TechSpot

Possible virus/malware sluggish connection

Solved
By CUtley26
Aug 26, 2010
  1. About a week ago my pc began to run sluggish upon opening programs and the internet connection seems to have slowed considerably. At first I considered it to be possible dust within the desktop, upon cleaning I still have the same problems.

    I have ran Spybot and Adaware and upon detecting some items it has not cleared my problem.

    I am attaching the required logs as requested. Thank you for your time and effort to investigate this matter. I have skipped step 4 because I am running Win 7 x64
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  3. CUtley26

    CUtley26 TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASRock
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: To Be Filled By O.E.M.
    System Product Name: To Be Filled By O.E.M.
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 202):
    0x02C0D000 \SystemRoot\system32\ntoskrnl.exe
    0x031E9000 \SystemRoot\system32\hal.dll
    0x00BC1000 \SystemRoot\system32\kdcom.dll
    0x00CDC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CE9000 \SystemRoot\system32\PSHED.dll
    0x00CFD000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00D5B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00CC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E27000 \SystemRoot\System32\Drivers\spqy.sys
    0x00F4D000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00F56000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00F85000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FDC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00FE6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x010BD000 \SystemRoot\system32\DRIVERS\pci.sys
    0x010F0000 \SystemRoot\System32\drivers\partmgr.sys
    0x01105000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x0111A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x01176000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x0117D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x0118D000 \SystemRoot\System32\drivers\mountmgr.sys
    0x011A7000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x011B0000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x011DA000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01060000 \SystemRoot\system32\DRIVERS\bdfsfltr.sys
    0x01241000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0147E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x014DC000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x014F6000 \SystemRoot\System32\Drivers\cng.sys
    0x01569000 \SystemRoot\System32\drivers\pcw.sys
    0x0157A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016E6000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01802000 \SystemRoot\System32\drivers\tcpip.sys
    0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x016D5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01584000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017D8000 \SystemRoot\System32\Drivers\spldr.sys
    0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017E0000 \SystemRoot\System32\Drivers\mup.sys
    0x017F2000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x015D0000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x02CA7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02CD1000 \SystemRoot\System32\Drivers\Null.SYS
    0x02CDA000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02CE1000 \SystemRoot\System32\drivers\vga.sys
    0x02CEF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02D14000 \SystemRoot\System32\drivers\watchdog.sys
    0x02D24000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02D2D000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02D36000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02D3F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02D4A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02D5B000 \SystemRoot\system32\DRIVERS\BdfNdisf6.sys
    0x02D86000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02DA4000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02C00000 \SystemRoot\system32\drivers\afd.sys
    0x02DB1000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02DF6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02C8A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x036E1000 \SystemRoot\system32\DRIVERS\serial.sys
    0x036FE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03719000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0372D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0377E000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0378A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03795000 \SystemRoot\System32\drivers\discache.sys
    0x03600000 \SystemRoot\system32\drivers\csc.sys
    0x03683000 \SystemRoot\System32\Drivers\dfsc.sys
    0x036A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x036B2000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
