TechSpot

Random site redirects, logs pasted below

By arcing
Nov 29, 2010
  1. Hi,

    I started noticing that google chrome would not load any websites, but firefox would. Also noticed that when I clicked on links after I searched on google, it would sometimes redirect me to a different webpage.

    GMER did not find anything, so here are the other logs.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5214

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    29/11/2010 11:44:25 AM
    mbam-log-2010-11-29 (11-44-25).txt

    Scan type: Quick scan
    Objects scanned: 138269
    Time elapsed: 3 minute(s), 29 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 9
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\Windows\$NtUninstallMTF197$\habhu.dll (Trojan.BHO) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{62b6849d-7425-4e9d-abfc-0995a3732355} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fba8455b-efb2-4e02-91d8-19fca8ef3cc9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{fba8455b-efb2-4e02-91d8-19fca8ef3cc9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fba8455b-efb2-4e02-91d8-19fca8ef3cc9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fba8455b-efb2-4e02-91d8-19fca8ef3cc9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3c47a8a-fde2-4a01-a778-86d9c3b3052d} (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e3c47a8a-fde2-4a01-a778-86d9c3b3052d} (Adware.AdRotator) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    C:\Windows\$NtUninstallMTF197$\habhu.dll (Trojan.BHO) -> Delete on reboot.
    C:\Windows\$NtUninstallMTF197$\htlgv.dll (Adware.AdRotator) -> Delete on reboot.



    DDS (Ver_10-11-27.01) - NTFS_AMD64
    Run by Black at 12:05:34.65 on 29/11/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1791.959 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Black\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Black\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Black\AppData\Roaming\Mozilla\Firefox\Profiles\ngapt9h6.default\
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Users\Black\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-27 203776]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-19 1255736]

    =============== Created Last 30 ================

    2010-11-29 17:04:22 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{31FE46D6-161F-475A-8A75-EAD6FBCAE944}\mpengine.dll
    2010-11-29 16:39:58 -------- d-----w- C:\Users\Black\AppData\Roaming\Malwarebytes
    2010-11-29 16:39:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-29 16:39:47 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-29 16:39:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-29 16:39:47 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-24 14:11:37 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-11-24 14:11:37 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-11-20 14:01:41 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2010-11-20 14:01:41 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2010-11-19 16:31:00 -------- d-----w- C:\Users\Black\AppData\Local\Apps
    2010-11-19 16:28:42 -------- d-----w- C:\Users\Black\AppData\Roaming\SPlayer
    2010-11-19 16:28:30 -------- d-----w- C:\Program Files (x86)\SPlayer
    2010-11-19 16:24:10 -------- d-----w- C:\Users\Black\AppData\Roaming\foobar2000
    2010-11-19 16:23:59 -------- d-----w- C:\Program Files (x86)\foobar2000
    2010-11-19 15:45:40 -------- d-----w- C:\Windows\SysWow64\Wat
    2010-11-19 15:45:40 -------- d-----w- C:\Windows\System32\Wat
    2010-11-19 15:32:57 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-19 15:20:30 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
    2010-11-19 15:17:32 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2010-11-19 15:17:32 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2010-11-19 15:17:32 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2010-11-19 15:17:31 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2010-11-19 15:17:31 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2010-11-19 15:17:31 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2010-11-19 15:17:31 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2010-11-19 15:17:31 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2010-11-19 15:17:31 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2010-11-19 15:17:31 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2010-11-19 15:08:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-11-19 15:08:59 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-11-19 15:05:26 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31c8810e1cb87fb30\InstallManager_WLE_WLE.exe
    2010-11-19 15:03:45 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f60596a81cb87fa25\MeshBetaRemover.exe
    2010-11-19 15:02:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ca4e32f41cb87fa1d\DSETUP.dll
    2010-11-19 15:02:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ca4e32f41cb87fa1d\DXSETUP.exe
    2010-11-19 15:02:32 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ca4e32f41cb87fa1d\dsetup32.dll
    2010-11-19 15:02:25 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c640d3d11cb87fa1c\DSETUP.dll
    2010-11-19 15:02:25 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c640d3d11cb87fa1c\DXSETUP.exe
    2010-11-19 15:02:25 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c640d3d11cb87fa1c\dsetup32.dll
    2010-11-19 15:00:36 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84bab8e81cb87fa10\Silverlight.4.0.exe
    2010-11-19 14:58:36 -------- d-----w- C:\Users\Black\AppData\Local\Windows Live
    2010-11-19 14:58:35 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2010-11-19 14:58:03 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2010-11-19 14:58:03 206848 ----a-w- C:\Windows\System32\mfps.dll
    2010-11-19 14:58:03 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2010-11-19 14:58:02 4068864 ----a-w- C:\Windows\System32\mf.dll
    2010-11-19 14:58:02 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2010-11-19 14:58:02 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2010-11-19 14:58:01 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
    2010-11-19 14:56:33 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2010-11-19 14:51:39 85936 ----a-w- C:\Windows\System32\drivers\scdemu.sys
    2010-11-19 14:51:39 -------- d-----w- C:\Program Files (x86)\PowerISO
    2010-11-19 14:44:30 -------- d-----w- C:\Program Files (x86)\VS Revo Group
    2010-11-19 14:34:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2010-11-19 14:34:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2010-11-19 14:34:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2010-11-19 14:34:58 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2010-11-19 14:34:58 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2010-11-19 14:34:58 243200 ----a-w- C:\Windows\System32\wow64.dll
    2010-11-19 14:34:58 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2010-11-19 14:34:58 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2010-11-19 14:34:12 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2010-11-19 14:34:09 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-11-19 14:31:05 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
    2010-11-19 14:20:07 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
    2010-11-19 14:17:31 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-11-19 14:17:29 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2010-11-19 14:17:29 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2010-11-19 14:17:29 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2010-11-19 14:17:25 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2010-11-19 14:17:24 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2010-11-19 14:17:24 144384 ----a-w- C:\Windows\System32\cdd.dll
    2010-11-19 14:17:07 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-11-19 14:17:06 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-11-19 14:15:58 -------- d-----w- C:\Users\Black\AppData\Local\Microsoft Help
    2010-11-19 14:08:33 -------- d-----w- C:\Users\Black\AppData\Local\Google
    2010-11-19 14:07:43 -------- d-----w- C:\Users\Black\AppData\Local\Mozilla
    2010-11-19 02:52:50 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-11-19 02:48:23 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
    2010-11-19 02:47:48 -------- d-sh--w- C:\Windows\Installer
    2010-11-19 02:45:43 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2010-11-19 02:45:43 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2010-11-19 02:45:42 139264 ----a-w- C:\Windows\System32\cabview.dll
    2010-11-19 02:45:42 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2010-11-19 02:45:23 -------- d-----w- C:\Program Files\CCleaner
    2010-11-19 02:43:27 -------- d-----w- C:\Windows\Panther
    2010-11-19 02:28:32 -------- d-----w- C:\Program Files\Microsoft Security Essentials
    2010-11-19 02:23:16 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2010-11-19 02:22:29 -------- d-----w- C:\Users\Black\AppData\Roaming\Dropbox
    2010-11-19 02:21:25 -------- d-----w- C:\Users\Black\AppData\Roaming\uTorrent
    2010-11-18 23:56:16 -------- d-----w- C:\Users\Black\AppData\Local\Diagnostics
    2010-11-18 23:45:43 0 ----a-w- C:\Windows\ativpsrm.bin
    2010-11-10 17:49:36 135568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-10-27 09:00:16 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2010-10-27 08:25:38 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
    2010-10-27 08:08:18 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2010-10-27 07:55:32 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
    2010-10-27 07:55:24 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2010-10-27 07:54:24 645120 ----a-w- C:\Windows\System32\aticfx64.dll
    2010-10-27 07:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2010-10-27 07:52:14 478208 ----a-w- C:\Windows\System32\atieclxx.exe
    2010-10-27 07:51:38 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
    2010-10-27 07:50:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2010-10-27 07:50:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2010-10-27 07:50:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2010-10-27 07:49:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2010-10-27 07:49:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2010-10-27 07:49:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2010-10-27 07:49:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2010-10-27 07:46:58 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2010-10-27 07:38:04 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
    2010-10-27 07:35:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2010-10-27 07:35:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2010-10-27 07:35:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2010-10-27 07:35:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2010-10-27 07:35:08 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
    2010-10-27 07:33:52 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2010-10-27 07:28:22 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2010-10-27 07:22:04 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
    2010-10-27 07:15:00 58880 ----a-w- C:\Windows\System32\coinst.dll
    2010-10-27 07:14:58 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
    2010-10-27 07:14:52 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2010-10-27 07:14:44 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2010-10-27 07:14:42 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2010-10-27 07:14:42 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2010-10-27 07:14:38 31744 ----a-w- C:\Windows\System32\atig6txx.dll
    2010-10-27 07:14:32 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2010-10-27 07:14:24 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2010-10-27 07:13:44 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
    2010-10-27 07:13:36 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2010-10-27 07:13:30 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
    2010-10-27 07:13:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2010-10-27 07:12:56 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2010-10-27 06:57:04 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
    2010-10-27 06:50:10 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2010-10-27 06:37:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2010-10-27 06:37:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2010-10-27 06:37:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2010-10-27 06:37:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
    2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys

