Solved Malware/adware slowing computer

gooodjunkk · Aug 17, 2010

Hi,

This forum recently helped me clean up my own computer. Now I am hoping you can do the same for my roommate's machine.

She complains about adware & that the computer is slower than it used to be & seems to keep getting slower. The computer is only about a year old, but her son & several of his & her friends use it all the time while she is gone at work.

The logs from the 8 steps are attached (they are all too long to copy & paste).

It looks like Malwarebytes found & cleaned quite a few files. When we ran GMER, a message came up that said something about the windows system file being in use by another application (I know I should have written it down, but I assumed it would show up in the log). After the scan completed, there was a message that said nothing was found & the log was completely blank. Ran it in safe mode with the same results.

Can someone please take a look at the logs & let me know if it is safe to assume the computer is now clean.

Thank you

Broni · Aug 17, 2010

GMER won't run on Windows 7 64-bit. That's why, you're having problems.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

gooodjunkk · Aug 17, 2010

Will do... thank you

Broni · Aug 17, 2010

Sure thing

gooodjunkk · Aug 18, 2010

Ok, here are the logs (had to attach the Superantispayware log)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Compaq-Presario
System Product Name: AU884AA-ABA CQ5205Y
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 152):
0x02A11000 \SystemRoot\system32\ntoskrnl.exe
0x02FED000 \SystemRoot\system32\hal.dll
0x00BD2000 \SystemRoot\system32\kdcom.dll
0x00C96000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CA3000 \SystemRoot\system32\PSHED.dll
0x00CB7000 \SystemRoot\system32\CLFS.SYS
0x00D15000 \SystemRoot\system32\CI.dll
0x00E16000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EBA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC9000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F20000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F29000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F33000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F66000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F73000 \SystemRoot\System32\drivers\partmgr.sys
0x00F88000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F9D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DD5000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x010D1000 \SystemRoot\system32\DRIVERS\storport.sys
0x01133000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0113E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0118A000 \SystemRoot\system32\drivers\fileinfo.sys
0x01237000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0119E000 \SystemRoot\System32\Drivers\msrpc.sys
0x013DA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014DB000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015CD000 \SystemRoot\System32\Drivers\spldr.sys
0x00C3E000 \SystemRoot\System32\drivers\rdyboost.sys
0x015D5000 \SystemRoot\System32\Drivers\mup.sys
0x015E7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018AA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018E4000 \SystemRoot\system32\DRIVERS\disk.sys
0x018FA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01993000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019BD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x019EA000 \SystemRoot\System32\Drivers\Null.SYS
0x019F3000 \SystemRoot\System32\Drivers\Beep.SYS
0x01800000 \SystemRoot\System32\drivers\vga.sys
0x0180E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01833000 \SystemRoot\System32\drivers\watchdog.sys
0x01843000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0184C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01855000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0185E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01869000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0187A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01898000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CAE000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02CFF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D44000 \SystemRoot\system32\drivers\afd.sys
0x02DCE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DD7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C16000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C25000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C40000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C54000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x015F0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0121B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01226000 \SystemRoot\System32\drivers\discache.sys
0x00C78000 \SystemRoot\System32\Drivers\dfsc.sys
0x010BF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02CA5000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03A00000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03A47000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A6D000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x03A84000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03A8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03AE5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03AF6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03B1A000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x036A7000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x037D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x037DA000 \SystemRoot\system32\drivers\modem.sys
0x04851000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0534F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03E43000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03F37000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03F7D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03F8D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03FA3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03FC7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03FD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05351000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05372000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FEE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03E2F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03E3E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0538C000 \SystemRoot\system32\DRIVERS\ks.sys
0x053CF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03600000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x053E1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04015000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04800000 \SystemRoot\system32\drivers\portcls.sys
0x0365A000 \SystemRoot\system32\drivers\drmk.sys
0x041F6000 \SystemRoot\system32\drivers\ksthunk.sys
0x0367C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04000000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x0483D000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x03699000 \SystemRoot\System32\Drivers\crashdmp.sys
0x053F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x03B6C000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x037E9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x03BAA000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x03BBA000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x03BE2000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x03BEC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0192A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x01943000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0194C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x01959000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x01967000 \SystemRoot\System32\drivers\Dxapi.sys
0x01973000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x02232000 \SystemRoot\system32\drivers\luafv.sys
0x02255000 \SystemRoot\system32\drivers\WudfPf.sys
0x02276000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0228B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x022DE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x022F1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02309000 \SystemRoot\system32\drivers\HTTP.sys
0x023D1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02200000 \SystemRoot\System32\drivers\mpsdrv.sys
0x032B5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x032E2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03330000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03353000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x03200000 \SystemRoot\system32\drivers\peauth.sys
0x032A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03363000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03390000 \SystemRoot\System32\drivers\tcpipreg.sys
0x046EF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04758000 \SystemRoot\System32\DRIVERS\srv.sys
0x04671000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x007C0000 \SystemRoot\System32\cdd.dll
0x04600000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77C20000 \Windows\System32\ntdll.dll
0x478E0000 \Windows\System32\smss.exe
0xFFF40000 \Windows\System32\apisetschema.dll
0xFF580000 \Windows\System32\autochk.exe