    0x037A4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x037CA000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x03E68000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x0449E000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04592000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x045D8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x03E32000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03E3F000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04872000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x048C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x048D9000 \SystemRoot\system32\DRIVERS\irsir.sys
    0x048E5000 \SystemRoot\system32\drivers\irenum.sys
    0x048EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0490C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0491B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0492A000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x04936000 \SystemRoot\System32\Drivers\at8r90ma.SYS
    0x0497B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04984000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04994000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0x0499B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x049B1000 \SystemRoot\system32\DRIVERS\bridge.sys
    0x049CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x049F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0482F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0484A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03E4A000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x037DF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x04CF2000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0x04D2F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04D31000 \SystemRoot\system32\DRIVERS\ks.sys
    0x04D74000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04D86000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04DE0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04C00000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x04C21000 \SystemRoot\system32\drivers\portcls.sys
    0x04C5E000 \SystemRoot\system32\drivers\drmk.sys
    0x04C80000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05818000 \SystemRoot\system32\drivers\viahduaa.sys
    0x000A0000 \SystemRoot\System32\win32k.sys
    0x059AC000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04C86000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x059B8000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x059C6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x059D2000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x059DB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x013E4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x059EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x059F0000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x02A88000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x02AA5000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x02AB6000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x02AC2000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x02AD2000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x02AFA000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x00470000 \SystemRoot\System32\TSDDD.dll
    0x008E0000 \SystemRoot\System32\ATMFD.DLL
    0x006E0000 \SystemRoot\System32\cdd.dll
    0x02B04000 \SystemRoot\system32\drivers\luafv.sys
    0x02B27000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02B48000 \SystemRoot\system32\DRIVERS\irda.sys
    0x02B6B000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02B80000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x05E86000 \SystemRoot\system32\drivers\HTTP.sys
    0x05F4E000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x05F6C000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x05F84000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x05FB1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x05E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x05E23000 \SystemRoot\System32\Drivers\adfs.SYS
    0x05E3B000 \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
    0x05E58000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
    0x05E5F000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    0x0669D000 \SystemRoot\system32\drivers\peauth.sys
    0x06743000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0674E000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0677B000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0678D000 \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06A4E000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06AE4000 \SystemRoot\system32\DRIVERS\bdfm.sys
    0x06B0E000 \SystemRoot\system32\DRIVERS\BDHV.SYS
    0x777B0000 \Windows\System32\ntdll.dll
    0x48530000 \Windows\System32\smss.exe
    0xFFAD0000 \Windows\System32\apisetschema.dll
    0xFF5F0000 \Windows\System32\autochk.exe
    0xFF8B0000 \Windows\System32\ole32.dll
    0xFF890000 \Windows\System32\imagehlp.dll
    0xFF840000 \Windows\System32\Wldap32.dll
    0xFF710000 \Windows\System32\rpcrt4.dll
    0xFF4B0000 \Windows\System32\iertutil.dll
    0xFF430000 \Windows\System32\difxapi.dll
    0x77980000 \Windows\System32\normaliz.dll
    0xFF3B0000 \Windows\System32\shlwapi.dll
    0xFF1D0000 \Windows\System32\setupapi.dll
    0xFF1C0000 \Windows\System32\nsi.dll
