhere in the computer? I don't even know if the scan finished. Will run OTL fix again. Thanks
  22. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    Instead of Kaspersky, which takes a long time...

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  23. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    I talked to Candi & she says when she got to computer, Kaspersky had finished & indicated 0 infections & 0 "some other stuff" that she didn't remember. She says she clicked to view log but there was nothing there. I just reran OTL fix & pasted the log below. ESET is loading now. May take a while to finish.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll File not found not found.
    C:\ProgramData\AVG Security Toolbar\Update folder moved successfully.
    C:\ProgramData\AVG Security Toolbar\cache folder moved successfully.
    C:\ProgramData\AVG Security Toolbar folder moved successfully.
    C:\Users\Candi\AppData\Roaming\AVG9\cfgall folder moved successfully.
    C:\Users\Candi\AppData\Roaming\AVG9 folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Candi
    ->Temp folder emptied: 106121820 bytes
    ->Temporary Internet Files folder emptied: 15506798 bytes
    ->Java cache emptied: 128094 bytes
    ->Flash cache emptied: 1071 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 102908 bytes
    ->Temporary Internet Files folder emptied: 147172 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 21521292 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 174 bytes

    Total Files Cleaned = 137.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Candi
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Mike
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.10.0 log created on 08222010_131911

    Files\Folders moved on Reboot...
    C:\Users\Candi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
  24. gooodjunkk

    gooodjunkk Newcomer, in training Topic Starter Posts: 43

    She also said computer is way faster & she is very happy with "whatever you guys did" LoL. Anyway, will post ESET log after while.
  25. Broni

    Broni Malware Annihilator Posts: 46,181   +251

    If Kaspersky found nothing, you can stop Eset scan.

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. Run defrag at your convenience.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.