Processes (total 68):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
420 csrss.exe
476 C:\Windows\System32\wininit.exe
488 csrss.exe
500 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
508 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
576 C:\Windows\System32\services.exe
584 C:\Windows\System32\lsass.exe
592 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\winlogon.exe
684 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
800 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\nvvsvc.exe
1012 C:\Windows\System32\svchost.exe
396 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
960 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\nvvsvc.exe
1404 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\spoolsv.exe
1680 C:\Windows\System32\svchost.exe
1868 C:\Program Files\LSI SoftModem\agr64svc.exe
1908 C:\Windows\System32\svchost.exe
1928 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1312 C:\Windows\SysWOW64\svchost.exe
1508 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1936 C:\Windows\System32\svchost.exe
1968 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\TCPSVCS.EXE
2100 C:\Windows\System32\svchost.exe
2168 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2516 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2556 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2720 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2996 C:\Windows\System32\svchost.exe
2624 C:\Windows\System32\svchost.exe
236 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2416 C:\Program Files\Windows Media Player\wmpnetwk.exe
1420 C:\Windows\System32\SearchIndexer.exe
1040 C:\Windows\System32\taskhost.exe
1996 C:\Windows\System32\dwm.exe
3116 C:\Windows\System32\taskeng.exe
3196 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
3312 C:\Program Files\Microsoft Security Essentials\msseces.exe
3324 C:\Program Files (x86)\NetZero\exec.exe
3400 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
3524 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3532 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
3552 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3212 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
3360 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
3848 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
3768 C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
4252 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
4684 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4732 C:\Windows\System32\wuauclt.exe
4368 C:\Program Files (x86)\NetZero\exec.exe
1496 C:\Windows\System32\taskeng.exe
4016 C:\Windows\explorer.exe
4912 C:\Windows\System32\SearchProtocolHost.exe
4304 C:\Windows\System32\SearchFilterHost.exe
4296 C:\Users\Candi\Desktop\Tech\MBRCheck.exe
4192 C:\Windows\System32\conhost.exe
4780 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`7ed00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721025SLA, Rev: STBO

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4BF8A4AD5A1A85883A5CCF3E16D780BF57E5FE81

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Broni · Aug 18, 2010

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Pres the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 5 for Windows 7, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

gooodjunkk · Aug 18, 2010

Ran MBR & followed the steps in your last post. After I confirmed by typing YES & pressing ENTER, the program seemed to work for a few minutes then the system froze. That was about 13 minutes ago & it's still frozen. Is this normal?

Broni · Aug 19, 2010

No. Restart manually and try again.
If still no go, we'll use different way to do it.