    0x77970000 \Windows\System32\psapi.dll
    0xFF090000 \Windows\System32\wininet.dll
    0xFF020000 \Windows\System32\gdi32.dll
    0xFF000000 \Windows\System32\sechost.dll
    0xFEE80000 \Windows\System32\urlmon.dll
    0xFEE30000 \Windows\System32\ws2_32.dll
    0xFED60000 \Windows\System32\usp10.dll
    0x77690000 \Windows\System32\kernel32.dll
    0xFEC50000 \Windows\System32\msctf.dll
    0xFEBB0000 \Windows\System32\clbcatq.dll
    0xFEBA0000 \Windows\System32\lpk.dll
    0x77590000 \Windows\System32\user32.dll
    0xFDE10000 \Windows\System32\shell32.dll
    0xFDD70000 \Windows\System32\msvcrt.dll
    0xFDD40000 \Windows\System32\imm32.dll
    0xFDCA0000 \Windows\System32\comdlg32.dll
    0xFDBC0000 \Windows\System32\oleaut32.dll
    0xFDAE0000 \Windows\System32\advapi32.dll
    0xFD970000 \Windows\System32\crypt32.dll
    0xFD8D0000 \Windows\System32\comctl32.dll
    0xFD860000 \Windows\System32\KernelBase.dll
    0xFD840000 \Windows\System32\devobj.dll
    0xFD800000 \Windows\System32\wintrust.dll
    0xFD7C0000 \Windows\System32\cfgmgr32.dll
    0xFD7B0000 \Windows\System32\msasn1.dll
    0x770F0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 82):
    0 System Idle Process
    4 System
    336 C:\Windows\System32\smss.exe
    456 csrss.exe
    520 C:\Windows\System32\wininit.exe
    540 csrss.exe
    576 C:\Windows\System32\services.exe
    592 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    724 C:\Windows\System32\svchost.exe
    804 C:\Windows\System32\svchost.exe
    860 C:\Windows\System32\atiesrxx.exe
    916 C:\Windows\System32\winlogon.exe
    968 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    352 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\atieclxx.exe
    1264 C:\Windows\System32\svchost.exe
    1440 C:\Windows\System32\spoolsv.exe
    1472 C:\Windows\System32\svchost.exe
    1576 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1596 C:\Windows\SysWOW64\ASTSRV.EXE
    1648 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1728 C:\Windows\SysWOW64\svchost.exe
    1780 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    1968 C:\Windows\System32\svchost.exe
    1992 C:\Windows\System32\nlsInterface.EXE
    1168 C:\Windows\System32\svchost.exe
    1360 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    1680 C:\Windows\System32\svchost.exe
    1840 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    2336 C:\Windows\System32\svchost.exe
    2492 C:\Windows\System32\svchost.exe
    2876 C:\Windows\System32\taskhost.exe
    3004 C:\Windows\System32\dwm.exe
    3036 C:\Windows\explorer.exe
    1332 C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    3060 C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
    2700 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    2036 C:\Windows\System32\regsvr32.exe
    2904 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    2460 C:\Windows\SysWOW64\regsvr32.exe
    3076 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    3088 C:\Program Files (x86)\MultiScreen\MultiScreen.exe
    3148 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    3156 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3192 C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    3212 C:\Windows\SysWOW64\rundll32.exe
    3232 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3260 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3312 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3388 C:\Windows\System32\conhost.exe
    3764 C:\Program Files\iPod\bin\iPodService.exe
    3808 C:\Windows\System32\SearchIndexer.exe
    4024 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    2256 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    2444 C:\Windows\System32\svchost.exe
    4280 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4348 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4632 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    4928 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    1740 C:\Windows\System32\wuauclt.exe
    4652 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    4880 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    5536 C:\PROGRA~2\FOXITS~1\FOXITR~1\FOXITR~1.EXE
    5932 C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    14208 C:\Program Files (x86)\iTunes\iTunes.exe
    11500 C:\Windows\System32\audiodg.exe
    12356 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    12876 C:\Windows\System32\conhost.exe
    13704 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    13276 C:\Windows\System32\conhost.exe
    26076 C:\Windows\servicing\TrustedInstaller.exe
    26524 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    26108 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    26464 C:\Windows\System32\SearchProtocolHost.exe
    26512 C:\Windows\System32\SearchFilterHost.exe
    24776 C:\Windows\explorer.exe
    24056 C:\Users\JoeyLo\Downloads\MBRCheck.exe
    1340 C:\Windows\System32\conhost.exe
    26480 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000AAKS-00V1A0, Rev: 05.01D05
    PhysicalDrive1 Model Number: WD6400AAC External, Rev: 1.75