    ============= FINISH: 12:06:11.73 ===============









    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18/11/2010 6:54:34 PM
    System Uptime: 29/11/2010 11:45:18 AM (1 hours ago)

    Motherboard: ASUSTeK Computer INC. | | M3A78-EM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5400+ | AM2 | 2800/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 74 GiB total, 53.074 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_816810EC&REV_02\4&17AA8702&0&0030
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_816810EC&REV_02\4&17AA8702&0&0030
    Service: RTL8167

    ==== System Restore Points ===================

    RP13: 24/11/2010 9:52:36 AM - Windows Update
    RP14: 25/11/2010 9:30:24 AM - Windows Update
    RP15: 26/11/2010 10:24:00 AM - Revo Uninstaller's restore point - Google Chrome
    RP16: 26/11/2010 10:44:02 AM - Windows Update
    RP17: 26/11/2010 10:49:20 AM - Restore Operation
    RP18: 26/11/2010 11:02:49 AM - Windows Update
    RP19: 27/11/2010 5:42:25 PM - Windows Update
    RP20: 28/11/2010 8:43:56 PM - Windows Update

    ==== Installed Programs ======================

    Adobe Flash Player 10 Plugin
    Adobe Reader X
    foobar2000 v1.1.1
    Google Chrome
    Java Auto Updater
    Java(TM) 6 Update 22
    Malwarebytes' Anti-Malware
    Microsoft Silverlight
    Mozilla Firefox (3.6.12)
    PowerISO
    Revo Uninstaller 1.90
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    SPlayer
    Street-Ads Browser Enhancer

    ==== Event Viewer Messages From Past Week ========

    29/11/2010 11:45:40 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    29/11/2010 11:45:27 AM, Error: RTL8167 [5008] - Realtek PCIe GBE Family Controller : Has encountered an invalid network address.
    29/11/2010 11:37:54 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    29/11/2010 11:36:28 AM, Error: Service Control Manager [7031] - The KMService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    28/11/2010 8:33:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    28/11/2010 8:33:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88006768910, 0x0000000000000000, 0xfffff8000287f6a6, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112810-18330-01.
    26/11/2010 11:07:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    26/11/2010 11:07:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    26/11/2010 11:06:57 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/11/2010 11:05:56 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/11/2010 10:52:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    26/11/2010 10:23:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    26/11/2010 10:12:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    26/11/2010 10:10:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    ==== End Of File ===========================



    Thanks in advance.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
  3. arcing