gooodjunkk · Aug 19, 2010

It worked this time. See reports below.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Compaq-Presario
System Product Name: AU884AA-ABA CQ5205Y
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 186):
0x02A67000 \SystemRoot\system32\ntoskrnl.exe
0x02A1E000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00CB7000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CC4000 \SystemRoot\system32\PSHED.dll
0x00CD8000 \SystemRoot\system32\CLFS.SYS
0x00D36000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E5E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00EB5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00EBE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00EC8000 \SystemRoot\system32\DRIVERS\pci.sys
0x00EFB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F08000 \SystemRoot\System32\drivers\partmgr.sys
0x00F1D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F32000 \SystemRoot\System32\drivers\volmgrx.sys
0x00F8E000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FA8000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x01047000 \SystemRoot\system32\DRIVERS\storport.sys
0x010A9000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010B4000 \SystemRoot\system32\drivers\fltmgr.sys
0x01100000 \SystemRoot\system32\drivers\fileinfo.sys
0x01211000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01114000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01172000 \SystemRoot\System32\Drivers\cng.sys
0x013CE000 \SystemRoot\System32\drivers\pcw.sys
0x013DF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0147C000 \SystemRoot\system32\drivers\ndis.sys
0x0156E000 \SystemRoot\system32\drivers\NETIO.SYS
0x015CE000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01601000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x00E00000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0144A000 \SystemRoot\System32\Drivers\spldr.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x01452000 \SystemRoot\System32\Drivers\mup.sys
0x01464000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01832000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0186C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01882000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0191B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01945000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01972000 \SystemRoot\System32\Drivers\Null.SYS
0x0197B000 \SystemRoot\System32\Drivers\Beep.SYS
0x01982000 \SystemRoot\System32\drivers\vga.sys
0x01990000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019B5000 \SystemRoot\System32\drivers\watchdog.sys
0x019C5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019CE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019D7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019E0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019EB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0181E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C1F000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02C70000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CB5000 \SystemRoot\system32\drivers\afd.sys
0x02D3F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D48000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D6E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02D84000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D93000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DAE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02DC2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02DCC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x036C0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03711000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0371D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03728000 \SystemRoot\System32\drivers\discache.sys
0x03737000 \SystemRoot\System32\Drivers\dfsc.sys
0x03755000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03766000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x0376E000 \SystemRoot\System32\Drivers\avgldx64.sys
0x037B5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x037DB000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x037F2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03656000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03667000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C6D000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x03CBF000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x03DF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03C00000 \SystemRoot\system32\drivers\modem.sys
0x0484F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0534D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03EC3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03FB7000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03E10000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03E26000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E4A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E56000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E85000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03EA0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0534F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05369000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05378000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03EC1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05387000 \SystemRoot\system32\DRIVERS\ks.sys
0x053CA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03C0F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x053DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04010000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04800000 \SystemRoot\system32\drivers\portcls.sys
0x0368B000 \SystemRoot\system32\drivers\drmk.sys
0x041F1000 \SystemRoot\system32\drivers\ksthunk.sys
0x04000000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0483D000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x018B2000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x036AD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x053F1000 \SystemRoot\System32\drivers\Dxapi.sys
0x03DF2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00570000 \SystemRoot\System32\TSDDD.dll
0x02DD6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02C00000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x02C11000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x018F0000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x0204D000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x02075000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x00790000 \SystemRoot\System32\cdd.dll
0x0207F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0208D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x020A6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x020AF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x020BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x020CA000 \SystemRoot\system32\drivers\luafv.sys
0x020ED000 \SystemRoot\system32\drivers\WudfPf.sys
0x0210E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02123000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02176000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02189000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0323A000 \SystemRoot\system32\drivers\HTTP.sys
0x03302000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03320000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03338000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03365000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x033B3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05408000 \SystemRoot\system32\drivers\peauth.sys
0x054AE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x054B9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x054E6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x054F8000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05561000 \SystemRoot\System32\DRIVERS\srv.sys
0x77430000 \Windows\System32\ntdll.dll
0x48070000 \Windows\System32\smss.exe
0xFF750000 \Windows\System32\apisetschema.dll
0xFFE10000 \Windows\System32\autochk.exe
0xFF6F0000 \Windows\System32\Wldap32.dll
0xFF5E0000 \Windows\System32\msctf.dll
0xFF590000 \Windows\System32\ws2_32.dll
0xFF570000 \Windows\System32\imagehlp.dll
0xFF550000 \Windows\System32\sechost.dll
0xFF4B0000 \Windows\System32\clbcatq.dll
0xFF380000 \Windows\System32\rpcrt4.dll
0x77600000 \Windows\System32\normaliz.dll
0xFF2A0000 \Windows\System32\advapi32.dll
0xFF040000 \Windows\System32\iertutil.dll
0x77310000 \Windows\System32\kernel32.dll
0xFEFA0000 \Windows\System32\msvcrt.dll
0x77210000 \Windows\System32\user32.dll
0xFEF20000 \Windows\System32\shlwapi.dll
0xFED10000 \Windows\System32\ole32.dll
0xFEB30000 \Windows\System32\setupapi.dll
0xFEA90000 \Windows\System32\comdlg32.dll
0xFDD00000 \Windows\System32\shell32.dll
0x775F0000 \Windows\System32\psapi.dll
0xFDC20000 \Windows\System32\oleaut32.dll
0xFDC10000 \Windows\System32\lpk.dll
0xFDC00000 \Windows\System32\nsi.dll
0xFDB80000 \Windows\System32\difxapi.dll
0xFDA50000 \Windows\System32\wininet.dll
0xFD980000 \Windows\System32\usp10.dll
0xFD950000 \Windows\System32\imm32.dll
0xFD7D0000 \Windows\System32\urlmon.dll
0xFD760000 \Windows\System32\gdi32.dll
0xFD5F0000 \Windows\System32\crypt32.dll
0xFD5B0000 \Windows\System32\wintrust.dll
0xFD570000 \Windows\System32\cfgmgr32.dll
0xFD500000 \Windows\System32\KernelBase.dll
0xFD4E0000 \Windows\System32\devobj.dll
0xFD440000 \Windows\System32\comctl32.dll
0xFD430000 \Windows\System32\msasn1.dll