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    596 GB \\.\PhysicalDrive1 MBR Code Faked!
    SHA1: F351D7B573289C8B5D58D5E45F0BADA0604ED05D


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:
     
  4. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    What is drive H?
    Internal, or external drive?
     
  5. CUtley26

    CUtley26 TS Rookie Topic Starter

    OTL.TXT is attached because of size.

    EXTRA.TXT

    OTL Extras logfile created on: 8/26/2010 7:35:59 PM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\JoeyLo\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
    16.00 Gb Paging File | 14.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 251.62 Gb Free Space | 54.03% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 809.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive H: | 596.17 Gb Total Space | 444.91 Gb Free Space | 74.63% Space Free | Partition Type: NTFS
    I: Drive not present or media not loaded

    Computer Name: JOEYLO-PC
    Current User Name: JoeyLo
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
    "{e7394a0f-3f80-45b1-87fc-abcd51893247}" = Python 2.6.4 (64-bit)
    "{EAA190F4-FF0D-4D28-A4E7-E0A20E1DDDFA}" = BitDefender Total Security 2010
    "{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
    "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
    "{1D49D448-D17E-4949-BE2A-B4FE7B8760D5}" = PrintingPress
    "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
    "{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
    "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
    "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
    "{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
    "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
    "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
    "{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
    "{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
    "{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
    "{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
    "{5454083B-1308-4485-BF17-111000028703}" = Grand Theft Auto: Episodes from Liberty City
    "{5454083B-1308-4485-BF17-111000028704}" = Grand Theft Auto: Episodes from Liberty City
    "{5454083B-1308-4485-BF17-111000028705}" = Grand Theft Auto: Episodes from Liberty City
    "{59679381-3F22-4A40-A7AD-890242D74DF4}" = Plug-in Suite 5.1
    "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
    "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
    "{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
    "{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
    "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
    "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite
    "{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
    "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
    "{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
    "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
    "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
     

    Attached Files:

    • OTL.Txt
      File size:
      126.6 KB
      Views:
      1
  6. CUtley26

    CUtley26 TS Rookie Topic Starter

    "{FA583E24-6FBA-47D7-9DEF-10C2F7210A59}_is1" = PerfectTablePlan 4.1.2
    "43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.21
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AviSynth" = AviSynth 2.5
    "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.7
    "BN_DesktopReader" = Barnes & Noble Desktop Reader
    "Camfrog 5.5" = Camfrog Video Chat 5.5
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Company of Heroes" = Company of Heroes
    "Eye Candy 6" = Alien Skin Eye Candy 6
    "Fallout Mod Manager_is1" = Fallout Mod Manager 0.10.2
    "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
    "FOOK2 v1.0" = FOOK2
    "Foxit Creator" = Foxit Creator
    "Foxit Reader" = Foxit Reader
    "GOM Player" = GOM Player
    "HijackThis" = HijackThis 2.0.2
    "ImgBurn" = ImgBurn
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
    "LimeWire" = LimeWire 5.5.8
    "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
    "MyPublisher" = MyPublisher
    "PC Satellite TV Pro" = PC Satellite TV Pro
    "PDF Filler_is1" = PDF Filler 3.11
    "PS3 Media Server" = PS3 Media Server
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "TurboTax 2009" = TurboTax 2009
    "TVUPlayer" = TVUPlayer 2.5.2.2
    "uTorrent" = ĀµTorrent
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "WinAce Archiver" = WinAce Archiver
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/25/2010 11:11:17 PM | Computer Name = JOEYLO-PC | Source = Bonjour Service | ID = 100
    Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 8/25/2010 11:11:17 PM | Computer Name = JOEYLO-PC | Source = Bonjour Service | ID = 100
    Description = 484: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 8/25/2010 11:11:17 PM | Computer Name = JOEYLO-PC | Source = Bonjour Service | ID = 100
    Description = 480: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 8/25/2010 11:11:17 PM | Computer Name = JOEYLO-PC | Source = Bonjour Service | ID = 100
    Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 8/26/2010 1:07:52 AM | Computer Name = JoeyLo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: test.exe, version: 6.1.33.0, time stamp:
    0x4c3d0765 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x009c1bed Faulting process id: 0x794 Faulting application
    start time: 0x01cb44dc99b977f2 Faulting application path: C:\Users\JoeyLo\AppData\Local\Temp\test.exe
    Faulting
    module path: unknown Report Id: e080684d-b0cf-11df-87db-00252205cafc

    Error - 8/26/2010 2:04:14 AM | Computer Name = JoeyLo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: firefox.exe, version: 1.9.2.3855, time
    stamp: 0x4c48d5ce Faulting module name: FOXITR~1.OCX, version: 1.0.1.1113, time stamp:
    0x4afcef8f Exception code: 0xc0000005 Fault offset: 0x00002ccd Faulting process id:
    0x12f0 Faulting application start time: 0x01cb44e36c0b1a66 Faulting application path:
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX
    Report
    Id: c092ca97-b0d7-11df-b32e-00252205cafc