    arcing TS Rookie Topic Starter

    Thanks for helping.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 187):
    0x02A5E000 \SystemRoot\system32\ntoskrnl.exe
    0x02A15000 \SystemRoot\system32\hal.dll
    0x00BB6000 \SystemRoot\system32\kdcom.dll
    0x00C54000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C61000 \SystemRoot\system32\PSHED.dll
    0x00C75000 \SystemRoot\system32\CLFS.SYS
    0x00CD3000 \SystemRoot\system32\CI.dll
    0x00E35000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00ED9000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EE8000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F3F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F48000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F52000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F85000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F92000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FA7000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D93000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FBC000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00FC3000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00FD3000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FED000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00E2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
    0x010F8000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01231000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0110C000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013D4000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0116A000 \SystemRoot\System32\Drivers\cng.sys
    0x013EE000 \SystemRoot\System32\drivers\pcw.sys
    0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01000000 \SystemRoot\system32\drivers\ndis.sys
    0x014DB000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0153B000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01603000 \SystemRoot\System32\drivers\tcpip.sys
    0x01566000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x015B0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0144C000 \SystemRoot\System32\Drivers\spldr.sys
    0x01454000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0148E000 \SystemRoot\System32\Drivers\mup.sys
    0x014A0000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x015C0000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x014A9000 \SystemRoot\system32\DRIVERS\disk.sys
    0x0186A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x018D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x018FA000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x01927000 \SystemRoot\System32\Drivers\Null.SYS
    0x01930000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01937000 \SystemRoot\System32\drivers\vga.sys
    0x01945000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0196A000 \SystemRoot\System32\drivers\watchdog.sys
    0x0197A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01983000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0198C000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01995000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x019A0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x019B1000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x019CF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03AC4000 \SystemRoot\system32\drivers\afd.sys
    0x03B4E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03B93000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03B9C000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03BC2000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03BD1000 \SystemRoot\system32\DRIVERS\serial.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03A1B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03A2F000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x03A48000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03A99000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03AA5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03AB0000 \SystemRoot\System32\drivers\discache.sys
    0x02CE7000 \SystemRoot\system32\drivers\csc.sys
    0x02D6A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02D88000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02D99000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02DBF000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04804000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x03CAE000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03DA2000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03C24000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x03C62000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x01800000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03C6D000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03C7E000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x03C8B000 \SystemRoot\system32\DRIVERS\parport.sys
    0x03DE8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x02CA1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03DF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x02CBF000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x02CCB000 \SystemRoot\system32\DRIVERS\fet6x64.sys
    0x02CD7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x02DD6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x02DE6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x019DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03BEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x042CA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x042F9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04314000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04335000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0434F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x0435A000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04369000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0436B000 \SystemRoot\system32\DRIVERS\ks.sys
    0x043AE000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04200000 \SystemRoot\system32\drivers\HdAudio.sys
    0x0425C000 \SystemRoot\system32\drivers\portcls.sys
    0x04299000 \SystemRoot\system32\drivers\drmk.sys
    0x042BB000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04018000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04072000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x0407D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x00070000 \SystemRoot\System32\win32k.sys
    0x04092000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0409E000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x040AC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x040B8000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x040C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x040D4000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x040E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x040FB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04104000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04106000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x04113000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00490000 \SystemRoot\System32\TSDDD.dll
    0x00660000 \SystemRoot\System32\cdd.dll
    0x04121000 \SystemRoot\system32\drivers\luafv.sys
    0x04144000 \SystemRoot\system32\drivers\WudfPf.sys
    0x04165000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0417A000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02A9C000 \SystemRoot\system32\drivers\HTTP.sys
    0x02B64000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02B82000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02B9A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0460C000 \SystemRoot\system32\drivers\peauth.sys
    0x046B2000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x046BD000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x046EA000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x046FC000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x04763000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0x06467000 \SystemRoot\System32\DRIVERS\srv.sys
    0x064FD000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x06533000 \SystemRoot\system32\drivers\spsys.sys
    0x77840000 \Windows\System32\ntdll.dll
    0x47C50000 \Windows\System32\smss.exe
    0xFFB60000 \Windows\System32\apisetschema.dll
    0xFF220000 \Windows\System32\autochk.exe
    0xFFB30000 \Windows\System32\imagehlp.dll
    0xFFB10000 \Windows\System32\sechost.dll
    0x77A10000 \Windows\System32\normaliz.dll
    0xFF9E0000 \Windows\System32\rpcrt4.dll
    0xFF9B0000 \Windows\System32\imm32.dll
    0x77740000 \Windows\System32\user32.dll
    0xFF9A0000 \Windows\System32\lpk.dll
    0xFF8D0000 \Windows\System32\usp10.dll
    0xFF670000 \Windows\System32\iertutil.dll
    0xFF5D0000 \Windows\System32\comdlg32.dll
    0xFF580000 \Windows\System32\Wldap32.dll
    0xFF500000 \Windows\System32\difxapi.dll
    0xFF320000 \Windows\System32\setupapi.dll
    0xFF310000 \Windows\System32\nsi.dll
    0x77620000 \Windows\System32\kernel32.dll
    0xFE580000 \Windows\System32\shell32.dll
    0xFE450000 \Windows\System32\wininet.dll
    0xFE3D0000 \Windows\System32\shlwapi.dll
    0xFE250000 \Windows\System32\urlmon.dll
    0xFE1E0000 \Windows\System32\gdi32.dll
    0xFE100000 \Windows\System32\oleaut32.dll
    0xFE060000 \Windows\System32\msvcrt.dll
    0xFDE50000 \Windows\System32\ole32.dll
    0x77A00000 \Windows\System32\psapi.dll
    0xFDE00000 \Windows\System32\ws2_32.dll
    0xFDD20000 \Windows\System32\advapi32.dll
    0xFDC10000 \Windows\System32\msctf.dll
    0xFDB70000 \Windows\System32\clbcatq.dll
    0xFDA00000 \Windows\System32\crypt32.dll
    0xFD960000 \Windows\System32\comctl32.dll
    0xFD920000 \Windows\System32\cfgmgr32.dll
    0xFD8B0000 \Windows\System32\KernelBase.dll
    0xFD890000 \Windows\System32\devobj.dll
    0xFD850000 \Windows\System32\wintrust.dll
    0xFD840000 \Windows\System32\msasn1.dll
    0x779F0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 46):
    0 System Idle Process
    4 System
    364 C:\Windows\System32\smss.exe
    460 csrss.exe
    532 C:\Windows\System32\wininit.exe
    540 csrss.exe
    588 C:\Windows\System32\services.exe
    604 C:\Windows\System32\lsass.exe
    612 C:\Windows\System32\lsm.exe
    636 C:\Windows\System32\winlogon.exe
    808 C:\Windows\System32\svchost.exe
    896 C:\Windows\System32\svchost.exe
    948 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    384 C:\Windows\System32\atiesrxx.exe
    708 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\audiodg.exe
    1220 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\atieclxx.exe
    1364 C:\Windows\System32\svchost.exe
    1580 C:\Windows\System32\spoolsv.exe
    1668 C:\Windows\System32\svchost.exe
    1760 C:\Windows\System32\dwm.exe
    1800 C:\Windows\System32\taskhost.exe
    1900 C:\Windows\explorer.exe
    1332 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2100 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2472 C:\Program Files\Microsoft Security Essentials\msseces.exe
    2804 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    2824 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2844 C:\Windows\System32\svchost.exe
    3036 C:\Windows\System32\SearchIndexer.exe
    1552 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2744 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2576 C:\Windows\System32\SearchProtocolHost.exe
    2832 WmiPrvSE.exe
    3048 C:\Windows\System32\SearchFilterHost.exe
    2760 C:\Windows\System32\svchost.exe
    3420 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    3564 dllhost.exe
    3732 C:\Windows\explorer.exe
    2284 C:\Windows\System32\sppsvc.exe
    3608 C:\Users\Black\Downloads\MBRCheck.exe
    3572 C:\Windows\System32\conhost.exe
    4056 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: ST380815AS, Rev: 3.AAD

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!






    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/30/2010 at 09:46 AM

    Application Version : 4.46.1000

    Core Rules Database Version : 5929
    Trace Rules Database Version: 3741

    Scan type : Complete Scan
    Total Scan Time : 00:28:37

    Memory items scanned : 333
    Memory threats detected : 0
    Registry items scanned : 12208
    Registry threats detected : 4
    File items scanned : 75006
    File threats detected : 0

    Adware.AdRotator
    (x86) HKU\.DEFAULT\Software\Sky-Banners
    (x86) HKU\S-1-5-18\Software\Sky-Banners
    (x86) HKU\.DEFAULT\Software\Street-Ads
    (x86) HKU\S-1-5-18\Software\Street-Ads



    I don't seem to be getting the site redirects anymore. Chrome is working fine as well.