Processes (total 64):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
420 csrss.exe
476 C:\Windows\System32\wininit.exe
484 csrss.exe
496 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
512 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
608 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\winlogon.exe
688 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
924 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\nvvsvc.exe
1012 C:\Windows\System32\svchost.exe
328 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
332 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\nvvsvc.exe
1512 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\svchost.exe
1884 C:\Windows\System32\taskhost.exe
2024 C:\Windows\System32\dwm.exe
712 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1316 C:\Program Files\LSI SoftModem\agr64svc.exe
1436 C:\Windows\System32\svchost.exe
1456 C:\Windows\explorer.exe
1532 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
2136 C:\Windows\SysWOW64\svchost.exe
2188 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2244 C:\Windows\System32\svchost.exe
2364 C:\Program Files\Microsoft Security Essentials\msseces.exe
2392 C:\Windows\System32\svchost.exe
2432 C:\Program Files (x86)\NetZero\exec.exe
2548 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2572 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
2608 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
2620 C:\Windows\System32\TCPSVCS.EXE
2640 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
2696 C:\Windows\System32\svchost.exe
2800 C:\Windows\System32\svchost.exe
2872 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2924 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
3032 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
776 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3380 C:\Windows\System32\taskeng.exe
3460 C:\Windows\System32\SearchIndexer.exe
3700 C:\Windows\System32\svchost.exe
3732 C:\Program Files (x86)\NetZero\exec.exe
3792 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\taskeng.exe
2196 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
3868 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
3720 C:\Windows\System32\SearchProtocolHost.exe
3960 C:\Windows\System32\SearchFilterHost.exe
2648 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
3156 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
4448 C:\Users\Candi\Desktop\Tech\MBRCheck.exe
4460 C:\Windows\System32\conhost.exe
4492 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`7ed00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721025SLA, Rev: STBO

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4BF8A4AD5A1A85883A5CCF3E16D780BF57E5FE81

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Wrote new MBR code with API! Fix may not be successful.
Please reboot your computer to complete the fix.

Done!

Broni · Aug 19, 2010

Then reboot, run MBRCheck again and post new log.