    Error - 8/26/2010 2:24:44 AM | Computer Name = JoeyLo-PC | Source = MsiInstaller | ID = 11601
    Description =

    Error - 8/26/2010 4:07:31 AM | Computer Name = JoeyLo-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
    Dependent
    Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/26/2010 4:07:36 AM | Computer Name = JoeyLo-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\LogMeIn\x86\LogMeInToolkit.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    Error - 8/26/2010 4:08:15 AM | Computer Name = JoeyLo-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    [ System Events ]
    Error - 8/26/2010 4:17:14 AM | Computer Name = JoeyLo-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\Windows\SysWow64\Drivers\null_flt.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 8/26/2010 4:17:14 AM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7000
    Description = The null_flt service failed to start due to the following error: %%1275

    Error - 8/26/2010 4:17:14 AM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7023
    Description = The Nalpeiron Licensing Service 64-bit service terminated with the
    following error: %%183

    Error - 8/26/2010 1:09:06 PM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/26/2010 1:11:40 PM | Computer Name = JoeyLo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
    Description = Some processor performance power management features have been disabled
    due to a known firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 8/26/2010 1:11:40 PM | Computer Name = JoeyLo-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\Windows\SysWow64\Drivers\null_flt.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 8/26/2010 1:11:53 PM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7023
    Description = The Nalpeiron Licensing Service service terminated with the following
    error: %%183

    Error - 8/26/2010 1:11:53 PM | Computer Name = JoeyLo-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\Windows\SysWow64\Drivers\null_flt.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 8/26/2010 1:11:53 PM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7000
    Description = The null_flt service failed to start due to the following error: %%1275

    Error - 8/26/2010 1:11:53 PM | Computer Name = JoeyLo-PC | Source = Service Control Manager | ID = 7023
    Description = The Nalpeiron Licensing Service 64-bit service terminated with the
    following error: %%183


    < End of report >
     
  7. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Probably, you didn't see my previous reply...
     
  8. CUtley26

    CUtley26 TS Rookie Topic Starter

    Sorry I didn't. It's an external drive.
     
  9. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Run MBRCheck again.

    When it's done you'll see the following line:
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Press the Y key and then press Enter

    When the program asks you to Enter your choice, enter 2 and press the Enter key.

    Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
    Enter 1 and press the Enter key.

    Next the program will show Available MBR codes:, followed by a list of operating systems.
    Please enter 5 for Windows 7, and then press Enter.

    Next the program will prompt for confirmation.
    Type YES and hit Enter.

    When it's done there should be a text file with the results on your desktop.
    Please copy and paste it back here.

    Then reboot, run MBRCheck again and post new log.
     