    Thanks again.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good news, but we need to fix your MBR and run couple more scans to make sure, all is clean 100%.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  5. arcing

    arcing TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 186):
    0x02A0F000 \SystemRoot\system32\ntoskrnl.exe
    0x02FEB000 \SystemRoot\system32\hal.dll
    0x00BAC000 \SystemRoot\system32\kdcom.dll
    0x00C3F000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C4C000 \SystemRoot\system32\PSHED.dll
    0x00C60000 \SystemRoot\system32\CLFS.SYS
    0x00CBE000 \SystemRoot\system32\CI.dll
    0x00E42000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EE6000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EF5000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F4C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F55000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F5F000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F92000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F9F000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FB4000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D7E000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FC9000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00FD0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00FE0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00E09000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00E33000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x010EE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0113A000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01248000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0114E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01000000 \SystemRoot\System32\Drivers\cng.sys
    0x0121A000 \SystemRoot\System32\drivers\pcw.sys
    0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014D7000 \SystemRoot\system32\drivers\ndis.sys
    0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01600000 \SystemRoot\System32\drivers\tcpip.sys
    0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x015C9000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x015D9000 \SystemRoot\System32\Drivers\spldr.sys
    0x011AC000 \SystemRoot\System32\drivers\rdyboost.sys
    0x015E1000 \SystemRoot\System32\Drivers\mup.sys
    0x015F3000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x011E6000 \SystemRoot\system32\DRIVERS\disk.sys
    0x018AC000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01912000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x0193C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x01969000 \SystemRoot\System32\Drivers\Null.SYS
    0x01972000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01979000 \SystemRoot\System32\drivers\vga.sys
    0x01987000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x019AC000 \SystemRoot\System32\drivers\watchdog.sys
    0x019BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x019C5000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x019CE000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x019D7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x019E2000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0181E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02CE6000 \SystemRoot\system32\drivers\afd.sys
    0x02D70000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02DB5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02DBE000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02DE4000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\serial.sys
    0x02C1D000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02C38000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02C4C000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x02C65000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x02C6F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x02C79000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02CCA000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02CD6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x0182B000 \SystemRoot\System32\drivers\discache.sys
    0x03EFD000 \SystemRoot\system32\drivers\csc.sys
    0x03F80000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03F9E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03FAF000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03FD5000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04805000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x03AEF000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03A00000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03A46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03A6A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x03AA8000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03EA1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03AB3000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03AC4000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x03AD1000 \SystemRoot\system32\DRIVERS\parport.sys
    0x03BE3000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x0183A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03BEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03FEC000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x02DF3000 \SystemRoot\system32\DRIVERS\fet6x64.sys
    0x01858000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x01861000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x01871000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x01887000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x019F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x010BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x00DDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04248000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04269000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04283000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x0428E000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0429D000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0429F000 \SystemRoot\system32\DRIVERS\ks.sys
    0x042E2000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x042F4000 \SystemRoot\system32\drivers\HdAudio.sys
    0x04350000 \SystemRoot\system32\drivers\portcls.sys
    0x0438D000 \SystemRoot\system32\drivers\drmk.sys
    0x043AF000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0405F000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x040B9000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x040C4000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x00080000 \SystemRoot\System32\win32k.sys
    0x040D9000 \SystemRoot\System32\drivers\Dxapi.sys
    0x040E5000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x040F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x040FF000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x04108000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x0411B000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04129000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04142000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0414B000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0414D000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x0415A000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00500000 \SystemRoot\System32\TSDDD.dll
    0x007A0000 \SystemRoot\System32\cdd.dll
    0x04168000 \SystemRoot\system32\drivers\luafv.sys
    0x0418B000 \SystemRoot\system32\drivers\WudfPf.sys
    0x041AC000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x041C1000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0341E000 \SystemRoot\system32\drivers\HTTP.sys
    0x034E6000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x03504000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0351C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03549000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x03597000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x062A1000 \SystemRoot\system32\drivers\peauth.sys
    0x06347000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x06352000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0637F000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06391000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06200000 \SystemRoot\System32\DRIVERS\srv.sys
    0x774F0000 \Windows\System32\ntdll.dll
    0x47760000 \Windows\System32\smss.exe
    0xFF810000 \Windows\System32\apisetschema.dll
    0xFF080000 \Windows\System32\autochk.exe
    0xFF680000 \Windows\System32\urlmon.dll
    0xFF670000 \Windows\System32\lpk.dll
    0xFF5D0000 \Windows\System32\msvcrt.dll
    0xFF4C0000 \Windows\System32\msctf.dll
    0x776C0000 \Windows\System32\psapi.dll
    0xFF4A0000 \Windows\System32\imagehlp.dll
    0xFF3C0000 \Windows\System32\advapi32.dll
    0xFF3A0000 \Windows\System32\sechost.dll
    0xFF320000 \Windows\System32\difxapi.dll
    0x773F0000 \Windows\System32\user32.dll
    0xFF2D0000 \Windows\System32\Wldap32.dll
    0xFF2C0000 \Windows\System32\nsi.dll
    0xFF190000 \Windows\System32\rpcrt4.dll
    0x776B0000 \Windows\System32\normaliz.dll
    0x772D0000 \Windows\System32\kernel32.dll
    0xFF110000 \Windows\System32\shlwapi.dll
    0xFF0A0000 \Windows\System32\gdi32.dll
    0xFF000000 \Windows\System32\comdlg32.dll
    0xFEE20000 \Windows\System32\setupapi.dll
    0xFEC10000 \Windows\System32\ole32.dll
    0xFEB70000 \Windows\System32\clbcatq.dll
    0xFEB20000 \Windows\System32\ws2_32.dll
    0xFEA50000 \Windows\System32\usp10.dll
    0xFDCC0000 \Windows\System32\shell32.dll
    0xFDBE0000 \Windows\System32\oleaut32.dll
    0xFD980000 \Windows\System32\iertutil.dll
    0xFD950000 \Windows\System32\imm32.dll
    0xFD820000 \Windows\System32\wininet.dll
    0xFD780000 \Windows\System32\comctl32.dll
    0xFD760000 \Windows\System32\devobj.dll
    0xFD6F0000 \Windows\System32\KernelBase.dll
    0xFD6B0000 \Windows\System32\wintrust.dll
    0xFD540000 \Windows\System32\crypt32.dll
    0xFD500000 \Windows\System32\cfgmgr32.dll
    0xFD4F0000 \Windows\System32\msasn1.dll
    0x765C0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 45):
    0 System Idle Process
    4 System
    364 C:\Windows\System32\smss.exe
    460 csrss.exe
    532 C:\Windows\System32\wininit.exe
    540 csrss.exe
    588 C:\Windows\System32\services.exe
    604 C:\Windows\System32\lsass.exe
    612 C:\Windows\System32\lsm.exe
    644 C:\Windows\System32\winlogon.exe
    792 C:\Windows\System32\svchost.exe
    880 C:\Windows\System32\svchost.exe
    932 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    380 C:\Windows\System32\atiesrxx.exe
    412 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\audiodg.exe
    1244 C:\Windows\System32\svchost.exe
    1288 C:\Windows\System32\atieclxx.exe
    1512 C:\Windows\System32\svchost.exe
    1648 C:\Windows\System32\spoolsv.exe
    1712 C:\Windows\System32\svchost.exe
    1840 C:\Windows\System32\dwm.exe
    1920 C:\Windows\System32\taskhost.exe
    1928 C:\Windows\explorer.exe
    1536 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1796 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2096 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2372 C:\Program Files\Microsoft Security Essentials\msseces.exe
    2516 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    2748 C:\Windows\System32\svchost.exe
    2768 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
    2796 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    2808 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3052 C:\Windows\System32\SearchIndexer.exe
    1500 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2780 C:\Windows\System32\SearchProtocolHost.exe
    2680 C:\Windows\System32\SearchFilterHost.exe
    3004 WmiPrvSE.exe
    2572 C:\Windows\System32\svchost.exe
    3848 C:\Users\Black\Downloads\MBRCheck.exe
    3860 C:\Windows\System32\conhost.exe
    3904 C:\Windows\System32\dllhost.exe
    4008 dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: ST380815AS, Rev: 3.AAD