gooodjunkk · Aug 19, 2010

I thought I attached the second log. Sorry, posted it below.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Compaq-Presario
System Product Name: AU884AA-ABA CQ5205Y
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 151):
0x02A4D000 \SystemRoot\system32\ntoskrnl.exe
0x02A04000 \SystemRoot\system32\hal.dll
0x00BD1000 \SystemRoot\system32\kdcom.dll
0x00CF4000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D01000 \SystemRoot\system32\PSHED.dll
0x00D15000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EEF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F93000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E13000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E46000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
0x00E68000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E7D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00D73000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x0106A000 \SystemRoot\system32\DRIVERS\storport.sys
0x010CC000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010D7000 \SystemRoot\system32\drivers\fltmgr.sys
0x01123000 \SystemRoot\system32\drivers\fileinfo.sys
0x01248000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01137000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01468000 \SystemRoot\System32\Drivers\cng.sys
0x014DB000 \SystemRoot\System32\drivers\pcw.sys
0x014EC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014F6000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x0121A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x01195000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01460000 \SystemRoot\System32\Drivers\spldr.sys
0x00DB1000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E8000 \SystemRoot\System32\Drivers\mup.sys
0x013EB000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01885000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018BF000 \SystemRoot\system32\DRIVERS\disk.sys
0x018D5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0196E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01998000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x019C5000 \SystemRoot\System32\Drivers\Null.SYS
0x019CE000 \SystemRoot\System32\Drivers\Beep.SYS
0x019D5000 \SystemRoot\System32\drivers\vga.sys
0x01800000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01825000 \SystemRoot\System32\drivers\watchdog.sys
0x01835000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0183E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01847000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01850000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0185B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0104C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0186C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C80000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02CD1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D16000 \SystemRoot\system32\drivers\afd.sys
0x02DA0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DA9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DCF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DE5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C1B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C2F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02C39000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03A8F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03AE0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03AEC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03AF7000 \SystemRoot\System32\drivers\discache.sys
0x03B06000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B24000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B35000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03B3D000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03B84000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03BAA000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x03BC1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03A56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03A67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x036F6000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x0400E000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x0413F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04141000 \SystemRoot\system32\drivers\modem.sys
0x04851000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0534F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03600000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05351000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05397000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x053A7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x053BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x053E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0482F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04150000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04171000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x053ED000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0418B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x053FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0419A000 \SystemRoot\system32\DRIVERS\ks.sys
0x041DD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03748000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x037A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03E1B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x037B7000 \SystemRoot\system32\drivers\portcls.sys
0x03BCC000 \SystemRoot\system32\drivers\drmk.sys
0x03E00000 \SystemRoot\system32\drivers\ksthunk.sys
0x03E06000 \SystemRoot\System32\Drivers\crashdmp.sys
0x041EF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x01905000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x02C43000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02C56000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03BEE000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x04000000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x01943000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x04477000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x0449F000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x044A9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x044B7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x044D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x044D9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x044E6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x044F4000 \SystemRoot\System32\drivers\Dxapi.sys
0x04500000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x0450E000 \SystemRoot\system32\drivers\luafv.sys
0x04531000 \SystemRoot\system32\drivers\WudfPf.sys
0x04552000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04567000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x045BA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x045CD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x038FA000 \SystemRoot\system32\drivers\HTTP.sys
0x039C2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x039E0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0382D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0387B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05484000 \SystemRoot\system32\drivers\peauth.sys
0x0552A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05535000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05562000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05574000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05A5E000 \SystemRoot\System32\DRIVERS\srv.sys
0x76E80000 \Windows\System32\ntdll.dll
0x47950000 \Windows\System32\smss.exe
0xFF1A0000 \Windows\System32\apisetschema.dll
0xFFEE0000 \Windows\System32\autochk.exe

Processes (total 65):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
420 csrss.exe
476 C:\Windows\System32\wininit.exe
488 csrss.exe
500 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
508 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
580 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\winlogon.exe
692 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
932 C:\Windows\System32\svchost.exe
428 C:\Windows\System32\nvvsvc.exe
412 C:\Windows\System32\svchost.exe
708 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1144 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\nvvsvc.exe
1524 C:\Windows\System32\svchost.exe
1748 C:\Windows\System32\spoolsv.exe
1784 C:\Windows\System32\svchost.exe
1876 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1912 C:\Program Files\LSI SoftModem\agr64svc.exe
1932 C:\Windows\System32\svchost.exe
1952 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1316 C:\Windows\SysWOW64\svchost.exe
1420 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1548 C:\Windows\System32\svchost.exe
1716 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\TCPSVCS.EXE
2080 C:\Windows\System32\svchost.exe
2148 C:\Windows\System32\svchost.exe
2228 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2360 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2396 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2868 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2928 C:\Windows\System32\taskhost.exe
3028 C:\Windows\System32\dwm.exe
3068 C:\Windows\explorer.exe
2472 C:\Windows\System32\rundll32.exe
2860 C:\Windows\System32\svchost.exe
3160 C:\Windows\System32\svchost.exe
3168 C:\Program Files\Microsoft Security Essentials\msseces.exe
3268 C:\Program Files (x86)\NetZero\exec.exe
3412 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3436 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
3456 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
3472 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3512 C:\Windows\System32\taskeng.exe
3676 C:\Program Files (x86)\NetZero\exec.exe
3948 C:\Windows\System32\SearchIndexer.exe
4076 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
3252 C:\Windows\System32\taskeng.exe
3324 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
1072 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
3300 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
2204 C:\Windows\System32\SearchProtocolHost.exe
3928 C:\Windows\System32\SearchFilterHost.exe
4224 C:\Users\Candi\Desktop\Tech\MBRCheck.exe
4236 C:\Windows\System32\conhost.exe
4252 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`7ed00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721025SLA, Rev: STBO

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: F37A9776F0E98E38BD78E91425829D97888CEEFC

Done!