  10. CUtley26

    CUtley26 TS Rookie Topic Starter

    I ran MBRCheck but this time it did not give the option to hit 'Y' for more options.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASRock
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: To Be Filled By O.E.M.
    System Product Name: To Be Filled By O.E.M.
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 202):
    0x02C0D000 \SystemRoot\system32\ntoskrnl.exe
    0x031E9000 \SystemRoot\system32\hal.dll
    0x00BC1000 \SystemRoot\system32\kdcom.dll
    0x00CDC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CE9000 \SystemRoot\system32\PSHED.dll
    0x00CFD000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00D5B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00CC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E27000 \SystemRoot\System32\Drivers\spqy.sys
    0x00F4D000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00F56000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00F85000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FDC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00FE6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x010BD000 \SystemRoot\system32\DRIVERS\pci.sys
    0x010F0000 \SystemRoot\System32\drivers\partmgr.sys
    0x01105000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x0111A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x01176000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x0117D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x0118D000 \SystemRoot\System32\drivers\mountmgr.sys
    0x011A7000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x011B0000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x011DA000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01060000 \SystemRoot\system32\DRIVERS\bdfsfltr.sys
    0x01241000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0147E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x014DC000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x014F6000 \SystemRoot\System32\Drivers\cng.sys
    0x01569000 \SystemRoot\System32\drivers\pcw.sys
    0x0157A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016E6000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01802000 \SystemRoot\System32\drivers\tcpip.sys
    0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x016D5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01584000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017D8000 \SystemRoot\System32\Drivers\spldr.sys
    0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017E0000 \SystemRoot\System32\Drivers\mup.sys
    0x017F2000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x015D0000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x02CA7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02CD1000 \SystemRoot\System32\Drivers\Null.SYS
    0x02CDA000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02CE1000 \SystemRoot\System32\drivers\vga.sys
    0x02CEF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02D14000 \SystemRoot\System32\drivers\watchdog.sys
    0x02D24000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02D2D000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02D36000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02D3F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02D4A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02D5B000 \SystemRoot\system32\DRIVERS\BdfNdisf6.sys
    0x02D86000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02DA4000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02C00000 \SystemRoot\system32\drivers\afd.sys
    0x02DB1000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02DF6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02C8A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x036E1000 \SystemRoot\system32\DRIVERS\serial.sys
    0x036FE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03719000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0372D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0377E000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0378A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03795000 \SystemRoot\System32\drivers\discache.sys
    0x03600000 \SystemRoot\system32\drivers\csc.sys
    0x03683000 \SystemRoot\System32\Drivers\dfsc.sys
    0x036A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x036B2000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
    0x037A4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x037CA000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x03E68000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x0449E000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04592000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x045D8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x03E32000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03E3F000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04872000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x048C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x048D9000 \SystemRoot\system32\DRIVERS\irsir.sys
    0x048E5000 \SystemRoot\system32\drivers\irenum.sys
    0x048EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0490C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0491B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0492A000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x04936000 \SystemRoot\System32\Drivers\at8r90ma.SYS
    0x0497B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04984000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04994000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0x0499B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x049B1000 \SystemRoot\system32\DRIVERS\bridge.sys
    0x049CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x049F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0482F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0484A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03E4A000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x037DF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x04CF2000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0x04D2F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04D31000 \SystemRoot\system32\DRIVERS\ks.sys
    0x04D74000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04D86000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04DE0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04C00000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x04C21000 \SystemRoot\system32\drivers\portcls.sys
    0x04C5E000 \SystemRoot\system32\drivers\drmk.sys
    0x04C80000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05818000 \SystemRoot\system32\drivers\viahduaa.sys
    0x000A0000 \SystemRoot\System32\win32k.sys
    0x059AC000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04C86000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x059B8000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x059C6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x059D2000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x059DB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x013E4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x059EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x059F0000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x02A88000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x02AA5000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x02AB6000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x02AC2000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x02AD2000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x02AFA000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x00470000 \SystemRoot\System32\TSDDD.dll