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!


    I used to have linux and windows xp dual boot before I formatted and installed Win7, if that has anything to do with the MBR.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Since you formatted, that shouldn't have any impact.

    In any case, our fix didn't work, so we'll have to use different method.

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
  7. arcing

    arcing TS Rookie Topic Starter

    --my bad just got your pm. will try again.

    Don't know if you got my PM but when after I did bootrec /FixMbr it said it was successful, and I did a restart. But, when windows was loading(when the 4 coloured 'balls' are about to converge), the computer restarts. It asks if I want to do a startup repair before windows loads.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Go for it.
     
  9. arcing

    arcing TS Rookie Topic Starter

    I got it to start up again, but not through the method you posted or the start up recovery. It seems to have worked

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 187):
    0x02A17000 \SystemRoot\system32\ntoskrnl.exe
    0x02FF3000 \SystemRoot\system32\hal.dll
    0x00BC8000 \SystemRoot\system32\kdcom.dll
    0x00CE0000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CED000 \SystemRoot\system32\PSHED.dll
    0x00D01000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E8E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F32000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F41000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F98000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FA1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00FAB000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00FDE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00FEB000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E71000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00E78000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00D5F000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00D68000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00D92000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00D9D000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00DE9000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01039000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01245000 \SystemRoot\System32\Drivers\msrpc.sys
    0x012A3000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x012BD000 \SystemRoot\System32\Drivers\cng.sys
    0x01330000 \SystemRoot\System32\drivers\pcw.sys
    0x01341000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014AB000 \SystemRoot\system32\drivers\ndis.sys
    0x0159D000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01601000 \SystemRoot\System32\drivers\tcpip.sys
    0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01475000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x0134B000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01485000 \SystemRoot\System32\Drivers\spldr.sys
    0x01397000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0148D000 \SystemRoot\System32\Drivers\mup.sys
    0x0149F000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01200000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x013D1000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x02ACA000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02AF4000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x02B21000 \SystemRoot\System32\Drivers\Null.SYS
    0x02B2A000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02B31000 \SystemRoot\System32\drivers\vga.sys
    0x02B3F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02B64000 \SystemRoot\System32\drivers\watchdog.sys
    0x02B74000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02B7D000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02B86000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02B8F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02B9A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02BAB000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02BC9000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02A00000 \SystemRoot\system32\drivers\afd.sys
    0x03810000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03855000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x0385E000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03884000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03893000 \SystemRoot\system32\DRIVERS\serial.sys
    0x038B0000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x038CB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x038DF000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x038F8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x03902000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x0390C000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0395D000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03969000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03974000 \SystemRoot\System32\drivers\discache.sys
    0x03CE9000 \SystemRoot\system32\drivers\csc.sys
    0x03D6C000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03D8A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03D9B000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03DC1000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04602000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x03AFC000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03A00000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03A46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03A6A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x03AA8000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03983000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03AB3000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03AC4000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x03AD1000 \SystemRoot\system32\DRIVERS\parport.sys
    0x03AEE000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x03CA1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03BF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03CBF000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x03CCB000 \SystemRoot\system32\DRIVERS\fet6x64.sys
    0x04DF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03CD7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03DD8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x039D9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03DEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x02A8A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x02BD6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x042A4000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x042C5000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x042DF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x042EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x042F9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x042FB000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0433E000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04350000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x043AA000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x043B5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04200000 \SystemRoot\system32\drivers\HdAudio.sys
    0x0425C000 \SystemRoot\system32\drivers\portcls.sys
    0x043CA000 \SystemRoot\system32\drivers\drmk.sys
    0x043EC000 \SystemRoot\system32\drivers\ksthunk.sys
    0x00010000 \SystemRoot\System32\win32k.sys
    0x043F2000 \SystemRoot\System32\drivers\Dxapi.sys
    0x03C4B000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x03C59000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x04299000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x03C65000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x03C78000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x03C86000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x03800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x042A2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x02BF1000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x02AB9000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004C0000 \SystemRoot\System32\TSDDD.dll
    0x006F0000 \SystemRoot\System32\cdd.dll
    0x011DC000 \SystemRoot\system32\drivers\luafv.sys
    0x02220000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02241000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02256000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0226E000 \SystemRoot\system32\drivers\HTTP.sys
    0x02336000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02354000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0236C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02399000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x036C7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x036EA000 \SystemRoot\system32\drivers\peauth.sys
    0x03790000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0379B000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0x037AB000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x037D8000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x03600000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0602B000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77000000 \Windows\System32\ntdll.dll
    0x47C80000 \Windows\System32\smss.exe
    0xFF320000 \Windows\System32\apisetschema.dll
    0xFF5F0000 \Windows\System32\autochk.exe
    0xFF2F0000 \Windows\System32\sechost.dll
    0x76EE0000 \Windows\System32\kernel32.dll
    0xFF110000 \Windows\System32\setupapi.dll
    0x771D0000 \Windows\System32\psapi.dll
    0xFF0C0000 \Windows\System32\ws2_32.dll
    0x76DE0000 \Windows\System32\user32.dll
    0xFEFE0000 \Windows\System32\advapi32.dll
    0xFEFD0000 \Windows\System32\lpk.dll
    0xFEEA0000 \Windows\System32\rpcrt4.dll
    0xFEE20000 \Windows\System32\shlwapi.dll
    0xFEDB0000 \Windows\System32\gdi32.dll
    0xFED30000 \Windows\System32\difxapi.dll
    0xFEBB0000 \Windows\System32\urlmon.dll
    0xFE950000 \Windows\System32\iertutil.dll
    0xFE8B0000 \Windows\System32\msvcrt.dll
    0xFE7E0000 \Windows\System32\usp10.dll
    0xFE5D0000 \Windows\System32\ole32.dll
    0xFE5C0000 \Windows\System32\nsi.dll
    0xFE520000 \Windows\System32\clbcatq.dll
    0xFE4D0000 \Windows\System32\Wldap32.dll
    0x771C0000 \Windows\System32\normaliz.dll
    0xFD740000 \Windows\System32\shell32.dll
    0xFD610000 \Windows\System32\wininet.dll
    0xFD570000 \Windows\System32\comdlg32.dll
    0xFD540000 \Windows\System32\imm32.dll
    0xFD520000 \Windows\System32\imagehlp.dll
    0xFD440000 \Windows\System32\oleaut32.dll
    0xFD330000 \Windows\System32\msctf.dll
    0xFD1C0000 \Windows\System32\crypt32.dll
    0xFD180000 \Windows\System32\cfgmgr32.dll
    0xFD110000 \Windows\System32\KernelBase.dll
    0xFD0D0000 \Windows\System32\wintrust.dll
    0xFD030000 \Windows\System32\comctl32.dll
    0xFD010000 \Windows\System32\devobj.dll
    0xFD000000 \Windows\System32\msasn1.dll
    0x76580000 \Windows\SysWOW64\normaliz.dll