Broni · Aug 19, 2010

Wonderful

It worked

How is computer doing?

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

gooodjunkk · Aug 19, 2010

So far so good... computer seems to be running faster. Ok, going to do OTL. Thanks a bunch!

Broni · Aug 19, 2010

Cool

..............

gooodjunkk · Aug 19, 2010

Here we go. Both logs were too long to post but I attached them. I noticed when I was posting the Extras log that it was trying to connect to the internet. She has a dial up connection on that machine & I didn't bother to connect it.

Broni · Aug 19, 2010

You're running two AV programs, AVG and Microsoft Security Essentials.
One of them has to go.
If AVG (preferably), use AVG Remover: http://www.avg.com/us-en/download-tools

==========================================================================

Please, uninstall Uniblue Registry Booster.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

========================================================================

Please, uninstall Ask.com as it's considered as an adware.

====================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

======================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - [2010/07/27 11:11:24 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:[b]64bit:[/b] - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:[b]64bit:[/b] - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010/08/17 03:43:53 | 000,000,000 | ---D | C] -- C:\Users\Candi\AppData\Roaming\Uniblue
[2010/08/17 03:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/08/17 02:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/04/02 17:17:42 | 000,000,000 | ---D | M] -- C:\Users\Candi\AppData\Roaming\iWin
[2010/08/17 03:43:53 | 000,000,000 | ---D | M] -- C:\Users\Candi\AppData\Roaming\Uniblue
[2010/08/18 21:58:05 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DD248DD6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:1B885BBD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:80D975A5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:290A724C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:F2337193
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4BB26BE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:972E051C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2398E95B


:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" =dword:00000001

:Files
C:\Program Files (x86)\Uniblue


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

gooodjunkk · Aug 19, 2010

I couldn't uninstall Ask.com, it was not able to find a file it needed to do so (I think it was a .msi file). Everything else seemed to go smoothly, though. See the latest logs below.

All processes killed
========== OTL ==========
No active process named rbmonitor.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EKIJ5000StatusMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryBooster deleted successfully.
File C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}\ not found.
File {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Candi\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Candi\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Candi\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Candi\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Candi\AppData\Roaming\Uniblue folder moved successfully.
Folder C:\Program Files (x86)\Uniblue\ not found.
C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner folder moved successfully.
C:\Program Files (x86)\ESET folder moved successfully.
C:\Users\Candi\AppData\Roaming\iWin\MahjongQuest3 folder moved successfully.
C:\Users\Candi\AppData\Roaming\iWin\JQSolitaire2 folder moved successfully.
C:\Users\Candi\AppData\Roaming\iWin folder moved successfully.
Folder C:\Users\Candi\AppData\Roaming\Uniblue\ not found.
File C:\Windows\Tasks\RegistryBooster.job not found.
ADS C:\ProgramData\Temp

D248DD6 deleted successfully.
ADS C:\ProgramData\Temp:1B885BBD deleted successfully.
ADS C:\ProgramData\Temp:80D975A5 deleted successfully.
ADS C:\ProgramData\Temp:290A724C deleted successfully.
ADS C:\ProgramData\Temp:F2337193 deleted successfully.
ADS C:\ProgramData\Temp:4BB26BE9 deleted successfully.
ADS C:\ProgramData\Temp:972E051C deleted successfully.
ADS C:\ProgramData\Temp:2398E95B deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" |dword:00000001 /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files (x86)\Uniblue not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Candi
->Temp folder emptied: 2143573 bytes
->Temporary Internet Files folder emptied: 8551705 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 971 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 717760 bytes
->Temporary Internet Files folder emptied: 87140191 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59045973 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 150.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Candi
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08192010_024442

OTL by OldTimer - Version 3.2.10.0 log created on 08192010_024441

Files\Folders moved on Reboot...
C:\Users\Candi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Broni · Aug 19, 2010

Looks pretty good...
Couple of leftovers still there?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll File not found
[2010/08/17 02:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2009/12/05 04:55:58 | 000,000,000 | ---D | M] -- C:\Users\Candi\AppData\Roaming\AVG9


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

gooodjunkk · Aug 21, 2010

Ok, I'm back. Sorry for the delay, but we had a bit of a family emergency.