    0x008E0000 \SystemRoot\System32\ATMFD.DLL
    0x006E0000 \SystemRoot\System32\cdd.dll
    0x02B04000 \SystemRoot\system32\drivers\luafv.sys
    0x02B27000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02B48000 \SystemRoot\system32\DRIVERS\irda.sys
    0x02B6B000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02B80000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x05E86000 \SystemRoot\system32\drivers\HTTP.sys
    0x05F4E000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x05F6C000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x05F84000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x05FB1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x05E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x05E23000 \SystemRoot\System32\Drivers\adfs.SYS
    0x05E3B000 \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
    0x05E58000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
    0x05E5F000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    0x0669D000 \SystemRoot\system32\drivers\peauth.sys
    0x06743000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0674E000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0677B000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0678D000 \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06A4E000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06AE4000 \SystemRoot\system32\DRIVERS\bdfm.sys
    0x06B0E000 \SystemRoot\system32\DRIVERS\BDHV.SYS
    0x777B0000 \Windows\System32\ntdll.dll
    0x48530000 \Windows\System32\smss.exe
    0xFFAD0000 \Windows\System32\apisetschema.dll
    0xFF5F0000 \Windows\System32\autochk.exe
    0xFF8B0000 \Windows\System32\ole32.dll
    0xFF890000 \Windows\System32\imagehlp.dll
    0xFF840000 \Windows\System32\Wldap32.dll
    0xFF710000 \Windows\System32\rpcrt4.dll
    0xFF4B0000 \Windows\System32\iertutil.dll
    0xFF430000 \Windows\System32\difxapi.dll
    0x77980000 \Windows\System32\normaliz.dll
    0xFF3B0000 \Windows\System32\shlwapi.dll
    0xFF1D0000 \Windows\System32\setupapi.dll
    0xFF1C0000 \Windows\System32\nsi.dll
    0x77970000 \Windows\System32\psapi.dll
    0xFF090000 \Windows\System32\wininet.dll
    0xFF020000 \Windows\System32\gdi32.dll
    0xFF000000 \Windows\System32\sechost.dll
    0xFEE80000 \Windows\System32\urlmon.dll
    0xFEE30000 \Windows\System32\ws2_32.dll
    0xFED60000 \Windows\System32\usp10.dll
    0x77690000 \Windows\System32\kernel32.dll
    0xFEC50000 \Windows\System32\msctf.dll
    0xFEBB0000 \Windows\System32\clbcatq.dll
    0xFEBA0000 \Windows\System32\lpk.dll
    0x77590000 \Windows\System32\user32.dll
    0xFDE10000 \Windows\System32\shell32.dll
    0xFDD70000 \Windows\System32\msvcrt.dll
    0xFDD40000 \Windows\System32\imm32.dll
    0xFDCA0000 \Windows\System32\comdlg32.dll
    0xFDBC0000 \Windows\System32\oleaut32.dll
    0xFDAE0000 \Windows\System32\advapi32.dll
    0xFD970000 \Windows\System32\crypt32.dll
    0xFD8D0000 \Windows\System32\comctl32.dll
    0xFD860000 \Windows\System32\KernelBase.dll
    0xFD840000 \Windows\System32\devobj.dll
    0xFD800000 \Windows\System32\wintrust.dll
    0xFD7C0000 \Windows\System32\cfgmgr32.dll
    0xFD7B0000 \Windows\System32\msasn1.dll
    0x770F0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 75):
    0 System Idle Process
    4 System
    336 C:\Windows\System32\smss.exe
    456 csrss.exe
    520 C:\Windows\System32\wininit.exe
    540 csrss.exe
    576 C:\Windows\System32\services.exe
    592 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    724 C:\Windows\System32\svchost.exe
    804 C:\Windows\System32\svchost.exe
    860 C:\Windows\System32\atiesrxx.exe
    916 C:\Windows\System32\winlogon.exe
    968 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    352 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\atieclxx.exe
    1264 C:\Windows\System32\svchost.exe
    1440 C:\Windows\System32\spoolsv.exe
    1472 C:\Windows\System32\svchost.exe
    1576 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1596 C:\Windows\SysWOW64\ASTSRV.EXE
    1648 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1728 C:\Windows\SysWOW64\svchost.exe
    1780 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    1968 C:\Windows\System32\svchost.exe
    1992 C:\Windows\System32\nlsInterface.EXE
    1168 C:\Windows\System32\svchost.exe
    1360 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    1680 C:\Windows\System32\svchost.exe
    1840 C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    2336 C:\Windows\System32\svchost.exe
    2492 C:\Windows\System32\svchost.exe
    2876 C:\Windows\System32\taskhost.exe
    3004 C:\Windows\System32\dwm.exe
    3036 C:\Windows\explorer.exe
    1332 C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    3060 C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
    2700 C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    2036 C:\Windows\System32\regsvr32.exe
    2904 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    2460 C:\Windows\SysWOW64\regsvr32.exe
    3076 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    3088 C:\Program Files (x86)\MultiScreen\MultiScreen.exe
    3148 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    3156 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3192 C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    3212 C:\Windows\SysWOW64\rundll32.exe
    3232 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3260 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3312 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3388 C:\Windows\System32\conhost.exe
    3764 C:\Program Files\iPod\bin\iPodService.exe
    3808 C:\Windows\System32\SearchIndexer.exe
    4024 C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    2256 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    2444 C:\Windows\System32\svchost.exe
    4280 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4348 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    4632 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    4928 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    1740 C:\Windows\System32\wuauclt.exe
    4652 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    4880 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    5932 C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    29028 C:\Windows\servicing\TrustedInstaller.exe
    30072 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    32464 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    31132 C:\Windows\System32\audiodg.exe
    31048 C:\Windows\System32\SearchProtocolHost.exe
    31448 C:\Windows\System32\SearchFilterHost.exe
    28288 C:\Users\JoeyLo\Downloads\MBRCheck.exe
    31564 C:\Windows\System32\conhost.exe
    32760 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000AAKS-00V1A0, Rev: 05.01D05
    PhysicalDrive1 Model Number: WD6400AAC External, Rev: 1.75