    Processes (total 45):
    0 System Idle Process
    4 System
    364 C:\Windows\System32\smss.exe
    460 csrss.exe
    524 C:\Windows\System32\wininit.exe
    556 csrss.exe
    584 C:\Windows\System32\services.exe
    592 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    668 C:\Windows\System32\winlogon.exe
    768 C:\Windows\System32\svchost.exe
    848 C:\Windows\System32\svchost.exe
    892 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    992 C:\Windows\System32\atiesrxx.exe
    472 C:\Windows\System32\svchost.exe
    416 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\audiodg.exe
    1196 C:\Windows\System32\svchost.exe
    1312 C:\Windows\System32\svchost.exe
    1480 C:\Windows\System32\dwm.exe
    1488 C:\Windows\System32\atieclxx.exe
    1504 C:\Windows\explorer.exe
    1520 C:\Windows\System32\spoolsv.exe
    1584 C:\Windows\System32\svchost.exe
    1760 C:\Windows\System32\taskhost.exe
    1844 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1180 C:\Program Files\Microsoft Security Essentials\msseces.exe
    2024 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2192 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2228 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    2548 C:\Windows\System32\SearchIndexer.exe
    2656 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
    2676 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    2692 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2724 C:\Windows\System32\svchost.exe
    2936 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1060 C:\Windows\System32\SearchProtocolHost.exe
    1028 C:\Windows\System32\SearchFilterHost.exe
    2328 C:\Windows\System32\svchost.exe
    1884 WmiPrvSE.exe
    3220 dllhost.exe
    3684 C:\Users\Black\Downloads\MBRCheck.exe
    3692 C:\Windows\System32\conhost.exe
    3732 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: ST380815AS, Rev: 3.AAD

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Excellent!

    What exactly did you do? Did you use system restore by any chance?
     
  11. arcing

    arcing TS Rookie Topic Starter

    No It wasn't a system restore. I hit before F8 before windows login and choose repair computer, command prompt.

    Then, I copied my copy of the bcd and saved it. Created a blank bcd and imported that bcd back to overwrite my current one. Restarted the computer and it crashed saying invalid BCD. Then I booted my win7 dvd and I said repair and it repaired itself and I was able to boot again.

    edit:http://www.sevenforums.com/installation-setup/3513-bcdedit-help.html is what I followed.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    OK.

    How are the issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. arcing

    arcing TS Rookie Topic Starter

    OTL logfile created on: 03/12/2010 9:41:12 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Black\Desktop
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 74.43 Gb Total Space | 52.20 Gb Free Space | 70.13% Space Free | Partition Type: NTFS

    Computer Name: BLACK-PC | User Name: Black | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/03 09:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe
    PRC - [2010/11/30 15:10:25 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Users\Black\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/10/27 01:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2008/11/02 03:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/12/03 09:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
    SRV:64bit: - [2010/10/27 02:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/10/27 02:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 8F 23 6A 93 87 CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/18 21:44:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/19 10:08:59 | 000,000,000 | ---D | M]