So, you may remember it's my roommates computer I'm working on. I told her when I started not to do any updates or make any changes until we were
done, but when I got home tonight & turned on her computer to do the last scans etc., I got the notification before the desktop came up that computer
was completing windows updates (just FYI).

I ran the OTL fix per your intructions, but it said there was an error making the log file. I rebooted & again got the error message. That's when realized I
had run it from the CD (she uses a dial up connection for the internet, so I download all the programs I need on my computer, put them on a re-writable
CD & copy them from the CD to a folder on her desktop). So, I don't have the log generated after I ran the fix.

Ran Security Check, then TFC & then decided to run OTL again (from the desktop this time, just the scan) thinking you might be able to tell if the fix worked from this scan log...

I don't know. Anyway, that log is included below along with the log from Security Check.

Kasperky online scanner is still (very slowly) downloading the database updates (last I looked it was at about 9000kb of almost 94000kb), so I figured I would post what I have & will post the last log once it's done.

Thank you again for all your help. The only time I spend on the computer is to run the scans, etc., but I can tell it's running faster. I think even the speed of the dial up connection is faster than it was at the beginning of this process.

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 9.3.2
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````

Will post the Kasperky log later

Broni · Aug 21, 2010

Good news

Probably, she has Windows updates set to automatic, but at this stage, installing them shouldn't be a problem.

OTL fix didn't work, so you can re-run it at any time.
Everything else looks good, so far.

gooodjunkk · Aug 21, 2010

Kaspersky was scanning when I went to bed, but someone else got to the computer this morning before I did & Kaspersky website is gone. Everyone is gone now, so no one to even ask what happened. Any chance the log was automatically saved somewhere in the computer? I don't even know if the scan finished. Will run OTL fix again. Thanks

Broni · Aug 21, 2010

Instead of Kaspersky, which takes a long time...

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
IMPORTANT! UN-check Remove found threats
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

gooodjunkk · Aug 22, 2010

I talked to Candi & she says when she got to computer, Kaspersky had finished & indicated 0 infections & 0 "some other stuff" that she didn't remember. She says she clicked to view log but there was nothing there. I just reran OTL fix & pasted the log below. ESET is loading now. May take a while to finish.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll File not found not found.
C:\ProgramData\AVG Security Toolbar\Update folder moved successfully.
C:\ProgramData\AVG Security Toolbar\cache folder moved successfully.
C:\ProgramData\AVG Security Toolbar folder moved successfully.
C:\Users\Candi\AppData\Roaming\AVG9\cfgall folder moved successfully.
C:\Users\Candi\AppData\Roaming\AVG9 folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Candi
->Temp folder emptied: 106121820 bytes
->Temporary Internet Files folder emptied: 15506798 bytes
->Java cache emptied: 128094 bytes
->Flash cache emptied: 1071 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 102908 bytes
->Temporary Internet Files folder emptied: 147172 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21521292 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 174 bytes

Total Files Cleaned = 137.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Candi
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08222010_131911

Files\Folders moved on Reboot...
C:\Users\Candi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

gooodjunkk · Aug 22, 2010

She also said computer is way faster & she is very happy with "whatever you guys did" LoL. Anyway, will post ESET log after while.

Broni · Aug 22, 2010

If Kaspersky found nothing, you can stop Eset scan.

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Solved Malware/adware slowing computer

Posts: 43 +0

Attachments

Posts: 56,041 +516

Posts: 43 +0

Posts: 56,041 +516

Posts: 43 +0

Attachments

Posts: 56,041 +516

Posts: 43 +0

Posts: 56,041 +516

Posts: 43 +0

Posts: 56,041 +516

Posts: 43 +0

Posts: 56,041 +516

Posts: 43 +0

Posts: 56,041 +516

Posts: 43 +0

Attachments

Posts: 56,041 +516

Posts: 43 +0

Attachments

Posts: 56,041 +516

Posts: 43 +0

Attachments

Posts: 56,041 +516

Posts: 43 +0

Posts: 56,041 +516

Posts: 43 +0

Posts: 43 +0

Posts: 56,041 +516

Similar threads