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    596 GB \\.\PhysicalDrive1 RE: Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


    Done!
     
  11. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    That's because it looks good :)
    Nothing to fix....

    Let me check your OTL logs now...
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Uninstall Ask.com as it's considered as an adware.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: []  File not found
      O4 - HKCU..\Run: [AdobeBridge]  File not found
      O4 - HKCU..\Run: [CDPreLoader]  File not found
      O4 - HKCU..\Run: [PipePSFactory]  File not found
      O4 - HKCU..\Run: [System32DOS] C:\Windows\SysWow64DOS.exe File not found
      O4 - HKCU..\Run: [Trunk32App]  File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      @Alternate Data Stream - 24 bytes -> C:\Windows:A8922D9F804C2940
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  13. CUtley26

    CUtley26 TS Rookie Topic Starter

    RUN FIX:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CDPreLoader deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PipePSFactory deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\System32DOS deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Trunk32App deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
    File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ADS C:\Windows:A8922D9F804C2940 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Program Files (x86)\Ask.com not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: JoeyLo
    ->Temp folder emptied: 22901593 bytes
    ->Temporary Internet Files folder emptied: 66340 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 40330096 bytes
    ->Flash cache emptied: 456 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2319 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 275908 bytes

    Total Files Cleaned = 61.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: JoeyLo
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.10.0 log created on 08262010_220407

    Files\Folders moved on Reboot...
    C:\Users\JoeyLo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  14. CUtley26

    CUtley26 TS Rookie Topic Starter

    OTL attached.
     

    Attached Files:

    • OTL.Txt
      File size:
      109.9 KB
      Views:
      1
  15. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Good :)
    How is computer running at the moment?

    Last scans.....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  16. CUtley26

    CUtley26 TS Rookie Topic Starter

    Feeling smoother now as far as the browsing and programs running. It did run very sluggish upon the reboot after the OTL Run Fix, but other than that it appears better.

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.82.76
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Common Files BitDefender BitDefender Update Service livesrv.exe
    BitDefender BitDefender 2010 vsserv.exe
    BitDefender BitDefender 2010 bdagent.exe
    BitDefender BitDefender 2010 seccenter.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  17. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    This one looks good :)
     
  18. CUtley26

    CUtley26 TS Rookie Topic Starter

    Just ran process #2 upon restarting BitDefender blocked a virus named Gen:Trojan.Heur.LP.fq4@auRs!wp

    Bout to run step three and post results.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    OK.............
     
  20. CUtley26

    CUtley26 TS Rookie Topic Starter

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, August 27, 2010
    Operating system: Microsoft (build 7600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Thursday, August 26, 2010 23:28:11
    Records in database: 4163272
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - Critical areas:
    C:\Program Files
    C:\Program Files (x86)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    C:\Users\JoeyLo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    C:\Windows

    Scan statistics:
    Objects scanned: 126818
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 01:14:43

    No threats found. Scanned area is clean.

    Selected area has been scanned.
     
  21. CUtley26

    CUtley26 TS Rookie Topic Starter

    Looks all good now. What exactly was wrong or accounting for the sluggish performance?

    thanks Broni!
     
  22. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Wonderful :)

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. Run defrag at your convenience.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    The issue seems to be resolved.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.