    [2010/11/19 09:07:51 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\Mozilla\Extensions
    [2010/11/19 09:07:51 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\Mozilla\Firefox\Profiles\ngapt9h6.default\extensions
    [2010/11/19 10:09:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/11/19 10:09:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/11/19 10:08:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv50 - C:\Program Files (x86)\SPlayer\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/03 09:39:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe
    [2010/11/30 09:05:43 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/30 09:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/30 09:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/11/30 09:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/11/29 11:39:58 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Malwarebytes
    [2010/11/29 11:39:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/29 11:39:47 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/29 11:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/29 11:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/28 20:33:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/11/20 14:41:42 | 000,000,000 | ---D | C] -- C:\Users\Black\Desktop\Songs from AMMA's MP3
    [2010/11/19 11:31:00 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Apps
    [2010/11/19 11:28:42 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\SPlayer
    [2010/11/19 11:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SPlayer
    [2010/11/19 11:24:10 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\foobar2000
    [2010/11/19 11:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
    [2010/11/19 10:45:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2010/11/19 10:45:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2010/11/19 10:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/11/19 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/11/19 10:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2010/11/19 10:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2010/11/19 09:58:36 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Windows Live
    [2010/11/19 09:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2010/11/19 09:51:39 | 000,085,936 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
    [2010/11/19 09:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
    [2010/11/19 09:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2010/11/19 09:44:01 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Macromedia
    [2010/11/19 09:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/11/19 09:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2010/11/19 09:19:46 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2010/11/19 09:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2010/11/19 09:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/11/19 09:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2010/11/19 09:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2010/11/19 09:15:58 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Microsoft Help
    [2010/11/19 09:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2010/11/19 09:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2010/11/19 09:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2010/11/19 09:14:55 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2010/11/19 09:13:30 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\WinRAR
    [2010/11/19 09:11:28 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Adobe
    [2010/11/19 09:11:28 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Adobe
    [2010/11/19 09:08:33 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Google
    [2010/11/19 09:07:43 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Mozilla
    [2010/11/19 09:07:42 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Mozilla
    [2010/11/18 21:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
    [2010/11/18 21:47:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2010/11/18 21:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/11/18 21:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
    [2010/11/18 21:44:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2010/11/18 21:43:27 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2010/11/18 21:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/11/18 21:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2010/11/18 21:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2010/11/18 21:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2010/11/18 21:26:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2010/11/18 21:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2010/11/18 21:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2010/11/18 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Dropbox
    [2010/11/18 21:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/11/18 21:21:25 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\uTorrent
    [2010/11/18 21:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2010/11/18 18:56:16 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Diagnostics
    [2010/11/18 18:54:57 | 000,000,000 | R--D | C] -- C:\Users\Black\Searches
    [2010/11/18 18:54:57 | 000,000,000 | -H-D | C] -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2010/11/18 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Identities
    [2010/11/18 18:54:45 | 000,000,000 | R--D | C] -- C:\Users\Black\Contacts
    [2010/11/18 18:54:44 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\VirtualStore
    [2010/11/18 18:54:38 | 000,000,000 | --SD | C] -- C:\Users\Black\AppData\Roaming\Microsoft
    [2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Videos
    [2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Saved Games
    [2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Pictures
    [2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Music
    [2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Links
    [2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Favorites
    [2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Downloads
    [2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\My Documents
    [2010/11/18 18:54:38 | 000,000,000 | R--D | C] -- C:\Users\Black\Desktop
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\AppData\Local\Temporary Internet Files
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Templates
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Start Menu
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\SendTo
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Recent
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\PrintHood
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\NetHood
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Documents\My Videos
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Documents\My Pictures
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Documents\My Music
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\My Documents
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Local Settings
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\AppData\Local\History
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Cookies
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\Application Data
    [2010/11/18 18:54:38 | 000,000,000 | -HSD | C] -- C:\Users\Black\AppData\Local\Application Data
    [2010/11/18 18:54:38 | 000,000,000 | -H-D | C] -- C:\Users\Black\AppData
    [2010/11/18 18:54:38 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Temp
    [2010/11/18 18:54:38 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Local\Microsoft
    [2010/11/18 18:54:38 | 000,000,000 | ---D | C] -- C:\Users\Black\AppData\Roaming\Media Center Programs
    [2010/11/18 18:54:32 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2010/11/18 18:47:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2010/11/18 18:44:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2010/11/18 18:44:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information

    ========== Files - Modified Within 30 Days ==========

    [2010/12/03 09:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe
    [2010/12/03 09:36:53 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675623205-3675319109-3608128649-1000Core.job
    [2010/12/03 09:36:52 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675623205-3675319109-3608128649-1000UA.job
    [2010/12/03 09:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/02 18:13:44 | 000,002,401 | ---- | M] () -- C:\Users\Black\Desktop\Google Chrome.lnk
    [2010/12/02 17:59:45 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/02 17:59:45 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/02 17:56:47 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/12/02 17:56:47 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/12/02 17:56:47 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/12/02 17:52:23 | 1408,585,728 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/02 13:10:27 | 000,008,192 | ---- | M] () -- C:\bcd
    [2010/12/02 13:08:57 | 000,024,576 | ---- | M] () -- C:\savebcd
    [2010/11/30 09:05:36 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/29 11:39:52 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/28 20:33:27 | 216,982,160 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/26 10:33:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(27).DAT
    [2010/11/20 09:16:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2010/11/19 12:18:47 | 000,000,952 | ---- | M] () -- C:\Users\Black\Desktop\2010.xlsx - Shortcut.lnk
    [2010/11/19 12:18:32 | 000,000,965 | ---- | M] () -- C:\Users\Black\Desktop\work.xls - Shortcut.lnk
    [2010/11/19 11:28:39 | 000,001,031 | ---- | M] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer(Home Theater).lnk
    [2010/11/19 11:28:39 | 000,001,019 | ---- | M] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer.lnk
    [2010/11/19 11:28:39 | 000,001,007 | ---- | M] () -- C:\Users\Black\Desktop\SPlayer(Home Theater).lnk
    [2010/11/19 11:28:39 | 000,000,995 | ---- | M] () -- C:\Users\Black\Desktop\SPlayer.lnk
    [2010/11/19 11:24:02 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
    [2010/11/19 11:13:02 | 000,339,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/11/19 09:54:46 | 000,000,680 | ---- | M] () -- C:\Users\Black\Desktop\SUSEELA - Shortcut.lnk
    [2010/11/19 09:51:41 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
    [2010/11/19 09:44:31 | 000,001,268 | ---- | M] () -- C:\Users\Black\Desktop\Revo Uninstaller.lnk
    [2010/11/18 21:48:19 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    [2010/11/18 21:44:40 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\ĀµTorrent.lnk
    [2010/11/18 21:44:30 | 000,001,967 | ---- | M] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/18 21:44:30 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/18 19:21:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2010/11/18 18:55:11 | 000,001,441 | ---- | M] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/18 18:47:28 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2010/11/18 18:47:28 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2010/11/18 18:45:43 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

    ========== Files Created - No Company Name ==========

    [2010/12/02 13:10:14 | 000,008,192 | ---- | C] () -- C:\bcd
    [2010/12/02 13:08:57 | 000,024,576 | ---- | C] () -- C:\savebcd
    [2010/11/30 09:05:36 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/29 11:39:52 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/28 20:33:27 | 216,982,160 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/11/20 09:16:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2010/11/19 12:18:49 | 000,000,952 | ---- | C] () -- C:\Users\Black\Desktop\2010.xlsx - Shortcut.lnk
    [2010/11/19 12:18:34 | 000,000,965 | ---- | C] () -- C:\Users\Black\Desktop\work.xls - Shortcut.lnk
    [2010/11/19 11:28:39 | 000,001,031 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer(Home Theater).lnk
    [2010/11/19 11:28:39 | 000,001,019 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer.lnk
    [2010/11/19 11:28:39 | 000,001,007 | ---- | C] () -- C:\Users\Black\Desktop\SPlayer(Home Theater).lnk
    [2010/11/19 11:28:39 | 000,000,995 | ---- | C] () -- C:\Users\Black\Desktop\SPlayer.lnk
    [2010/11/19 11:24:02 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
    [2010/11/19 09:54:46 | 000,000,680 | ---- | C] () -- C:\Users\Black\Desktop\SUSEELA - Shortcut.lnk
    [2010/11/19 09:51:41 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
    [2010/11/19 09:44:31 | 000,001,268 | ---- | C] () -- C:\Users\Black\Desktop\Revo Uninstaller.lnk
    [2010/11/19 09:31:05 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2010/11/19 09:09:10 | 000,002,401 | ---- | C] () -- C:\Users\Black\Desktop\Google Chrome.lnk
    [2010/11/19 09:08:35 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675623205-3675319109-3608128649-1000UA.job
    [2010/11/19 09:08:34 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675623205-3675319109-3608128649-1000Core.job
    [2010/11/18 21:48:19 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    [2010/11/18 21:44:40 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\ĀµTorrent.lnk
    [2010/11/18 21:44:30 | 000,001,967 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/18 21:44:30 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/18 19:21:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2010/11/18 18:55:11 | 000,001,441 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/11/18 18:54:38 | 000,000,290 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2010/11/18 18:54:38 | 000,000,272 | ---- | C] () -- C:\Users\Black\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2010/11/18 18:45:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/11/18 18:44:06 | 1408,585,728 | -HS- | C] () -- C:\hiberfil.sys
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/11/18 21:22:44 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\Dropbox
    [2010/11/24 09:25:12 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\foobar2000
    [2010/11/19 11:30:13 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\SPlayer
    [2010/11/27 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Black\AppData\Roaming\uTorrent
    [2010/11/26 10:33:38 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA(27).DAT
    [2009/07/14 00:08:49 | 000,004,660 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(28).TXT
    [2010/11/26 11:05:56 | 000,007,692 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/02 13:10:27 | 000,008,192 | ---- | M] () -- C:\bcd
    [2010/12/02 13:10:27 | 000,005,120 | -HS- | M] () -- C:\bcd.LOG
    [2010/12/02 17:52:23 | 1408,585,728 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/02 17:52:26 | 1878,118,400 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/02 13:08:57 | 000,024,576 | ---- | M] () -- C:\savebcd
    [2010/12/02 13:08:57 | 000,021,504 | -HS- | M] () -- C:\savebcd.LOG
    [2010/12/02 13:08:57 | 000,000,000 | -HS- | M] () -- C:\savebcd.LOG1
    [2010/12/02 13:08:57 | 000,000,000 | -HS- | M] () -- C:\savebcd.LOG2

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/18 18:55:11 | 000,000,221 | -HS- | M] () -- C:\Users\Black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/03 09:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Black\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/20 09:20:39 | 000,000,402 | -HS- | M] () -- C:\Users\Black\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  14. arcing

    arcing TS Rookie Topic Starter

    whoops forgot this.


    OTL Extras logfile created on: 03/12/2010 9:41:12 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Black\Desktop
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 74.43 Gb Total Space | 52.20 Gb Free Space | 70.13% Space Free | Partition Type: NTFS

    Computer Name: BLACK-PC | User Name: Black | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "$NtUninstallMTF197$" = Street-Ads Browser Enhancer
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "foobar2000" = foobar2000 v1.1.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "PowerISO" = PowerISO
    "Revo Uninstaller" = Revo Uninstaller 1.90
    "SPlayer" = SPlayer

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 18/11/2010 7:51:17 PM | Computer Name = Black-PC | Source = Software Protection Platform Service | ID = 1017
    Description = Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=92BG3
    ACID=?
    Detailed
    Error[?]

    Error - 18/11/2010 7:54:31 PM | Computer Name = Black-PC | Source = Software Protection Platform Service | ID = 1017
    Description = Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=BBBBB
    ACID=?
    Detailed
    Error[?]

    Error - 18/11/2010 10:26:29 PM | Computer Name = Black-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 19/11/2010 11:07:04 AM | Computer Name = Black-PC | Source = MsiInstaller | ID = 11500
    Description =

    Error - 19/11/2010 11:08:22 AM | Computer Name = Black-PC | Source = MsiInstaller | ID = 1043
    Description =

    Error - 26/11/2010 12:05:46 PM | Computer Name = Black-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000feb000 Faulting process id: 0x408 Faulting
    application start time: 0x01cb8d81f159d2a0 Faulting application path: C:\Windows\system32\svchost.exe
    Faulting
    module path: unknown Report Id: 06daa509-f977-11df-9b0b-1cbdb98708c5

    [ System Events ]
    Error - 30/11/2010 10:24:04 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%861 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.95.766.0 Update Source: %%859 Update Stage:
    %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

    Current
    Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8007043c Error
    description: This service cannot be started in Safe Mode

    Error - 30/11/2010 10:48:39 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%861 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 01/12/2010 10:07:18 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%861 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 01/12/2010 10:13:47 AM | Computer Name = Black-PC | Source = RTL8167 | ID = 5008
    Description = Realtek PCIe GBE Family Controller : Has encountered an invalid network
    address.

    Error - 01/12/2010 10:14:00 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%861 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 01/12/2010 11:57:55 AM | Computer Name = Black-PC | Source = RTL8167 | ID = 5008
    Description = Realtek PCIe GBE Family Controller : Has encountered an invalid network
    address.

    Error - 01/12/2010 11:58:08 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%861 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 02/12/2010 11:31:45 AM | Computer Name = Black-PC | Source = RTL8167 | ID = 5008
    Description = Realtek PCIe GBE Family Controller : Has encountered an invalid network
    address.

    Error - 02/12/2010 11:31:49 AM | Computer Name = Black-PC | Source = Microsoft Antimalware | ID = 2004
    Description = %%861 has encountered an error trying to load signatures and will
    attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

    Error
    Code: 0x80070002 Error description: The system cannot find the file specified. Signature
    version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

    Error - 02/12/2010 6:52:25 PM | Computer Name = Black-PC | Source = RTL8167 | ID = 5008
    Description = Realtek PCIe GBE Family Controller : Has encountered an invalid network
    address.


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
      SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
      O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. arcing

    arcing TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Service KMService stopped successfully!
    Service KMService deleted successfully!
    File C:\Windows\SysNative\srvany.exe not found.
    Error: No service named KMService was found to stop!
    Service\Driver key KMService not found.
    C:\Windows\SysWOW64\srvany.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gchk deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Black
    ->Temp folder emptied: 547263 bytes
    ->Temporary Internet Files folder emptied: 7497486 bytes
    ->Java cache emptied: 1664363 bytes
    ->FireFox cache emptied: 106999277 bytes
    ->Google Chrome cache emptied: 240515163 bytes
    ->Flash cache emptied: 12966 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 42674 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
    RecycleBin emptied: 25301 bytes

    Total Files Cleaned = 341.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Black
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12032010_205821

    Files\Folders moved on Reboot...
    C:\Users\Black\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...



    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader X
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````


    ESET didn't find any threats.

    Everything seems fine, no issues with redirection or anything out of the ordinary.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  19. arcing

    arcing TS Rookie Topic Starter

    Computer is doing fine. No issues since the last time I updated you.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Black
    ->Temp folder emptied: 412577 bytes
    ->Temporary Internet Files folder emptied: 5360045 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 16319488 bytes
    ->Google Chrome cache emptied: 8346290 bytes
    ->Flash cache emptied: 611 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1578 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 29.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Black
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.17.3 log created on 12032010_215934

    Files\Folders moved on Reboot...
    C:\Users\Black\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    For the trojans, should I look at the previous logs to see if I had any? In any case, I'll change my passwords just incase.

    Thanks you very much for your help!
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...